Tue Dec 23 00:05:23 UTC 2014
a/kernel-generic-3.14.27-x86_64-1.txz: Upgraded.
a/kernel-huge-3.14.27-x86_64-1.txz: Upgraded.
a/kernel-modules-3.14.27-x86_64-1.txz: Upgraded.
ap/vim-7.4.560-x86_64-1.txz: Upgraded.
d/kernel-headers-3.14.27-x86-1.txz: Upgraded.
k/kernel-source-3.14.27-noarch-1.txz: Upgraded.
l/libusb-1.0.19-x86_64-1.txz: Upgraded.
l/libusb-compat-0.1.5-x86_64-1.txz: Upgraded.
n/ntp-4.2.8-x86_64-1.txz: Upgraded.
In addition to bug fixes and enhancements, this release fixes
several high-severity vulnerabilities discovered by Neel Mehta
and Stephen Roettger of the Google Security Team.
For more information, see:
https://www.kb.cert.org/vuls/id/852879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
(* Security fix *)
n/php-5.4.36-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
#68545 (NULL pointer dereference in unserialize.c).
#68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
#68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
(* Security fix *)
x/libdrm-2.4.58-x86_64-1.txz: Upgraded.
x/libvdpau-0.9-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/mesa-10.3.5-x86_64-1.txz: Upgraded.
x/xorg-server-1.15.2-x86_64-3.txz: Rebuilt.
This update fixes many security issues discovered by Ilja van Sprundel,
a security researcher with IOActive.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
(* Security fix *)
x/xorg-server-xephyr-1.15.2-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-1.15.2-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-1.15.2-x86_64-3.txz: Rebuilt.
xap/MPlayer-1.1_20130819-x86_64-3.txz: Rebuilt.
Recompiled with support for libvdpau.
xap/vim-gvim-7.4.560-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/source/config-testing-3.18.1/*: Added.
usb-and-pxe-installers/usbboot.img: Rebuilt.