[CentOS-announce] CEBA-2022:0069 CentOS 7 rear BugFix Update

CentOS Errata and Bugfix Advisory 2022:0069
Upstream details at : access.redhat.com/errata/RHBA-2022:0069
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 3aa4e1ccd9fd1a78767f931c25659037fc4cc3726f2bf2f979ed6ea52afe1815 rear-2.4-15.el7_9.x86_64.rpm
Source: e1576184949c1d191734076de544b41c30b2ddf36ad8caaf7d54d0147177342a rear-2.4-15.el7_9.src.rpm

[CentOS-announce] CEBA-2022:0068 CentOS 7 python-virtualenv BugFix Update

CentOS Errata and Bugfix Advisory 2022:0068
Upstream details at : access.redhat.com/errata/RHBA-2022:0068
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 594dfccfe823bf2e7b0b092a49e9599e40606708a101de2e67c467258d6fd21e python-virtualenv-15.1.0-5.el7_9.noarch.rpm
Source: 0c59875991139a5551c5cb52320453f97e0aa2010e8c8c6042017aa5dab403e9 python-virtualenv-15.1.0-5.el7_9.src.rpm

[CentOS-announce] CESA-2022:0127 Important CentOS 7 thunderbird Security Update

CentOS Errata and Security Advisory 2022:0127 Important
Upstream details at : access.redhat.com/errata/RHSA-2022:0127
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 151bddd3018c3cf341e45301fea7e855900839a749c197c0037edde602eaef35 thunderbird-91.5.0-1.el7.centos.x86_64.rpm
Source: 91c6a1ec8b49d2f0883bde205114bb7573106a5acd86a2344d652241f7150ee9 thunderbird-91.5.0-1.el7.centos.src.rpm

[CentOS-announce] CESA-2022:0124 Important CentOS 7 firefox Security Update

CentOS Errata and Security Advisory 2022:0124 Important
Upstream details at : access.redhat.com/errata/RHSA-2022:0124
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 42e22ddc4f5145c86fda06a008ba1415e8c40c3caa32ca21f81ce460fa3e2bf5 firefox-91.5.0-1.el7.centos.x86_64.rpm
Source: 37785df2875c5eb6c436ca5e15daab86f16b8bad3c9cd21a246184c5562ec843 firefox-91.5.0-1.el7.centos.src.rpm

[USN-5233-1] ClamAV vulnerability

========================================================================== Ubuntu Security Notice USN-5233-1 January 18, 2022
clamav vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
ClamAV could be made to crash if it opened a specially crafted file.
Software Description: – clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled memory when the CL_SCAN_GENERAL_COLLECT_METADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: clamav 0.103.5+dfsg-1~21.10.1
Ubuntu 21.04: clamav 0.103.5+dfsg-1~21.04.1
Ubuntu 20.04 LTS: clamav 0.103.5+dfsg-1~20.04.1
Ubuntu 18.04 LTS: clamav 0.103.5+dfsg-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5233-1 CVE-2022-20698
Package Information: launchpad.net/ubuntu/+source/clamav/0.103.5+dfsg-1~21.10.1 launchpad.net/ubuntu/+source/clamav/0.103.5+dfsg-1~21.04.1 launchpad.net/ubuntu/+source/clamav/0.103.5+dfsg-1~20.04.1 launchpad.net/ubuntu/+source/clamav/0.103.5+dfsg-0ubuntu0.18.04.1

[USN-5227-2] Pillow vulnerabilities

========================================================================== Ubuntu Security Notice USN-5227-2 January 17, 2022
pillow vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Pillow.
Software Description: – pillow: Python Imaging Library
Details:
USN-5227-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. (CVE-2021-23437)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. This issue ony affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-34552)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22815)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. (CVE-2022-22816)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22817)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: python-pil 3.1.2-0ubuntu1.6+esm1 python3-pil 3.1.2-0ubuntu1.6+esm1
Ubuntu 14.04 ESM: python-pil 2.3.0-1ubuntu3.4+esm3 python3-pil 2.3.0-1ubuntu3.4+esm3
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5227-2 ubuntu.com/security/notices/USN-5227-1 CVE-2021-23437, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816, CVE-2022-22817

