WebKitGTK 2.33.91 released!

WebKitGTK 2.33.91 is available for download at:
webkitgtk.org/releases/webkitgtk-2.33.91.tar.xz (23.8MB) md5sum: be0314fc3cc3ad52894163d60c9a78e6 sha1sum: b87b094b65a219d219aff73837931d97db7317ec sha256sum: e9d35b91ad1785cc4476d00c23511e5e21663b838531f60f3918d04ec21c92f0
This is a development release leading toward 2.34 series.
What’s new in the WebKitGTK 2.33.91 release? ============================================
– Use the right display refresh monitor for animations in accelerated compositng mode. – Fix several issues in JavaScriptCore on 32bit systems. – Prefer python3 over python2 in CMake.
What is WebKitGTK? ==================
WebKitGTK is the GNOME platform port of the WebKit rendering engine. Offering WebKit’s full functionality through a set of GObject-based APIs, it is suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
More information ================
If you want to know more about the project or get in touch with us you may:
– Visit our website at www.webkitgtk.org or the upstream site at www.webkit.org – people interested in contributing should read: www.webkit.org/coding/contributing.html.
– Browse the bug list at bugs.webkit.org WebKitGTK bugs are typically prefixed by “[GTK].” A bug report with a minimal, reproducible test case is often just as valuable as a patch.
– Join the #webkitgtk IRC channel at irc.gnome.org or on Matrix at #webkitgtk:matrix.org.
– Subscribe to the WebKitGTK mailing list, lists.webkit.org/mailman/listinfo/webkit-gtk or the WebKit development mailing list, lists.webkit.org/mailman/listinfo/webkit-dev
Thanks ======
Thanks to all the contributors who made possible this release, they are far too many to list!
The WebKitGTK team, September 17, 2021

WebKitGTK 2.32.4 released!

WebKitGTK 2.32.4 is available for download at:
webkitgtk.org/releases/webkitgtk-2.32.4.tar.xz (22.2MB) md5sum: 51a167e5d03bacf30c5c588e6aa23143 sha1sum: f7255ffb488e727e9e250e0dae9f192266f50f01 sha256sum: 00ce2d3f798d7bc5e9039d9059f0c3c974d51de38c8b716f00e94452a177d3fd
This is a bug fix release in the stable 2.32 series.
What’s new in the WebKitGTK 2.32.4 release? ===========================================
– Do not append .asc extension to downloaded text/plain files. – Fix several crashes and rendering issues.
What is WebKitGTK? ==================
WebKitGTK is the GNOME platform port of the WebKit rendering engine. Offering WebKit’s full functionality through a set of GObject-based APIs, it is suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
More information ================
If you want to know more about the project or get in touch with us you may:
– Visit our website at www.webkitgtk.org or the upstream site at www.webkit.org – people interested in contributing should read: www.webkit.org/coding/contributing.html.
– Browse the bug list at bugs.webkit.org WebKitGTK bugs are typically prefixed by “[GTK].” A bug report with a minimal, reproducible test case is often just as valuable as a patch.
– Join the #webkitgtk IRC channel at irc.gnome.org or on Matrix at #webkitgtk:matrix.org.
– Subscribe to the WebKitGTK mailing list, lists.webkit.org/mailman/listinfo/webkit-gtk or the WebKit development mailing list, lists.webkit.org/mailman/listinfo/webkit-dev
Thanks ======
Thanks to all the contributors who made possible this release, they are far too many to list!
The WebKitGTK team, September 17, 2021

[USN-5073-2] Linux kernel (GCP) vulnerabilities

========================================================================== Ubuntu Security Notice USN-5073-2 September 17, 2021
linux-gcp, linux-gcp-4.15 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS – Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: – linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems – linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host’s physical memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. (CVE-2021-3653)
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693)
Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612)
It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: linux-image-4.15.0-1108-gcp 4.15.0-1108.122 linux-image-gcp-lts-18.04 4.15.0.1108.127
Ubuntu 16.04 ESM: linux-image-4.15.0-1108-gcp 4.15.0-1108.122~16.04.1 linux-image-gcp 4.15.0.1108.109 linux-image-gke 4.15.0.1108.109
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5073-2 ubuntu.com/security/notices/USN-5073-1 CVE-2021-34693, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656, CVE-2021-38160
Package Information: launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1108.122

