[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dragora-bug] Dragora 2.2 updates #005
From: |
Matias A. Fonzo |
Subject: |
[Dragora-bug] Dragora 2.2 updates #005 |
Date: |
Mon, 23 Jun 2014 21:47:21 -0300 |
User-agent: |
SquirrelMail/1.5.2 [SVN] |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Dragora team is happy in announcing the first series of security
updates (#005) after a lethargy (Hoping that these updates fill that
empty space :-). Security issues involving the following packages are:
tzdatabase
glibc
kernel
We recommend that you upgrade your packages as soon as possible.
Details
- -------
Mostly the update is for linux-libre version 3.2.60, which includes
security fixes for CVE-2014-3153, CVE-2014-1739, and CVE-2014-0196
(resolved in 3.2.59) among with other bug-fixes. This require the
rebuild of the glibc package. tzdatabase is the latest update for
the time zones (see the Notes below). For more information about the
CVEs, visit:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
Obtain the packages from
* 32 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/glibc-2.13_20110720-i486-12.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-firmware-3.2.60-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-gen-3.2.60-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-headers-3.2.60-x86-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-modules-gen-3.2.60-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/tzdatabase-2014e-i486-1.tlz
* 64 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/glibc-2.13_20110720-x86_64-12.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-firmware-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-smp64-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-headers-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-modules-smp64-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/tzdatabase-2014e-x86_64-1.tlz
Checksums (SHA1)
- ----------------
eb081650590fa9ee27d9d55b27d57103efcff714 glibc-2.13_20110720-i486-12.tlz
74e3bae78fbff78e90272eabfacac03ce0acf3a1 kernel-firmware-3.2.60-i486-1.tlz
e50b729b1e7a41fe4a2ad7284815bd5b7aacf6e8 kernel-gen-3.2.60-i486-1.tlz
a720fe5e2e07258cf83c63ff1cb5e6054af54593 kernel-headers-3.2.60-x86-1.tlz
9b28c5366943d8d8d83f1f5e565246146893dabd
kernel-modules-gen-3.2.60-i486-1.tlz
43562a5cc5dc772f9d5535159938eb9000b89827 tzdatabase-2014e-i486-1.tlz
1590afc7fdcf067a2292af6a51cc7dd0c35d2916 glibc-2.13_20110720-x86_64-12.tlz
bec337c1a1a2ebeb6e7cd8254ccf6ebb98e672b9 kernel-firmware-3.2.60-x86_64-1.tlz
1bb1065679c27a316e443234ebee7b79f61b0a8d kernel-smp64-3.2.60-x86_64-1.tlz
f2d0aa7cfb06b9740fb0f53052e1ad257c012372 kernel-headers-3.2.60-x86_64-1.tlz
336a69b0c34b01ade09f32b4aa3a8089ba5ae39f
kernel-modules-smp64-3.2.60-x86_64-1.tlz
f75bca33ed13156a8f4434cfef2b24e8e054f26d tzdatabase-2014e-x86_64-1.tlz
If you need the detached GPG signatures[1] just append .sig to the URLs
above.
Upgrading
- ---------
To upgrade a package you issue the following command:
pkg upgrade <package.tlz>
To upgrade multiple packages, simply type:
pkg upgrade kernel-firmware-3.2.60-i486-1.tlz
tzdatabase-2014e-i486-1.tlz ...
Notes
=====
If you are going to update the kernel and you are using LILO as your main
boot loader, *remember to re-run the LILO command*, this can be done typing:
# lilo
To update glibc (the C library), it's safe to follow these steps:
# runsvchdir single
# pkg upgrade <glibc.tlz>
# ldconfig
(This will help to avoid any possible thread issue)
If the package tzdatabase has been upgraded, write `tzconfig' selecting
your timezone, this is to update the zoneinfo file (/etc/localtime).
Footnotes:
[1] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify tzdatabase-2014e-i486-1.tlz.sig
If that command fails because you don't have the required public key,
then run these commands to import it:
wget http://gungre.ch/dragora/mirror/dragora-2.2/KEY
gpg --import KEY
and re-run the `gpg --verify' sequence.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTqMlwAAoJEKpCZu9BMdKolgIIALhkEG7AmfJ55Or963uWn6kD
YuEvXnDZjgFwIyxV7IjBkhiR464QnPtNmGJPqeMoOSV/5vSytKV8Wbmdrylty3CA
9Oe9w1D+gtCi8/xGKjPPWIEpiqAtoROc70cFg2nabXBl2YxbojRo5P7HrBpTUYo8
j4RfEr5+WzB1ueSGs0arRyzAExQlaTjRaYmvLvmkq38zF1XnPjjVlTcX+k9x/bPg
9o3HFcQkyk0uBa6ePWSFWlqxardVlsstdrqM9ewlo114aThmHWrIGTsvM453Z4rv
Szn9zTKjEvD17EuGlMJddZ6v52H7XwE4Vx8pTojRBRnNlFARiDWSESwu1z6r82M=
=A9Gg
-----END PGP SIGNATURE-----
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dragora-bug] Dragora 2.2 updates #005,
Matias A. Fonzo <=