GNOME 40.7 released

Hello everyone,
GNOME 40.7 is now available. This is a stable bugfix release for GNOME 40. All operating systems shipping GNOME 40 are encouraged to upgrade.
If you want to compile GNOME 41.3, you can use the official BuildStream project snapshot:
download.gnome.org/teams/releng/40.7/gnome-40.7.tar.xz
The list of updated modules and changes is available here:
download.gnome.org/core/40/40.7/NEWS
The source packages are available here:
download.gnome.org/core/40/40.7/sources/
GNOME 40.7 is designed to be a boring bugfix update for GNOME 40, so it should be safe to upgrade from earlier versions of GNOME 40.
Regards,
Abderrahim Kitouni GNOME Release Team _______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list

ANNOUNCE: ristretto 0.12.2 released

ristretto 0.12.2 is now available for download from
archive.xfce.org/src/apps/ristretto/0.12/ristretto-0.12.2.tar.bz2 archive.xfce.org/src/apps/ristretto/0.12/ristretto-0.12.2.tar.bz2?sha1 archive.xfce.org/src/apps/ristretto/0.12/ristretto-0.12.2.tar.bz2?sha256
What is ristretto? ==================
Ristretto is an image-viewer for the Xfce desktop environment.
Website: docs.xfce.org/apps/ristretto/start
Release notes for 0.12.2 ======================== – New Features: – Thumbnailer: Add support for shared thumbnail repositories (#82) – Thumbnailer: Add thumbnail flavor support (#81)
– Performance Improvement: – Optimization: Use TreeModel IFace to walk the image list – Optimization: Add index and list link to RsttoImageListIter – Optimization: Switch to GQueue in RsttoImageList
– Code Refactoring: – Flatpak: Add lifecycle manager patch to Xfconf dependency – Flatpak: Add Tumbler dependency as a private service (!35) – Flatpak: Add pixbuf loaders – Refactoring: Cleanup and simplifications around thumbnail size – Redistribute thumbnail sizes uniformly – Disable debug checks in release mode – Cleanup: Miscellaneous – Cleanup: Remove unused APIs in RsttoImageList
– Bug Fixes: – Fix and complete file change monitoring – Thumbnailer: Rework queue management – Thumbnailer: Properly set the number of visible items – Take the device scale into account to limit rendering quality – Avoid multi-threading issue with X11 (#76)
– Translation Updates: Albanian, Arabic, Armenian (Armenia), Basque, Belarusian, Bulgarian, Catalan, Chinese (China), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, Eastern Armenian, English (Australia), English (United Kingdom), Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian, Interlingue, Italian, Japanese, Kazakh, Korean, Lithuanian, Malay, Norwegian Bokmål, Occitan (post 1500), Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Uyghur _______________________________________________ Xfce-announce mailing list Xfce-announce@xfce.org mail.xfce.org/mailman/listinfo/xfce-announce

GUPnP 1.4.3

A bugfix release of the stable GUPnP 1.4
This release fixes yet another issue with the deprecated async API which is mostly important for correct working of dLeyna. Update is highly recommended!
Also, please update your code to use the new async API introduced with GUPnP 1.2.0.
It is available for download at download.gnome.org/sources/gupnp/1.4/gupnp-1.4.2.tar.xz <download.gnome.org/sources/gupnp/1.4/gupnp-1.4.3.tar.xz>
Changes since 1.4.1:
1.4.2 (stable) =====
– ServiceProxy: Properly propagate cancelled actions in deprecated calls – ServiceProxy: Fix deprecated async calls, again.
Bugs fixed in this release: – <gitlab.gnome.org/GNOME/gupnp/issues/67>
All contributors to this release: – Jens Georg <mail@jensge.org <mailto:mail@jensge.org>>

