Skip to content

@cf-buildpacks-eng cf-buildpacks-eng released this Feb 21, 2018 · 93 commits to master since this release

Notably, this release addresses:

USN-3577-1 Ubuntu Security Notice USN-3577-1:

  • CVE-2017-18190: A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).

USN-3569-1 Ubuntu Security Notice USN-3569-1:

  • CVE-2017-14632: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
  • CVE-2017-14633: In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
-ii  libcups2:amd64      1.7.2-0ubuntu1.8      amd64 Common UNIX Printing System(tm) - Core library
+ii  libcups2:amd64      1.7.2-0ubuntu1.9      amd64 Common UNIX Printing System(tm) - Core library
-ii  libpq-dev           9.3.20-0ubuntu0.14.04 amd64 header files for libpq5 (PostgreSQL library)
-ii  libpq5              9.3.20-0ubuntu0.14.04 amd64 PostgreSQL C client library
+ii  libpq-dev           9.3.21-0ubuntu0.14.04 amd64 header files for libpq5 (PostgreSQL library)
+ii  libpq5              9.3.21-0ubuntu0.14.04 amd64 PostgreSQL C client library
-ii  libudev1:amd64      204-5ubuntu20.25      amd64 libudev shared library
+ii  libudev1:amd64      204-5ubuntu20.26      amd64 libudev shared library
-ii  libvorbis0a:amd64   1.3.2-1.3ubuntu1      amd64 The Vorbis General Audio Compression Codec (Decoder library)
-ii  libvorbisenc2:amd64 1.3.2-1.3ubuntu1      amd64 The Vorbis General Audio Compression Codec (Encoder library)
+ii  libvorbis0a:amd64   1.3.2-1.3ubuntu1.1    amd64 The Vorbis General Audio Compression Codec (Decoder library)
+ii  libvorbisenc2:amd64 1.3.2-1.3ubuntu1.1    amd64 The Vorbis General Audio Compression Codec (Encoder library)
-ii  resolvconf          1.69ubuntu1.3         all   name server information handler
+ii  resolvconf          1.69ubuntu1.4         all   name server information handler
-ii  udev                204-5ubuntu20.25      amd64 /dev/ and hotplug management daemon
+ii  udev                204-5ubuntu20.26      amd64 /dev/ and hotplug management daemon
Assets 3
You can’t perform that action at this time.