[Checkmk Announce] New Checkmk stable release 2.0.0p11

Dear friends of Checkmk,
the new stable release 2.0.0p11 of Checkmk is ready for download.
This maintenance release ships with 3 changes affecting all editions of Checkmk, 2 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.
This release is a hot fix release for the 2.0.0p10 we released yesterday. In this release a linux agent update of an Checkmk agent run by systemd restarted the multi-user.target, which can lead to undesired side effects on the monitored system (such as restarts of unrelated services). In case you did not experience any issues during agent updates to 2.0.0p10, you are not affected by this issue. However, we recommend to update to 2.0.0p11.
Changes in all Checkmk Editions:
Checks & agents: * 13217 FIX: Agent updater and systemd: Do not restart ‘multi-user.target’
Core & setup: * 12959 FIX: contact group host attribute in REST API NOTE: Please refer to the migration notes!
User interface: * 13152 FIX: Crash reports could not be submitted
Changes in the Checkmk Enterprise Edition:
Dynamic host configuration: * 12853 FIX: Dynamic host configuration: Fix exception when displaying the execution history
User interface: * 13151 FIX: Don’t crash if SLAs are displayed in views
Changes in the Checkmk Managed Services Edition:

You can download Checkmk from our download page: * checkmk.com/download.php
Please mail bug reports and qualified feedback to feedback@checkmk.com. We greatly thank you for using Checkmk and wish you a successful monitoring,
Your Checkmk Team

[USN-5083-1] Python vulnerabilities

========================================================================== Ubuntu Security Notice USN-5083-1 September 16, 2021
python3.4, python3.5 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Python.
Software Description: – python3.5: An interactive high-level object-oriented language – python3.4: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733)
It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3737)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: python3.5 3.5.2-2ubuntu0~16.04.13+esm1 python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm1
Ubuntu 14.04 ESM: python3.4 3.4.3-1ubuntu1~14.04.7+esm11 python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm11
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5083-1 CVE-2021-3733, CVE-2021-3737

[USN-5081-1] Qt vulnerabilities

========================================================================== Ubuntu Security Notice USN-5081-1 September 16, 2021
qtbase-opensource-src vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Qt.
Software Description: – qtbase-opensource-src: Qt 5 libraries
Details:
It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2020-17507)
It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. (CVE-2021-38593)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: libqt5core5a 5.9.5+dfsg-0ubuntu2.6 libqt5gui5 5.9.5+dfsg-0ubuntu2.6
After a standard system update you need to restart your session to make all the necessary changes.
References: ubuntu.com/security/notices/USN-5081-1 CVE-2020-17507, CVE-2021-38593
Package Information: launchpad.net/ubuntu/+source/qtbase-opensource-src/5.9.5+dfsg-0ubuntu2.6

[USN-5071-2] Linux kernel (HWE) vulnerabilities

========================================================================== Ubuntu Security Notice USN-5071-2 September 16, 2021
linux-hwe-5.4 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: – linux-hwe-5.4: Linux hardware enablement (HWE) kernel
Details:
USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 20.04 LTS for Ubuntu 18.04 LTS.
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host’s physical memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. (CVE-2021-3653)
It was discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not ensure enough processing time was given to perform cleanups of large SEV VMs. A local attacker could use this to cause a denial of service (soft lockup). (CVE-2020-36311)
It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543)
Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: linux-image-5.4.0-84-generic 5.4.0-84.94~18.04.1 linux-image-5.4.0-84-generic-lpae 5.4.0-84.94~18.04.1 linux-image-5.4.0-84-lowlatency 5.4.0-84.94~18.04.1 linux-image-generic-hwe-18.04 5.4.0.84.94~18.04.75 linux-image-generic-lpae-hwe-18.04 5.4.0.84.94~18.04.75 linux-image-lowlatency-hwe-18.04 5.4.0.84.94~18.04.75 linux-image-oem 5.4.0.84.94~18.04.75 linux-image-oem-osp1 5.4.0.84.94~18.04.75 linux-image-snapdragon-hwe-18.04 5.4.0.84.94~18.04.75 linux-image-virtual-hwe-18.04 5.4.0.84.94~18.04.75
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5071-2 ubuntu.com/security/notices/USN-5071-1 CVE-2020-36311, CVE-2021-22543, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656
Package Information: launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-84.94~18.04.1

