[Dragora-bug] Dragora 2.2 updates #005

dragora-bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dragora-bug] Dragora 2.2 updates #005

From:	Matias A. Fonzo
Subject:	[Dragora-bug] Dragora 2.2 updates #005
Date:	Mon, 23 Jun 2014 21:47:21 -0300
User-agent:	SquirrelMail/1.5.2 [SVN]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  The Dragora team is happy in announcing the first series of security
updates (#005) after a lethargy (Hoping that these updates fill that
empty space :-). Security issues involving the following packages are:

  tzdatabase
  glibc
  kernel

We recommend that you upgrade your packages as soon as possible.

Details
- -------

  Mostly the update is for linux-libre version 3.2.60, which includes
security fixes for CVE-2014-3153, CVE-2014-1739, and CVE-2014-0196
(resolved in 3.2.59) among with other bug-fixes. This require the
rebuild of the glibc package. tzdatabase is the latest update for
the time zones (see the Notes below). For more information about the
CVEs, visit:

  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196

Obtain the packages from

* 32 bit *

http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/glibc-2.13_20110720-i486-12.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-firmware-3.2.60-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-gen-3.2.60-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-headers-3.2.60-x86-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/kernel-modules-gen-3.2.60-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/tzdatabase-2014e-i486-1.tlz

* 64 bit *

http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/glibc-2.13_20110720-x86_64-12.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-firmware-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-smp64-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-headers-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/kernel-modules-smp64-3.2.60-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/tzdatabase-2014e-x86_64-1.tlz

Checksums (SHA1)
- ----------------

eb081650590fa9ee27d9d55b27d57103efcff714  glibc-2.13_20110720-i486-12.tlz
74e3bae78fbff78e90272eabfacac03ce0acf3a1  kernel-firmware-3.2.60-i486-1.tlz
e50b729b1e7a41fe4a2ad7284815bd5b7aacf6e8  kernel-gen-3.2.60-i486-1.tlz
a720fe5e2e07258cf83c63ff1cb5e6054af54593  kernel-headers-3.2.60-x86-1.tlz
9b28c5366943d8d8d83f1f5e565246146893dabd 
kernel-modules-gen-3.2.60-i486-1.tlz
43562a5cc5dc772f9d5535159938eb9000b89827  tzdatabase-2014e-i486-1.tlz

1590afc7fdcf067a2292af6a51cc7dd0c35d2916  glibc-2.13_20110720-x86_64-12.tlz
bec337c1a1a2ebeb6e7cd8254ccf6ebb98e672b9  kernel-firmware-3.2.60-x86_64-1.tlz
1bb1065679c27a316e443234ebee7b79f61b0a8d  kernel-smp64-3.2.60-x86_64-1.tlz
f2d0aa7cfb06b9740fb0f53052e1ad257c012372  kernel-headers-3.2.60-x86_64-1.tlz
336a69b0c34b01ade09f32b4aa3a8089ba5ae39f 
kernel-modules-smp64-3.2.60-x86_64-1.tlz
f75bca33ed13156a8f4434cfef2b24e8e054f26d  tzdatabase-2014e-x86_64-1.tlz

If you need the detached GPG signatures[1] just append .sig to the URLs
above.

Upgrading
- ---------

To upgrade a package you issue the following command:
  pkg upgrade <package.tlz>

To upgrade multiple packages, simply type:
  pkg upgrade kernel-firmware-3.2.60-i486-1.tlz
tzdatabase-2014e-i486-1.tlz ...

Notes
=====

  If you are going to update the kernel and you are using LILO as your main
boot loader, *remember to re-run the LILO command*, this can be done typing:

  # lilo

To update glibc (the C library), it's safe to follow these steps:

  # runsvchdir single
  # pkg upgrade <glibc.tlz>
  # ldconfig

(This will help to avoid any possible thread issue)

  If the package tzdatabase has been upgraded, write `tzconfig' selecting
your timezone, this is to update the zoneinfo file (/etc/localtime).

Footnotes:

[1] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

  gpg --verify tzdatabase-2014e-i486-1.tlz.sig

If that command fails because you don't have the required public key,
then run these commands to import it:

  wget http://gungre.ch/dragora/mirror/dragora-2.2/KEY
  gpg --import KEY

and re-run the `gpg --verify' sequence.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJTqMlwAAoJEKpCZu9BMdKolgIIALhkEG7AmfJ55Or963uWn6kD
YuEvXnDZjgFwIyxV7IjBkhiR464QnPtNmGJPqeMoOSV/5vSytKV8Wbmdrylty3CA
9Oe9w1D+gtCi8/xGKjPPWIEpiqAtoROc70cFg2nabXBl2YxbojRo5P7HrBpTUYo8
j4RfEr5+WzB1ueSGs0arRyzAExQlaTjRaYmvLvmkq38zF1XnPjjVlTcX+k9x/bPg
9o3HFcQkyk0uBa6ePWSFWlqxardVlsstdrqM9ewlo114aThmHWrIGTsvM453Z4rv
Szn9zTKjEvD17EuGlMJddZ6v52H7XwE4Vx8pTojRBRnNlFARiDWSESwu1z6r82M=
=A9Gg
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Dragora-bug] Dragora 2.2 updates #005, Matias A. Fonzo <=

Prev by Date: Re: [Dragora-bug] Mirror request
Next by Date: [Dragora-bug] Dragora 2.2 updates #006
Previous by thread: [Dragora-bug] Mirror request
Next by thread: [Dragora-bug] Dragora 2.2 updates #006
Index(es):
- Date
- Thread