_______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list

[USN-5227-1] Pillow vulnerabilities

========================================================================== Ubuntu Security Notice USN-5227-1 January 13, 2022
pillow vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Pillow.
Software Description: – pillow: Python Imaging Library
Details:
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. (CVE-2021-23437)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. This issue ony affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-34552)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22815)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service. (CVE-2022-22816)
It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22817)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: python3-pil 8.1.2+dfsg-0.3ubuntu0.1
Ubuntu 21.04: python3-pil 8.1.2-1ubuntu0.2
Ubuntu 20.04 LTS: python3-pil 7.0.0-4ubuntu0.5
Ubuntu 18.04 LTS: python-pil 5.1.0-1ubuntu0.7 python3-pil 5.1.0-1ubuntu0.7
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5227-1 CVE-2021-23437, CVE-2021-34552, CVE-2022-22815, CVE-2022-22816, CVE-2022-22817
Package Information: launchpad.net/ubuntu/+source/pillow/8.1.2+dfsg-0.3ubuntu0.1 launchpad.net/ubuntu/+source/pillow/8.1.2-1ubuntu0.2 launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.5 launchpad.net/ubuntu/+source/pillow/5.1.0-1ubuntu0.7

[USN-5210-2] Linux kernel regression

========================================================================== Ubuntu Security Notice USN-5210-2 January 12, 2022
linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4 regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
USN-5210-1 introduced a regression in the Linux kernel.
Software Description: – linux: Linux kernel – linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems – linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems – linux-hwe-5.4: Linux hardware enablement (HWE) kernel
Details:
USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization (SEV) enabled. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002)
It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541)
It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321)
It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760)
It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864)
It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056)
It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.4.0-1060-gcp 5.4.0-1060.64 linux-image-5.4.0-94-generic 5.4.0-94.106 linux-image-5.4.0-94-generic-lpae 5.4.0-94.106 linux-image-5.4.0-94-lowlatency 5.4.0-94.106 linux-image-gcp-lts-20.04 5.4.0.1060.70 linux-image-generic 5.4.0.94.98 linux-image-generic-lpae 5.4.0.94.98 linux-image-lowlatency 5.4.0.94.98 linux-image-oem 5.4.0.94.98 linux-image-oem-osp1 5.4.0.94.98 linux-image-virtual 5.4.0.94.98
Ubuntu 18.04 LTS: linux-image-5.4.0-1060-gcp 5.4.0-1060.64~18.04.1 linux-image-5.4.0-94-generic 5.4.0-94.106~18.04.1 linux-image-5.4.0-94-generic-lpae 5.4.0-94.106~18.04.1 linux-image-5.4.0-94-lowlatency 5.4.0-94.106~18.04.1 linux-image-gcp 5.4.0.1060.46 linux-image-generic-hwe-18.04 5.4.0.94.106~18.04.83 linux-image-generic-lpae-hwe-18.04 5.4.0.94.106~18.04.83 linux-image-lowlatency-hwe-18.04 5.4.0.94.106~18.04.83 linux-image-oem 5.4.0.94.106~18.04.83 linux-image-oem-osp1 5.4.0.94.106~18.04.83 linux-image-snapdragon-hwe-18.04 5.4.0.94.106~18.04.83 linux-image-virtual-hwe-18.04 5.4.0.94.106~18.04.83
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5210-2 ubuntu.com/security/notices/USN-5210-1 launchpad.net/bugs/1956575
Package Information: launchpad.net/ubuntu/+source/linux/5.4.0-94.106 launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1060.64 launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1060.64~18.04.1 launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-94.106~18.04.1