[USN-5082-1] Linux kernel (OEM) vulnerabilities

========================================================================== Ubuntu Security Notice USN-5082-1 September 16, 2021
linux-oem-5.13 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: – linux-oem-5.13: Linux kernel for OEM systems
Details:
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host’s physical memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. (CVE-2021-3653)
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.13.0-1012-oem 5.13.0-1012.16 linux-image-oem-20.04c 5.13.0.1012.16
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5082-1 CVE-2021-3609, CVE-2021-3653, CVE-2021-3656
Package Information: launchpad.net/ubuntu/+source/linux-oem-5.13/5.13.0-1012.16

[USN-5080-2] Libgcrypt vulnerabilities

========================================================================== Ubuntu Security Notice USN-5080-2 September 16, 2021
libgcrypt20 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 ESM
Summary:
Libgcrypt could be made to expose sensitive information.
Software Description: – libgcrypt20: LGPL Crypto library
Details:
USN-5080-1 fixed several vulnerabilities in Libgcrypt. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: libgcrypt20 1.6.5-2ubuntu0.6+esm1
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5080-2 ubuntu.com/security/notices/USN-5080-1 CVE-2021-33560, CVE-2021-40528

[CentOS-announce] CESA-2021:3494 Important CentOS 7 thunderbird Security Update

CentOS Errata and Security Advisory 2021:3494 Important
Upstream details at : access.redhat.com/errata/RHSA-2021:3494
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 6576a71997c6b88e455bd9405164a03375ea03ef6dfbfc8c070d29e8de1f5324 thunderbird-78.14.0-1.el7.centos.x86_64.rpm
Source: a665cfdccc33a1c6f201f2415c355de3304c5d27dadafae35c6024b1aef78d3d thunderbird-78.14.0-1.el7.centos.src.rpm

[CentOS-announce] CESA-2021:3498 Important CentOS 7 firefox Security Update

CentOS Errata and Security Advisory 2021:3498 Important
Upstream details at : access.redhat.com/errata/RHSA-2021:3498
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 4612dc1b815321d8acda2baafa9107d32d2e88453f1c98a341c59936db87f826 firefox-78.14.0-1.el7.centos.i686.rpm 2a94cd35eaf2c096188c8f30e38bb1ae656122294b6b2f692f185e9533bf7f02 firefox-78.14.0-1.el7.centos.x86_64.rpm
Source: 1b67eb61bf90f5bbe27b53c44458b1b9d071ce838d11828082ce2000c7e45ecd firefox-78.14.0-1.el7.centos.src.rpm

[USN-5080-1] Libgcrypt vulnerabilities

========================================================================== Ubuntu Security Notice USN-5080-1 September 16, 2021
libgcrypt20 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Libgcrypt could be made to expose sensitive information.
Software Description: – libgcrypt20: LGPL Crypto library
Details:
It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: libgcrypt20 1.8.7-2ubuntu2.1
Ubuntu 20.04 LTS: libgcrypt20 1.8.5-5ubuntu1.1
Ubuntu 18.04 LTS: libgcrypt20 1.8.1-4ubuntu1.3
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5080-1 CVE-2021-33560, CVE-2021-40528
Package Information: launchpad.net/ubuntu/+source/libgcrypt20/1.8.7-2ubuntu2.1 launchpad.net/ubuntu/+source/libgcrypt20/1.8.5-5ubuntu1.1 launchpad.net/ubuntu/+source/libgcrypt20/1.8.1-4ubuntu1.3

[Checkmk Announce] New Checkmk stable release 2.0.0p10

Dear friends of Checkmk,
the new stable release 2.0.0p10 of Checkmk is ready for download.
This maintenance release ships with 70 changes affecting all editions of Checkmk, 11 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.

