This repository has been archived by the owner on Oct 10, 2023. It is now read-only.
0.355.0
cf-buildpacks-eng
released this
06 Mar 17:08
·
14 commits
to main
since this release
Notably, this release addresses:
USN-5767-3 USN-5767-3: Python vulnerability:
- CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
- CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
- https://launchpad.net/bugs/1995197: Vulnerable to CVE 2022-37454 (SHA-3 buffer overflow)
USN-5921-1 USN-5921-1: rsync vulnerabilities:
- CVE-2022-29154: An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
-ii libpython3.6:amd64 3.6.9-1~18.04ubuntu1.9 amd64 Shared Python runtime library (version 3.6)
-ii libpython3.6-minimal:amd64 3.6.9-1~18.04ubuntu1.9 amd64 Minimal subset of the Python language (version 3.6)
-ii libpython3.6-stdlib:amd64 3.6.9-1~18.04ubuntu1.9 amd64 Interactive high-level object-oriented language (standard library, version 3.6)
+ii libpython3.6:amd64 3.6.9-1~18.04ubuntu1.10 amd64 Shared Python runtime library (version 3.6)
+ii libpython3.6-minimal:amd64 3.6.9-1~18.04ubuntu1.10 amd64 Minimal subset of the Python language (version 3.6)
+ii libpython3.6-stdlib:amd64 3.6.9-1~18.04ubuntu1.10 amd64 Interactive high-level object-oriented language (standard library, version 3.6)
-ii python3.6 3.6.9-1~18.04ubuntu1.9 amd64 Interactive high-level object-oriented language (version 3.6)
-ii python3.6-minimal 3.6.9-1~18.04ubuntu1.9 amd64 Minimal subset of the Python language (version 3.6)
+ii python3.6 3.6.9-1~18.04ubuntu1.10 amd64 Interactive high-level object-oriented language (version 3.6)
+ii python3.6-minimal 3.6.9-1~18.04ubuntu1.10 amd64 Minimal subset of the Python language (version 3.6)
-ii rsync 3.1.2-2.1ubuntu1.5 amd64 fast, versatile, remote (and local) file-copying tool
+ii rsync 3.1.2-2.1ubuntu1.6 amd64 fast, versatile, remote (and local) file-copying tool
-ii tcpdump 4.9.3-0ubuntu0.18.04.2 amd64 command-line network traffic analyzer
+ii tcpdump 4.9.3-0ubuntu0.18.04.3 amd64 command-line network traffic analyzer
-ii ubuntu-advantage-tools 27.13.5~18.04.1 amd64 management tools for Ubuntu Pro
+ii ubuntu-advantage-tools 27.13.6~18.04.1 amd64 management tools for Ubuntu Pro