FreeBSD Security Advisory FreeBSD-SA-22:01.vt

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512
============================================================================= FreeBSD-SA-22:01.vt Security Advisory The FreeBSD Project
Topic: vt console buffer overflow
Category: kernel Module: vt Announced: 2022-01-11 Credits: Oleg Bulyzhin Affects: FreeBSD 12.2 and FreeBSD 13.0 Corrected: 2021-09-22 18:41:00 UTC (stable/13, 13.0-STABLE) 2022-01-11 18:15:03 UTC (releng/13.0, 13.0-RELEASE-p6) 2021-09-25 18:15:49 UTC (stable/12, 12.2-STABLE) 2022-01-11 18:33:21 UTC (releng/12.2, 12.2-RELEASE-p12) CVE Name: CVE-2021-29632
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .
I. Background
FreeBSD’s system console is provided by the vt(4) virtual terminal console driver.
II. Problem Description
Under certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.
III. Impact
Users with access to the system console may be able to cause system misbehaviour.
IV. Workaround
No workaround is available.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch # freebsd-update install # shutdown -r +10min “Rebooting for a security update”
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
# fetch security.FreeBSD.org/patches/SA-22:01/vt.patch # fetch security.FreeBSD.org/patches/SA-22:01/vt.patch.asc # gpg –verify vt.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system.
VI. Correction details
This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches:
Branch/path Hash Revision – ————————————————————————- stable/13/ 9352de39c3dc stable/13-n247428 releng/13.0/ 3e0a1e124169 releng/13.0-n244773 stable/12/ r370674 releng/12.2/ r371491 – ————————————————————————-
For FreeBSD 13 and later:
Run the following command to see which files were modified by a particular commit:
# git show –stat
Or visit the following URL, replacing NNNNNN with the hash:

To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run:
# git rev-list –count –first-parent HEAD
For FreeBSD 12 and earlier:
Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number:
# svn diff -cNNNNNN –summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at —–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n 5cIgEBAAkXpnKSElsT96dj4RYWJLkqB4+OBkGoOGrsZj8zd5Ei85oohhL38xiYAE jQpSwblgYCqmOxRL4hGgKN6fBPMnc/zXCdZhJzAfgkKXsn4eY5mObN1jus7owsmC RnFNOLSr1VVJZs8H1RAeAjJT2I6DF0oLb/f1u3ik+bPFJ8Y4hvPEliSH7rpzVBq7 hpmiH1HxAArVwtJ15N+7u6vNUce57dWSh4NzPHLduzMRpatPKVqtkC7UJIvqisxl bQTK46MYo454SgbZjRPistwnV9NFKjuKy5Rh38/FURbnBxg8w2HVkabidMy5lJyU geSOvV4wc2LraRdSvJHZlNXu1BJKnPpTpsl6XNr8ePzAl9rRPjZKo8cEBMmTlqK0 KdMeKsf1OfspA/8L6mCpg4NDeOoHktCrICWTi4/E6nGX/e1hZrCXKcxf0KYbhcfO xNvrYtKkCtCbEnbzZbW6rjY/RAmRwwMNngVw2FWRuSWU6BCmfKZndUXFO7aghj6Q JKISfctwtcHWn/QzI2BN9pNWZlzAJ8BfxR+/bV6VJNuRILOhrvgjnUzpies1xv7z GRN9JlpxzqihhlX8JED7jDOm99YflEG0Ep7Cr1OYXLDVx1xxh8dQLCOwl5qjnKgd ELae8IKnUn5pI1Og44AsjY9xWOvxxz28luwFxsbYf+3UMo6M4eE= =hcWy —–END PGP SIGNATURE—–

[Checkmk Announce] New Checkmk stable release 2.0.0p18

Dear friends of Checkmk,
the new stable release 2.0.0p18 of Checkmk is ready for download.
This maintenance release ships with 23 changes affecting all editions of Checkmk, 7 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.