Changes in all Checkmk Editions:
BI: * 12664 FIX: BI “Aggregation group” now shows simple aggregation groups again * 13233 FIX: BI: Fix missing comment fields, add show more mode
Checks & agents: * 13123 cisco_wlc, cisco_wlc_clients: add support for Cisco Aironet 2800 * 13206 FRITZ!Box special agent: Display operating system * 13147 cisco_wlc, cisco_wlc_clients: add support for Aironet 1815 devices * 13064 proxmox_ve_vm_snapshot_age: new check to monitor the age of proxmox snapshots * 13204 FIX: emc_isilon_iops: Fix for 0 operations/s * 12931 FIX: mk_docker: Fix crash in mk_docker agent for Python2 * 13205 FIX: mtr: Fix performance graphs * 13211 FIX: Fix ‘only from’ monitoring in Check_MK services for systemd hosts * 13119 FIX: Interface checks: Do not use discovered state and speed in cluster mode * 13121 FIX: Linux agent: Produce ntp section on additional systems (eg. Slackware) * 13029 FIX: Local check with expired cache is now stale * 13120 FIX: MTR agent plugin: Make usable with Python 3 * 12305 FIX: Silence unnecessary log entries on SNMP errors * 13181 FIX: agent_cisco_prime: invalid agent arguments * 13184 FIX: agent_netapp: Fix unhandled error “TypeError” causing the agent to break * 13162 FIX: check_mk_active: fix “AttributeError: ‘NoneType’ object has no attribute ‘split’ * 12907 FIX: check_mk_agent: Fix issues with systemd * 12930 FIX: check_mk_agent: Major Python version checked * 12929 FIX: cmk_site_statistics: Fixed crash when livestatus empty * 13149 FIX: isstore, isclienttype: fix performance problems * 13251 FIX: netapp_api_temp: crash on access to non-existing key ‘temp-sensor-current-temperature’ * 13213 FIX: real-time-checks: fix decryption if agent encryption is enabled * 13187 FIX: systemd_units_services_summary: incorrect activating/reloading period shown in service * 13271 FIX: timesyncd increase warn default level for last synchronisation period * 13138 FIX: timesyncd: Crash (Cannot render negative timespan) * 13118 FIX: sentry_pdu, raritan_pdu_plugs: Fix parameter handling NOTE: Please refer to the migration notes! * 13146 FIX: chrony: warn if synchronization is lost NOTE: Please refer to the migration notes!
Core & setup: * 13035 FIX: REST API host attribute management protocol * 13158 FIX: REST API: fixing folder show endpoints when folder has network scan option configured * 13036 FIX: REST API: host & folder config: fixed remove_attributes * 13038 FIX: REST API: title should be optional on update * 13157 FIX: REST-API: fixing httpie doc examples * 12958 FIX: add validation for custom tags to REST API
Notifications: * 13115 FIX: Fix UnicodeDecodeError on fallback notifications * 13114 FIX: Fix missing notification result in log history on direct local delivery
Other components: * 11816 FIX: pykerberos build under SLES*
Setup: * 13159 Change displayed signature keys’ digest to fingerprint * 13068 SEC: Fix XSS in Graph * 13070 SEC: Fix XSS in edit roles * 13069 SEC: Fix file path manipulation * 13067 SEC: Fix path traversal vulnerability * 13004 FIX: Fix audit log export to contain only csv data * 13104 FIX: Fix duplicated warnings while activating pending changes * 13238 FIX: Fix possible core restart of remote sites on every activating of changes * 13034 FIX: Network scan for folders did not show all criticality tags
Site management: * 13201 FIX: omd cleanup: Skip default version
User interface: * 13148 SEC: Fix stored XSS in description fields * 12843 FIX: Fix GUI profiling not enabled immediately * 13108 FIX: Fix NotADirectoryError on user profile cleanup background job * 12520 FIX: Fix broken inventory tables * 13232 FIX: Fix error in views if display option ‘t’ is used * 13099 FIX: Fix link to user guide in page menu * 13100 FIX: Fix missing context while saving customized visuals * 13109 FIX: Fix missing rows in builtin view “Unmonitored services” * 13111 FIX: Fix painter “Service notification number” * 13239 FIX: Fix possibility to activate changes in read only mode * 13236 FIX: Fix reload of graphs if page update countdown is stopped * 13231 FIX: Fix source of painter “Docker node” * 13234 FIX: Fix validation of label keys in ruleset conditions * 13105 FIX: Fix visualization of tags and labels in rule conditions * 13183 FIX: Fixed steadily rising CPU due to misconfiguration when cloning builtin dashboards * 13107 FIX: HW/SW Inventory: Fix missing icon for packages * 13098 FIX: Honor locally defined config variables * 13110 FIX: LDAP: Fix MKLDAPException if “User-ID attribute” is not lower case * 13141 FIX: Translation of custom localizable texts * 12980 FIX: check_http: Fix escaping of URL if “Clickable URLs” option is used * 13106 FIX: Fix missing spaces on CSV and JSON export of views * 13237 FIX: Validate input for recurring downtimes on “same day of the month” NOTE: Please refer to the migration notes!
Changes in the Checkmk Enterprise Edition:
Agent bakery: * 13127 Provide caller’s IP in web.log for errors arising from agent updater requests
Checks & agents: * 12910 FIX: Check_MK and Check_MK Discovery: clarify SNMP timeout message * 13212 FIX: real-time-checks: fix deployment via bakery
Notifications: * 13103 FIX: Fix missing timeout on first connection * 13102 FIX: ServiceNow: Improve exception handling
Reporting & availability: * 13235 FIX: Fix missing context if “Add context information to title” is used
Setup: * 13122 MRPE agent bakery rule: allow more characters in service descriptions
User interface: * 13137 Bar Chart Dashlet: Add possibility to set limits to x-axis * 13101 FIX: Agent bakery: Fix reset of conditions while toggling master switch * 13113 FIX: Fix missing option to modify refresh interval * 13140 FIX: Random order of combined graphs
Changes in the Checkmk Managed Services Edition:

You can download Checkmk from our download page: * checkmk.com/download.php
Please mail bug reports and qualified feedback to feedback@checkmk.com. We greatly thank you for using Checkmk and wish you a successful monitoring,
Your Checkmk Team

[USN-5078-2] Squashfs-Tools vulnerabilities

========================================================================== Ubuntu Security Notice USN-5078-2 September 15, 2021
squashfs-tools vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 ESM
Summary:
Squashfs-Tools could be made to overwrite files.
Software Description: – squashfs-tools: Tools to create and modify squashfs filesystems
Details:
USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-40153)
Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. (CVE-2021-41072)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: squashfs-tools 1:4.3-3ubuntu2.16.04.3+esm1
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5078-2 ubuntu.com/security/notices/USN-5078-1 CVE-2021-40153, CVE-2021-41072

[USN-5079-2] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-5079-2 September 15, 2021
curl vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in curl.
Software Description: – curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946)
Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm1 libcurl3 7.47.0-1ubuntu2.19+esm1 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm1 libcurl3-nss 7.47.0-1ubuntu2.19+esm1
Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm8 libcurl3 7.35.0-1ubuntu2.20+esm8 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm8 libcurl3-nss 7.35.0-1ubuntu2.20+esm8
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5079-2 ubuntu.com/security/notices/USN-5079-1 CVE-2021-22946, CVE-2021-22947

[USN-5079-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-5079-1 September 15, 2021
curl vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: – curl: HTTP, HTTPS, and FTP client and client libraries
Details:
It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945)
Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946)
Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: curl 7.74.0-1ubuntu2.3 libcurl3-gnutls 7.74.0-1ubuntu2.3 libcurl3-nss 7.74.0-1ubuntu2.3 libcurl4 7.74.0-1ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.7 libcurl3-gnutls 7.68.0-1ubuntu2.7 libcurl3-nss 7.68.0-1ubuntu2.7 libcurl4 7.68.0-1ubuntu2.7
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.15 libcurl3-gnutls 7.58.0-2ubuntu3.15 libcurl3-nss 7.58.0-2ubuntu3.15 libcurl4 7.58.0-2ubuntu3.15
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5079-1 CVE-2021-22945, CVE-2021-22946, CVE-2021-22947
Package Information: launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.3 launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.7 launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.15

Varnish Cache 7.0.0 released

Hi everybody,
We just released version 7.0.0 of Varnish Cache:
varnish-cache.org/releases/rel7.0.0.html
This is dot-zero because there are some pretty drastic changes under the water-line, but almost all users will see little or no difference.
Here is a list of the most important changes:
varnish-cache.org/docs/7.0/whats-new/changes-7.0.html
7.x will not become a long-time support branch, but as my friend Peter Wemm used to say: People have to be crazy to run anything ending in dot-zero in production, but we really appreciate it when they do.
Thanks to Dridi for running the release process almost alone,
Thanks to the rest of the team for keeping at it.
And thanks to the Varnish Moral License holders for keeping my economy afloat.
Next main-line release will be 2021-09-15.
Take care!
Poul-Henning

[USN-5078-1] Squashfs-Tools vulnerability

========================================================================== Ubuntu Security Notice USN-5078-1 September 15, 2021
squashfs-tools vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Squashfs-Tools could be made to overwrite files.
Software Description: – squashfs-tools: Tools to create and modify squashfs filesystems
Details:
Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: squashfs-tools 1:4.4-2ubuntu0.2
Ubuntu 20.04 LTS: squashfs-tools 1:4.4-1ubuntu0.2
Ubuntu 18.04 LTS: squashfs-tools 1:4.3-6ubuntu0.18.04.4
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5078-1 CVE-2021-41072
Package Information: launchpad.net/ubuntu/+source/squashfs-tools/1:4.4-2ubuntu0.2 launchpad.net/ubuntu/+source/squashfs-tools/1:4.4-1ubuntu0.2 launchpad.net/ubuntu/+source/squashfs-tools/1:4.3-6ubuntu0.18.04.4

