Freenix Wiki

rxvt-2.7.10: Rebuilt. Patched an integer overflow that can crash rxvt with an escape sequence, or possibly have unspecified other impact. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7483 (Security fix)

xfce4-weather-plugin-0.8.9: Upgraded. Package upgraded to fix the API used to fetch weather data. Thanks to Robby Workman.

getmail-4.54.0: Upgraded. This is a bugfix release to fix a failure to retrieve HTML formatted emails that contain a line longer than 1024 characters. Thanks to Edward Trumbo.

ntp-4.2.8p10: Upgraded. In addition to bug fixes and enhancements, this release fixes security issues of medium and low severity:

• Denial of Service via Malformed Config (Medium)
• Authenticated DoS via Malicious Config Option (Medium)
• Potential Overflows in ctl_put() functions (Medium)
• Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)
• 0rigin DoS (Medium)
• Buffer Overflow in DPTS Clock (Low)
• Improper use of snprintf() in mx4200_send() (Low)
• The following issues do not apply to Linux systems:
• Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)
• Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)
• Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)

For more information, see:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459

(Security fix)

proftpd-1.3.5e: Upgraded. This release fixes a security issue: AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418 (Security fix)

minicom-2.7.1: Upgraded. Fix an out of bounds data access that can lead to remote code execution. This issue was found by Solar Designer of Openwall during a security audit of the Virtuozzo 7 product, which contains derived downstream code in its prl-vzvncserver component. For more information, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467 (Security fix)

bind-9.10.4: Upgraded. Fixed denial of service security issues. For more information, see:

• https://kb.isc.org/article/AA-01465
• https://kb.isc.org/article/AA-01466
• https://kb.isc.org/article/AA-01471
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138

(Security fix)

libtiff-4.0.7: : Upgraded. This release contains security fixes and improvements. For more information, see:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3622
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5652
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5875
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9273
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9448

(Security fix)

samba-4.4.13: Upgraded. This is a bug fix release to address a regression introduced by the security fixes for CVE-2017-2619 (Symlink race allows access outside share definition). Please see https://bugzilla.samba.org/show_bug.cgi?id=12721 for details.

mariadb-10.0.30: Upgraded. This update fixes security issues: Crash in libmysqlclient.so. Difficult to exploit vulnerability allows low privileged attacker with logon to compromise the server. Successful attacks of this vulnerability can result in unauthorized access to data. For more information, see:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313

(Security fix)

glibc-zoneinfo-2017b: Upgraded. This package provides the latest timezone updates.

mcabber-1.0.5: Upgraded. This update fixes a security issue: An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5604 (Security fix)

samba-4.4.12: Upgraded. This update fixes a security issue: All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619 (Security fix)

glibc-zoneinfo-2017a: Upgraded. This package provides the latest timezone updates.

libcgroup-0.41: Rebuilt. This is a bugfix package update. Fixed rc.cgred to source the correct config file. Don't remove the entire cgroup file system with “rc.cgconfig stop”. Thanks to chris.willing. NOTE: Be sure to install any .new config files.

pidgin-2.12.0: Upgraded. This update fixes a minor security issue (out of bounds memory read in purple_markup_unescape_entity). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2640 (Security fix)

R-3.3.3, icecat-45.7.0: Upgraded.

murrine, murrine-themes: Added to FXP.

libreoffice 2.3: Added to FXP.

nted (NoteEdit): Added to FXP.

SDL2, SDL2_image, physfs, supertux: Added to FXP.

nethack-3.6.0, fontforge-20150824: Added to FXP.

Fixed up output formatting in freepkg, which is now ready for testing; please let us know if you have comments, feature requests, or package requests.

meld3, gtksourceview3, glade: Added to FXP.

14.2 kernel upgrade 4.4.29 → 4.4.38

icecat-45.5.1: Upgraded.

14.1 kernel upgrade 3.10.103 → 3.10.104

14.2 kernel upgrade 4.4.19 → 4.4.29

linux-libre-image 4.4.27 fixes Dirty COW (CVE-2016-5195)

14.1 kernel upgrade 3.10.17 → 3.10.103

14.2 kernel upgrade 4.4.14 → 4.4.19

Purged non-free font-bh-ttf and font-bh-type1 from the main repository.

icecat-38.8.0: Rebuilt to avoid unidentified crashes on some CPUs.