Changes in all Checkmk Editions:
Checks & agents: * 13596 Windows agent fileinfo section supports also files with limited access rights * 13486 FIX: juniper_fru: Fix documentation for op. status “present” * 13524 FIX: ntp_peer: Fix “TypeError (tuple indices must be integers or slices, not str)” * 13477 FIX: Fetcher error if agent is run a non-root user * 12999 FIX: Logwatch agent plugin correctly works with unicode characters * 13567 FIX: Raise in debug only if no cfg was found (mk_logwatch) * 13597 FIX: Windows agent supports Unicode symbols in logwatch section * 13568 FIX: agent_azure: Enable passing secret via commandline (for debugging) * 13556 FIX: oracle_rman: multiple backups lead to oldest backup shown * 13558 FIX: ps: quoted parameters in Windows agent output leads to crash
Core & setup: * 13399 RESTAPI: Endpoint for downloading agent by host name NOTE: Please refer to the migration notes!
Event console: * 13091 FIX: Fixed event console time filters
Other components: * 13321 SEC: NagVis: Updated to 1.9.29 (Fix possible deletion of arbitrary files)
Setup: * 13195 SEC: Add validation to Documentation URL NOTE: Please refer to the migration notes! * 13285 FIX: Activate Changes: Minor speedup for setups with disabled/inactive sites * 13514 FIX: Fix TypeError on audit log search * 13508 FIX: Fix failed logins for LDAP user created with Checkmk versions below 1.4 * 13509 FIX: Fix impossible host renaming if uninvolved sites have changes * 13512 FIX: Fix possible “Request-URI Too Long” error on editing contact groups * 13507 FIX: Fix simulation mode in service discovery and connection tests * 13478 FIX: Mitigate wrong conversion of disabled service rules on update NOTE: Please refer to the migration notes!
Site management: * 13324 SEC: Shipping software bill of materials with Checkmk
User interface: * 13511 FIX: Fix link of painter ‘Log: contact name’
Changes in the Checkmk Enterprise Edition:
Agent bakery: * 13131 FIX: custom_files: Fix permissions of custom deployed agent plugins * 13132 FIX: mk_filestats: Deploy agent plugin without config * 13130 FIX: mk_oracle: Fix bakery crash on deactivated agent rule
Checks & agents: * 13476 FIX: Occasional KeyError in inline SNMP fetcher * 13612 FIX: Predictive levels preview plot on incomplete data
Ntopng integration: * 13569 Make ntopng integration vlan aware
User interface: * 13586 FIX: Timeline dashlets: Missing data with both context filters
Changes in the Checkmk Managed Services Edition:

You can download Checkmk from our download page: * checkmk.com/download.php
Please mail bug reports and qualified feedback to feedback@checkmk.com. We greatly thank you for using Checkmk and wish you a successful monitoring,
Your Checkmk Team

[USN-5225-1] lxml vulnerability

========================================================================== Ubuntu Security Notice USN-5225-1 January 12, 2022
lxml vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS – Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
lxml could be made to execute arbitrary code if it received a specially crafted XML or HTML file.
Software Description: – lxml: pythonic binding for the libxml2 and libxslt libraries
Details:
It was discovered that lxml incorrectly handled certain XML and HTML files. An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: python3-lxml 4.6.3+dfsg-0.1ubuntu0.2
Ubuntu 21.04: python3-lxml 4.6.3-1ubuntu0.2
Ubuntu 20.04 LTS: python-lxml 4.5.0-1ubuntu0.5 python3-lxml 4.5.0-1ubuntu0.5
Ubuntu 18.04 LTS: python-lxml 4.2.1-1ubuntu0.6 python3-lxml 4.2.1-1ubuntu0.6
Ubuntu 16.04 ESM: python-lxml 3.5.0-1ubuntu0.4+esm2 python3-lxml 3.5.0-1ubuntu0.4+esm2
Ubuntu 14.04 ESM: python-lxml 3.3.3-1ubuntu0.2+esm5 python3-lxml 3.3.3-1ubuntu0.2+esm5
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5225-1 CVE-2021-43818
Package Information: launchpad.net/ubuntu/+source/lxml/4.6.3+dfsg-0.1ubuntu0.2 launchpad.net/ubuntu/+source/lxml/4.6.3-1ubuntu0.2 launchpad.net/ubuntu/+source/lxml/4.5.0-1ubuntu0.5 launchpad.net/ubuntu/+source/lxml/4.2.1-1ubuntu0.6

