Debian Stretch Openstack images changelog 9.9.6-20190815 Updates in 2 source package(s), 4 binary package(s): Source tzdata, binaries: tzdata:amd64 tzdata:arm64 tzdata (2019b-0+deb9u1) stretch; urgency=medium * New upstream version, affecting the following past and future timestamps: - Brazil has canceled DST and will stay on standard time indefinitely. - Predictions for Morocco now go through 2087 instead of 2037. - Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30 at 01:00. Guess future transitions to be March's last Friday at 00:00. - Many corrections to historical Hong Kong transitions from 1941 to 1947. Source linux, binaries: linux-image-4.9.0-9-amd64:amd64 linux-image-4.9.0-9-arm64:arm64 linux (4.9.168-1+deb9u5) stretch-security; urgency=high * [amd64] Add mitigation for Spectre v1 swapgs (CVE-2019-1125): - cpufeatures: Sort feature word 7 - speculation: Prepare entry code for Spectre v1 swapgs mitigations - speculation: Enable Spectre v1 swapgs mitigations - entry: Use JMP instead of JMPQ - speculation/swapgs: Exclude ATOMs from speculation through SWAPGS * [x86] xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553) - Add Breaks relation to incompatible qemu-system-x86 versions * ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt * percpu: stop printing kernel addresses (CVE-2018-5995) * scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836) * block: blk_init_allocated_queue() set q->fq as NULL in the fail case (CVE-2018-20856) * vfio/type1: Limit DMA mappings per container (CVE-2019-3882) * Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207) * siphash: add cryptographically secure PRF * inet: switch IP ID generator to siphash (CVE-2019-10638, CVE-2019-10639) * Input: gtco - bounds check collection indent level (CVE-2019-13631) * [ppc64el] tm: Fix oops on sigreturn on systems without TM (CVE-2019-13648) * floppy: fix div-by-zero in setup_format_params (CVE-2019-14284) * floppy: fix out-of-bounds read in next_valid_format * floppy: fix invalid pointer dereference in drive_name * floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283) * inet: Avoid ABI change for IP ID hash change * vhost: Fix possible infinite loop (CVE-2019-3900): - vhost-net: set packet weight of tx polling to 2 * vq size - vhost_net: use packet weight for rx handler, too - vhost_net: introduce vhost_exceeds_weight() - vhost: introduce vhost_exceeds_weight() - vhost_net: fix possible infinite loop - vhost: scsi: add weight support * vhost: Ignore ABI changes * netfilter: ctnetlink: don't use conntrack/expect object addresses as id * xen: let alloc_xenballooned_pages() fail if not enough memory free * tcp: Clear sk_send_head after purging the write queue -- Steve McIntyre <93sam@debian.org> Fri, 16 Aug 2019 10:36:26 +0200 9.9.5-20190721 Updates in 2 source package(s), 4 binary package(s): Source debian-archive-keyring, binaries: debian-archive-keyring:amd64 debian-archive-keyring:arm64 debian-archive-keyring (2017.5+deb9u1) stretch; urgency=medium * Team upload. [ Philipp Kern ] * Remove Wheezy's keys (automatic and stable release). (Closes: #901320) [ Adam D. Barratt ] * Add Vcs-* headers. * Ensure fragments for Wheezy keys are removed. [ Jonathan Wiltshire ] * Add my own key to the team-members keyring * Add Debian Stable Release key (10/buster) (ID: DCC9EFBF77E11517) (Closes: #917536) * Add Debian Archive Automatic Signing Key (10/buster) (ID: BCDDDC30D7C23CBBABEE) and Debian Security Archive Automatic Signing Key (10/buster) (ID: C5FF4DFAB270CAA96DFA) (Closes: #917535) Source linux, binaries: linux-image-4.9.0-9-amd64:amd64 linux-image-4.9.0-9-arm64:arm64 linux (4.9.168-1+deb9u4) stretch-security; urgency=high * ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272) -- Steve McIntyre <93sam@debian.org> Sun, 21 Jul 2019 15:39:50 +0100 9.9.4-20190703 Updates in 4 source package(s), 18 binary package(s): Source openssl1.0, binaries: libssl1.0.2:amd64 libssl1.0.2:arm64 openssl1.0 (1.0.2s-1~deb9u1) stretch-security; urgency=medium * New upstream version Source expat, binaries: libexpat1:amd64 libexpat1:arm64 expat (2.2.0-2+deb9u2) stretch-security; urgency=high * Fix extraction of namespace prefix from XML name (CVE-2018-20843) (closes: #931031). Source openssl, binaries: libssl1.1:amd64 openssl:amd64 libssl1.1:arm64 openssl:arm64 openssl (1.1.0k-1~deb9u1) stretch-security; urgency=medium * Import 1.1.0k - CVE-2019-1543 (Prevent over long nonces in ChaCha20-Poly1305) Source vim, binaries: vim:amd64 vim-common:amd64 vim-runtime:amd64 vim-tiny:amd64 xxd:amd64 vim:arm64 vim-common:arm64 vim-runtime:arm64 vim-tiny:arm64 xxd:arm64 vim (2:8.0.0197-4+deb9u3) stretch-security; urgency=medium * Backport patch 8.1.0067 to fix loss of syntax highlighting (Closes: #930718) + 8.1.0067: syntax highlighting not working when re-entering a buffer vim (2:8.0.0197-4+deb9u2) stretch-security; urgency=high * Backport patches to address CVE-2019-12735 (Closes: #930020) + 8.0.0649: when opening a help file the filetype is set several times + 8.0.0651: build failure without the auto command feature + 8.1.0066: nasty autocommand causes using freed memory + 8.1.0177: defining function in sandbox is inconsistent + 8.1.0189: function defined in sandbox not tested + 8.1.0205: invalid memory access with invalid modeline + 8.1.0206: duplicate test function name + 8.1.0208: file left behind after running individual test + 8.1.0506: modelinen test fails when run by root + 8.1.0538: evaluating a modeline might invoke using a shell command + 8.1.0539: cannot build without the sandbox + 8.1.0540: may evaluate insecure value when appending to option + 8.1.0544: setting 'filetype' in a modeline causes an error + 8.1.0546: modeline test with keymap fails + 8.1.0547: modeline test with keymap still fails + 8.1.0613: when executing an insecure function the secure flag is stuck + 8.1.1046: the "secure" variable is used inconsistently + 8.1.1365: source command doesn't check for the sandbox + 8.1.1366: using expressions in a modeline is unsafe + 8.1.1367: can set 'modelineexpr' in modeline + 8.1.1368: modeline test fails with python but without pythonhome + 8.1.1382: error when editing test files + 8.1.1401: misspelled mkspellmem and makespellmem * gbp.conf: Set debian-branch to debian/stretch * gbp.conf: Set upstream-tag to v%(version)s -- Steve McIntyre <93sam@debian.org> Wed, 03 Jul 2019 23:38:40 +0100 9.9.3-20190618 Updates in 1 source package(s), 2 binary package(s): Source linux, binaries: linux-image-4.9.0-9-amd64:amd64 linux-image-4.9.0-9-arm64:arm64 linux (4.9.168-1+deb9u3) stretch-security; urgency=high [ Salvatore Bonaccorso ] * tcp: limit payload size of sacked skbs (CVE-2019-11477) * tcp: tcp_fragment() should apply sane memory limits (CVE-2019-11478) * tcp: add tcp_min_snd_mss sysctl (CVE-2019-11479) * tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() * tcp: fix fack_count accounting on tcp_shift_skb_data() [ Ben Hutchings ] * tcp: Avoid ABI change for DoS fixes * mm/mincore.c: make mincore() more conservative (CVE-2019-5489) * brcmfmac: add length checks in scheduled scan result handler * brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500) * brcmfmac: add subtype check for event handling in data path (CVE-2019-9503) * tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) * coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). (CVE-2019-11815) (Closes: #928989) * ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833) * Bluetooth: hidp: fix buffer overflow (CVE-2019-11884) * mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846) * mwifiex: Abort at too short BSS descriptor element * mwifiex: Don't abort on small, spec-compliant vendor IEs * mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126) -- Steve McIntyre <93sam@debian.org> Tue, 18 Jun 2019 14:38:40 +0100 9.9.2-20190614 Updates in 2 source package(s), 6 binary package(s): Source qemu, binaries: qemu-utils:amd64 qemu-utils:arm64 qemu (1:2.8+dfsg-6+deb9u7) stretch-security; urgency=medium * Fix the md_clear backport, thanks to Vincent Tondellier (Closes: #929067) qemu (1:2.8+dfsg-6+deb9u6) stretch-security; urgency=medium [ Moritz Mühlenhoff ] * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch (Closes: #901017, CVE-2018-11806) * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch (Closes: #902725, CVE-2018-12617) * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch (Closes: #916397, CVE-2018-16872) * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch (Closes: #911499, CVE-2018-17958) * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch (Closes: #912535, CVE-2018-18849) * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch (Closes: #914604, CVE-2018-18954) * 9p-write-lock-path-in-v9fs-co_open2.patch 9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch (Closes: #914599, CVE-2018-19364) * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch (Closes: #914727, CVE-2018-19489) * i2c-ddc-fix-oob-read-CVE-2019-3812.patch (Closes: #922635, CVE-2019-3812) * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch (Closes: #921525, CVE-2019-6778) * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch (Closes: CVE-2019-9824) [ Michael Tokarev ] * enable-md-clear.patch define new CPUID for MDS (Closes: #929067) (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) * qxl-check-release-info-object-CVE-2019-12155.patch fixes null-pointer deref in qxl cleanup code (Closes: #929353, CVE-2019-12155) Source dbus, binaries: dbus:amd64 libdbus-1-3:amd64 dbus:arm64 libdbus-1-3:arm64 dbus (1.10.28-0+deb9u1) stretch-security; urgency=medium * New upstream stable release - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. - Prevent reading up to 3 bytes beyond the end of a truncated message. This could in principle be an information leak or denial of service on the system bus, but is not believed to be exploitable to crash the system bus or leak interesting information in practice. - Stop the dbus-daemon leaking memory (an error message) if delivering the message that triggered auto-activation is forbidden. This is technically a denial of service because the dbus-daemon will run out of memory eventually, but it's a very slow and noisy one, because all the rejected messages are also very likely