Gnome Subtitles 1.7

Gnome Subtitles 1.7 is (finally) out. Changes: – Fixed multiple issues related to audio and video playback – GStreamer media playback engine rewrite – Subtitle lines displayed on the video are now immediately refreshed if changed – Fixed an issue which didn’t allow for multiple Gnome Subtitles instances to be running simultaneously – Fixed an issue which prevented the application from appearing translated/localized – Fixed an issue with Autocheck Spelling not working immediately when the app is opened – Help menu items now open correctly – Improved the Set Languages dialog window with information on how to install additional language packs – Fixed an issue with the side bar constantly resizing during playback – Fixed an issue where opening an audio file after a video would show the last frame played from the video – Added support for Enchant 2 (in addition to Enchant 1 which is still supported) – Optimization to only save the window state when closing the application – AppData and Desktop files have been updated
Note to packagers: – Packages should now depend on Enchant 2 instead of 1 (although 1 is still supported)
Issues: – Built-in video player stutters (#5) – Impossible to open a subtitles file via the file manager while Gnome Subtitles is already running (#139) – Only save the window state when closing the application (#143) – AppStream warns on insecure URLs (#144) – Improved message in the Set Languages dialog (#147) – Translations not being used in 1.6 on Fedora 31 (#149) – Change Type to Press in help (#150) – Change “coding” to “encoding” (#151) – Rename video Length to Duration (#152) – Add support for Enchant 2 (#153) – Remove “” from app (#154) – Side bar resizes itself during video playback (#157) – Help menu items (links and user guide) are not opening (#159) – Autocheck Spelling not working when the app is opened (#164) – Opening an audio file after a video file shows the last frame played from that video (#166) – Subtitle shown on the video not immediately updated while being edited (#167) – GStreamer Decoding Error while seeking with some files due to vaapi (#171) – Unable to open some kinds of audio files (#172) – Disable VAAPI by default to prevent playback issues (#173) – GStreamer media playback rewrite (#177)
Translations: – Jordi Mas (ca) – Marek Černocký (cs) – Ask Hjorth Larsen (da) – Daniel Mustieles, Rodrigo Lledó (es) – Jiri Grönroos (fi) – Charles Monzat (fr) – Balázs Úr (hu) – Andika Triwidada (id) – Nathan Follens (nl) – Piotr Drąg (pl) – Hugo Carvalho (pt) – Rafael Fontenelle (pt_BR) – Daniel Șerbănescu (ro) – Dušan Kazik (sk) – Matej Urbančič (sl) – Miroslav Nikolić (sr) – Anders Jonsson (sv) – Emin Tufan Çetin, Sabri Ünal (tr) – Yuri Chornoivan (uk) – Dz Chen (zh_CN)
Additional thanks: – Andre Klapper, Fernando Fernandez, Luz Paz Pedro Castro
Release notes are available at: gnomesubtitles.org/gnome-subtitles-release-1.7
About ===== Gnome Subtitles is a subtitle editor for the GNOME desktop. It supports the most common text-based subtitle formats, video previewing, timings synchronization and subtitle translation. gnomesubtitles.org/about
Pedro Castro
_______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list

[USN-5077-2] Apport vulnerabilities

========================================================================== Ubuntu Security Notice USN-5077-2 September 14, 2021
apport vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apport.
Software Description: – apport: automatically generate crash reports for debugging
Details:
USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Maik Münch and Stephen Röttger discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use this issue to gain read access to arbitrary files, possibly containing sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apport 2.20.1-0ubuntu2.30+esm2 python-apport 2.20.1-0ubuntu2.30+esm2 python3-apport 2.20.1-0ubuntu2.30+esm2
Ubuntu 14.04 ESM: apport 2.14.1-0ubuntu3.29+esm8 python-apport 2.14.1-0ubuntu3.29+esm8 python3-apport 2.14.1-0ubuntu3.29+esm8
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5077-2 ubuntu.com/security/notices/USN-5077-1 CVE-2021-3709, CVE-2021-3710