[USN-5224-1] Ghostscript vulnerabilities

========================================================================== Ubuntu Security Notice USN-5224-1 January 12, 2022
ghostscript vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Ghostscript.
Software Description: – ghostscript: PostScript and PDF interpreter
Details:
It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: ghostscript 9.54.0~dfsg1-0ubuntu2.1 libgs9 9.54.0~dfsg1-0ubuntu2.1
Ubuntu 21.04: ghostscript 9.53.3~dfsg-7ubuntu0.2 libgs9 9.53.3~dfsg-7ubuntu0.2
Ubuntu 20.04 LTS: ghostscript 9.50~dfsg-5ubuntu4.5 libgs9 9.50~dfsg-5ubuntu4.5
Ubuntu 18.04 LTS: ghostscript 9.26~dfsg+0-0ubuntu0.18.04.15 libgs9 9.26~dfsg+0-0ubuntu0.18.04.15
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5224-1 CVE-2021-45944, CVE-2021-45949
Package Information: launchpad.net/ubuntu/+source/ghostscript/9.54.0~dfsg1-0ubuntu2.1 launchpad.net/ubuntu/+source/ghostscript/9.53.3~dfsg-7ubuntu0.2 launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.5 launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.18.04.15

[USN-5043-2] Exiv2 regression

========================================================================== Ubuntu Security Notice USN-5043-2 January 11, 2022
exiv2 regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS
Summary:
Introduced regression Exiv2.
Software Description: – exiv2: EXIF/IPTC/XMP metadata manipulation tool
Details:
USN-5043-1 fixed vulnerabilities in Exiv2. The update introduced a new regression that could cause a crash in applications using libexiv2. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-37620)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: exiv2 0.27.3-3ubuntu4.1 libexiv2-27 0.27.3-3ubuntu4.1
Ubuntu 21.04: exiv2 0.27.3-3ubuntu1.6 libexiv2-27 0.27.3-3ubuntu1.6
Ubuntu 20.04 LTS: exiv2 0.27.2-8ubuntu2.7 libexiv2-27 0.27.2-8ubuntu2.7
In general, a standard system update will make all the necessary changes.
References: ubuntu.com/security/notices/USN-5043-2 ubuntu.com/security/notices/USN-5043-1 CVE-2021-37620, launchpad.net/bugs/1941752
Package Information: launchpad.net/ubuntu/+source/exiv2/0.27.3-3ubuntu4.1 launchpad.net/ubuntu/+source/exiv2/0.27.3-3ubuntu1.6 launchpad.net/ubuntu/+source/exiv2/0.27.2-8ubuntu2.7