to have been logged to the system log, and its scope is typically limited by the finite number of activatable services available. - Remove __attribute__((__malloc__)) attribute on dbus_realloc(), which does not meet the criteria for that attribute in gcc 4.7+, potentially leading to miscompilation. - Fix build with gcc 8 -Werror=cast-function-type - Fix warning from gcc 8 about suspicious use of strncpy() when populating struct sockaddr_un - Fix installation of Ducktype documentation with newer yelp-build versions * d/control: Update Vcs-Git, Vcs-Browser -- Steve McIntyre <93sam@debian.org> Fri, 14 Jun 2019 12:07:14 +0100 9.9.1-20190515 Updates in 2 source package(s), 6 binary package(s): Source linux, binaries: linux-image-4.9.0-9-amd64:amd64 linux-image-4.9.0-9-arm64:arm64 linux (4.9.168-1+deb9u2) stretch-security; urgency=high [ Salvatore Bonaccorso ] * Revert "block/loop: Use global lock for ioctl() operation." (Closes: #928125) linux (4.9.168-1+deb9u1) stretch-security; urgency=high * [x86] Update speculation mitigations: - x86/MCE: Save microcode revision in machine check records - x86/cpufeatures: Hide AMD-specific speculation flags - x86/bugs: Add AMD's variant of SSB_NO - x86/bugs: Add AMD's SPEC_CTRL MSR usage - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR - x86/microcode/intel: Add a helper which gives the microcode revision - x86/microcode/intel: Check microcode revision before updating sibling threads - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date - x86/microcode: Update the new microcode revision unconditionally - x86/mm: Use WRITE_ONCE() when setting PTEs - bitops: avoid integer overflow in GENMASK(_ULL) - x86/speculation: Simplify the CPU bug detection logic - locking/atomics, asm-generic: Move some macros from to a new file - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation - x86/cpu: Sanitize FAM6_ATOM naming - Documentation/l1tf: Fix small spelling typo - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - x86/speculation: Propagate information about RSB filling mitigation to sysfs - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off - x86/speculation: Update the TIF_SSBD comment - x86/speculation: Clean up spectre_v2_parse_cmdline() - x86/speculation: Remove unnecessary ret variable in cpu_show_common() - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() - x86/speculation: Disable STIBP when enhanced IBRS is in use - x86/speculation: Rename SSBD update functions - x86/speculation: Reorganize speculation control MSRs update - x86/Kconfig: Select SCHED_SMT if SMP enabled - sched: Add sched_smt_active() - x86/speculation: Rework SMT state change - x86/l1tf: Show actual SMT state - x86/speculation: Reorder the spec_v2 code - x86/speculation: Mark string arrays const correctly - x86/speculataion: Mark command line parser data __initdata - x86/speculation: Unify conditional spectre v2 print functions - x86/speculation: Add command line control for indirect branch speculation - x86/speculation: Prepare for per task indirect branch speculation control - x86/process: Consolidate and simplify switch_to_xtra() code - x86/speculation: Avoid __switch_to_xtra() calls - x86/speculation: Prepare for conditional IBPB in switch_mm() - x86/speculation: Split out TIF update - x86/speculation: Prepare arch_smt_update() for PRCTL mode - x86/speculation: Prevent stale SPEC_CTRL msr content - x86/speculation: Add prctl() control for indirect branch speculation - x86/speculation: Enable prctl mode for spectre_v2_user - x86/speculation: Add seccomp Spectre v2 user space protection mode - x86/speculation: Provide IBPB always command line options - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - Documentation: Move L1TF to separate directory - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option - x86/speculation/mds: Add 'mitigations=' support for MDS - x86/cpu/bugs: Use __initconst for 'const' init data * [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091): - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/mds: Add MDSUM variant to the MDS documentation - Documentation: Correct the possible MDS sysfs values - x86/speculation/mds: Fix documentation typo * [x86] msr-index: Remove dependency on * [rt] Update patches to apply on top of the speculation mitigation changes * [x86] mce, tlb: Ignore ABI changes Source bind9, binaries: libdns-export162:amd64 libisc-export160:amd64 libdns-export162:arm64 libisc-export160:arm64 bind9 (1:9.10.3.dfsg.P4-12.3+deb9u5) stretch-security; urgency=high [ Marc Deslauriers (Ubuntu) ] * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) [ Ondřej Surý ] * Sync Maintainer and Uploaders with unstable * [CVE-2019-6465]: Zone transfer for DLZs are executed though not permitted by ACLs. (Closes: #922955) * [CVE-2018-5745]: Avoid assertion and thus causing named to deliberately exit when a trust anchor's key is replaced with a key which uses an unsupported algorithm. (Closes: #922954) -- Steve McIntyre <93sam@debian.org> Wed, 15 May 2019 15:33:17 +0100 9.9.0 First build for 9.9.0 release -- Steve McIntyre <93sam@debian.org> Sat, 27 Apr 2019 19:40:54 +0100