Excerpt from 'README':
"ClamAV 0.99.3 is a hotfix release to patch a set of vulnerabilities.
- fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,
CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
- also included are 2 minor fixes to properly detect openssl install
locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1#
version numbers."
For details see:
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit d404b1dba2.
Intel has pulled these microcode updates because of
random system reboots and systems becoming unstable.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The removed patches are included in this version so there is no need
that we apply them.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This didn't build and run in ages and has been removed from
the repositories quite a while ago.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package was discontinued upstream and seems to be
a bit more lively again. However, nobody of the team
wants to maintain cacti. Therefore this is being dropped
for now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is EOL upstream for over ten years now and therefore
we cannot continue to support this either.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Make syslogctrl.c use TCP as remote logging file if specified so.
Thanks to Michael for reviewing this.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This would become a security risk if anyone gets
shell access as any user to copy out the HTTPS keys.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Validate GPG keys by fingerprint and not by 8-bit key-ID.
This makes exploiting bug #11539 harder, but not impossible
and does not affect existing installations.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
CVE-2017-13087, CVE-2017-13088
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Generate ECDSA key (and sign it) in case it does not exist. That way,
httpscert can be ran on existing installations without breaking already
generated (RSA) keys.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is not necessary to stop any clients from accessing the
Internet, but if we know that we don't need a line for certain
any more, we can as well remove the firewall rule straight away.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