[USN-5219-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-5219-1 January 11, 2022
linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.10, linux-oracle, linux-oracle-5.11, linux-raspi vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 21.10 – Ubuntu 21.04 – Ubuntu 20.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description: – linux: Linux kernel – linux-aws: Linux kernel for Amazon Web Services (AWS) systems – linux-azure: Linux kernel for Microsoft Azure Cloud systems – linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems – linux-kvm: Linux kernel for cloud environments – linux-oracle: Linux kernel for Oracle Cloud systems – linux-raspi: Linux kernel for Raspberry Pi systems – linux-aws-5.11: Linux kernel for Amazon Web Services (AWS) systems – linux-azure-5.11: Linux kernel for Microsoft Azure cloud systems – linux-gcp-5.11: Linux kernel for Google Cloud Platform (GCP) systems – linux-hwe-5.11: Linux hardware enablement (HWE) kernel – linux-oem-5.10: Linux kernel for OEM systems – linux-oracle-5.11: Linux kernel for Oracle Cloud systems
Details:
It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: linux-image-5.13.0-1008-kvm 5.13.0-1008.8 linux-image-5.13.0-1009-aws 5.13.0-1009.10 linux-image-5.13.0-1010-azure 5.13.0-1010.11 linux-image-5.13.0-1010-gcp 5.13.0-1010.12 linux-image-5.13.0-1013-oracle 5.13.0-1013.16 linux-image-5.13.0-1013-raspi 5.13.0-1013.15 linux-image-5.13.0-1013-raspi-nolpae 5.13.0-1013.15 linux-image-5.13.0-25-generic 5.13.0-25.26 linux-image-5.13.0-25-generic-64k 5.13.0-25.26 linux-image-5.13.0-25-generic-lpae 5.13.0-25.26 linux-image-5.13.0-25-lowlatency 5.13.0-25.26 linux-image-aws 5.13.0.1009.11 linux-image-azure 5.13.0.1010.11 linux-image-gcp 5.13.0.1010.10 linux-image-generic 5.13.0.25.36 linux-image-generic-64k 5.13.0.25.36 linux-image-generic-lpae 5.13.0.25.36 linux-image-gke 5.13.0.1010.10 linux-image-kvm 5.13.0.1008.8 linux-image-lowlatency 5.13.0.25.36 linux-image-oem-20.04 5.13.0.25.36 linux-image-oracle 5.13.0.1013.14 linux-image-raspi 5.13.0.1013.19 linux-image-raspi-nolpae 5.13.0.1013.19 linux-image-virtual 5.13.0.25.36
Ubuntu 21.04: linux-image-5.11.0-1022-kvm 5.11.0-1022.24 linux-image-5.11.0-1025-aws 5.11.0-1025.27 linux-image-5.11.0-1025-azure 5.11.0-1025.27 linux-image-5.11.0-1025-oracle 5.11.0-1025.27 linux-image-5.11.0-1025-raspi 5.11.0-1025.27 linux-image-5.11.0-1025-raspi-nolpae 5.11.0-1025.27 linux-image-5.11.0-1026-gcp 5.11.0-1026.29 linux-image-5.11.0-46-generic 5.11.0-46.51 linux-image-5.11.0-46-generic-64k 5.11.0-46.51 linux-image-5.11.0-46-generic-lpae 5.11.0-46.51 linux-image-5.11.0-46-lowlatency 5.11.0-46.51 linux-image-aws 5.11.0.1025.25 linux-image-azure 5.11.0.1025.25 linux-image-gcp 5.11.0.1026.25 linux-image-generic 5.11.0.46.46 linux-image-generic-64k 5.11.0.46.46 linux-image-generic-lpae 5.11.0.46.46 linux-image-gke 5.11.0.1026.25 linux-image-kvm 5.11.0.1022.23 linux-image-lowlatency 5.11.0.46.46 linux-image-oem-20.04 5.11.0.46.46 linux-image-oracle 5.11.0.1025.25 linux-image-raspi 5.11.0.1025.23 linux-image-raspi-nolpae 5.11.0.1025.23 linux-image-virtual 5.11.0.46.46
Ubuntu 20.04 LTS: linux-image-5.10.0-1055-oem 5.10.0-1055.58 linux-image-5.11.0-1025-aws 5.11.0-1025.27~20.04.1 linux-image-5.11.0-1025-azure 5.11.0-1025.27~20.04.1 linux-image-5.11.0-1025-oracle 5.11.0-1025.27~20.04.1 linux-image-5.11.0-1026-gcp 5.11.0-1026.29~20.04.1 linux-image-5.11.0-46-generic 5.11.0-46.51~20.04.1 linux-image-5.11.0-46-generic-64k 5.11.0-46.51~20.04.1 linux-image-5.11.0-46-generic-lpae 5.11.0-46.51~20.04.1 linux-image-5.11.0-46-lowlatency 5.11.0-46.51~20.04.1 linux-image-aws 5.11.0.1025.27~20.04.24 linux-image-azure 5.11.0.1025.27~20.04.24 linux-image-gcp 5.11.0.1026.29~20.04.25 linux-image-generic-64k-hwe-20.04 5.11.0.46.51~20.04.23 linux-image-generic-hwe-20.04 5.11.0.46.51~20.04.23 linux-image-generic-lpae-hwe-20.04 5.11.0.46.51~20.04.23 linux-image-lowlatency-hwe-20.04 5.11.0.46.51~20.04.23 linux-image-oem-20.04 5.10.0.1055.56 linux-image-oem-20.04b 5.10.0.1055.56 linux-image-oracle 5.11.0.1025.27~20.04.18 linux-image-virtual-hwe-20.04 5.11.0.46.51~20.04.23
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5219-1 launchpad.net/bugs/1956585
Package Information: launchpad.net/ubuntu/+source/linux/5.13.0-25.26 launchpad.net/ubuntu/+source/linux-aws/5.13.0-1009.10 launchpad.net/ubuntu/+source/linux-azure/5.13.0-1010.11 launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1010.12 launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1008.8 launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1013.16 launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1013.15 launchpad.net/ubuntu/+source/linux/5.11.0-46.51 launchpad.net/ubuntu/+source/linux-aws/5.11.0-1025.27 launchpad.net/ubuntu/+source/linux-azure/5.11.0-1025.27 launchpad.net/ubuntu/+source/linux-gcp/5.11.0-1026.29 launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1022.24 launchpad.net/ubuntu/+source/linux-oracle/5.11.0-1025.27 launchpad.net/ubuntu/+source/linux-raspi/5.11.0-1025.27 launchpad.net/ubuntu/+source/linux-aws-5.11/5.11.0-1025.27~20.04.1 launchpad.net/ubuntu/+source/linux-azure-5.11/5.11.0-1025.27~20.04.1 launchpad.net/ubuntu/+source/linux-gcp-5.11/5.11.0-1026.29~20.04.1 launchpad.net/ubuntu/+source/linux-hwe-5.11/5.11.0-46.51~20.04.1 launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1055.58 launchpad.net/ubuntu/+source/linux-oracle-5.11/5.11.0-1025.27~20.04.1

