Skip to content
This repository has been archived by the owner on Oct 10, 2023. It is now read-only.

0.355.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 06 Mar 17:08
· 14 commits to main since this release
0.355.0
5c8b8dc

Notably, this release addresses:

USN-5767-3 USN-5767-3: Python vulnerability:

  • CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
  • CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
  • https://launchpad.net/bugs/1995197: Vulnerable to CVE 2022-37454 (SHA-3 buffer overflow)

USN-5921-1 USN-5921-1: rsync vulnerabilities:

  • CVE-2022-29154: An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
-ii  libpython3.6:amd64         3.6.9-1~18.04ubuntu1.9  amd64  Shared Python runtime library (version 3.6)
-ii  libpython3.6-minimal:amd64 3.6.9-1~18.04ubuntu1.9  amd64  Minimal subset of the Python language (version 3.6)
-ii  libpython3.6-stdlib:amd64  3.6.9-1~18.04ubuntu1.9  amd64  Interactive high-level object-oriented language (standard library, version 3.6)
+ii  libpython3.6:amd64         3.6.9-1~18.04ubuntu1.10 amd64  Shared Python runtime library (version 3.6)
+ii  libpython3.6-minimal:amd64 3.6.9-1~18.04ubuntu1.10 amd64  Minimal subset of the Python language (version 3.6)
+ii  libpython3.6-stdlib:amd64  3.6.9-1~18.04ubuntu1.10 amd64  Interactive high-level object-oriented language (standard library, version 3.6)
-ii  python3.6                  3.6.9-1~18.04ubuntu1.9  amd64  Interactive high-level object-oriented language (version 3.6)
-ii  python3.6-minimal          3.6.9-1~18.04ubuntu1.9  amd64  Minimal subset of the Python language (version 3.6)
+ii  python3.6                  3.6.9-1~18.04ubuntu1.10 amd64  Interactive high-level object-oriented language (version 3.6)
+ii  python3.6-minimal          3.6.9-1~18.04ubuntu1.10 amd64  Minimal subset of the Python language (version 3.6)
-ii  rsync                      3.1.2-2.1ubuntu1.5      amd64  fast, versatile, remote (and local) file-copying tool
+ii  rsync                      3.1.2-2.1ubuntu1.6      amd64  fast, versatile, remote (and local) file-copying tool
-ii  tcpdump                    4.9.3-0ubuntu0.18.04.2  amd64  command-line network traffic analyzer
+ii  tcpdump                    4.9.3-0ubuntu0.18.04.3  amd64  command-line network traffic analyzer
-ii  ubuntu-advantage-tools     27.13.5~18.04.1         amd64  management tools for Ubuntu Pro
+ii  ubuntu-advantage-tools     27.13.6~18.04.1         amd64  management tools for Ubuntu Pro
Assets 3