[USN-5218-1] Linux kernel (OEM) vulnerabilities

========================================================================== Ubuntu Security Notice USN-5218-1 January 11, 2022
linux-oem-5.13 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: – linux-oem-5.13: Linux kernel for OEM systems
Details:
Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002)
It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (LP: #1956585)
It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321)
It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760)
It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864)
It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056)
It was discovered that the TIPC Protocol implementation in the Linux kernel did not properly validate MSG_CRYPTO messages in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43267)
It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.13.0-1026-oem 5.13.0-1026.32 linux-image-oem-20.04c 5.13.0.1026.29
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5218-1 CVE-2021-20321, CVE-2021-3760, CVE-2021-4002, CVE-2021-41864, CVE-2021-43056, CVE-2021-43267, CVE-2021-43389, launchpad.net/bugs/1956585
Package Information: launchpad.net/ubuntu/+source/linux-oem-5.13/5.13.0-1026.32

[USN-5217-1] Linux kernel (OEM) vulnerabilities

========================================================================== Ubuntu Security Notice USN-5217-1 January 11, 2022
linux-oem-5.14 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: – linux-oem-5.14: Linux kernel for OEM systems
Details:
It was discovered that the NFS server implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4090)
It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (LP: #1956585)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.14.0-1018-oem 5.14.0-1018.19 linux-image-oem-20.04d 5.14.0.1018.16
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: ubuntu.com/security/notices/USN-5217-1 CVE-2021-4090, launchpad.net/bugs/1956585
Package Information: launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1018.19

GNOME 41.3 released

Hi,
GNOME 41.3 is now available. This is a stable bugfix release for GNOME 41. All operating systems shipping GNOME 41 are encouraged to upgrade.
If you want to compile GNOME 41.3, you can use the official BuildStream project snapshot:
download.gnome.org/teams/releng/41.3/gnome-41.3.tar.xz
The list of updated modules and changes is available here:
download.gnome.org/core/41/41.3/NEWS
The source packages are available here:
download.gnome.org/core/41/41.3/sources/
GNOME 41.3 is designed to be a boring bugfix update for GNOME 41, so it should be safe to upgrade from earlier versions of GNOME 41.
Cheers, Javier Jardón GNOME Release Team _______________________________________________ gnome-announce-list mailing list gnome-announce-list@gnome.org mail.gnome.org/mailman/listinfo/gnome-announce-list