1.50.0

This release contains no changes and is the same as release 1.49.0

1.49.0

Notably, this release addresses USN-2943-1: PCRE vulnerabilities Ubuntu Security Notice USN-2943-1:

• CVE-2014-9769: pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open rule set.
• CVE-2015-2325: heap buffer overflow in compile_branch()
• CVE-2015-2326: heap buffer overflow in pcre_compile2()
• CVE-2015-2327: PCRE before 8.36 mishandles the /(((a\2)|(a_)\g<-1>))_/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-2328: PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror.
• CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex()
• CVE-2015-5073: Heap Overflow Vulnerability in find_fixedlength()
• CVE-2015-8380: The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a //pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror.
• CVE-2015-8381: The compile_regex function in pcre_compile.c in PCRE before 8.38 andpcre2_compile.c in PCRE2 before 10.2x mishandles the/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow)or possibly have unspecified other impact via a crafted regular expression,as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8382: The match function in pcre_exec.c in PCRE before 8.37 mishandles the/(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((_ACCEPT)))/pattern and related patterns involving (_ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.
• CVE-2015-8383: PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8384: PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue toCVE-2015-8392 and CVE-2015-8395.
• CVE-2015-8385: PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8386: PCRE before 8.38 mishandles the interaction of look behind assertions and mutually recursive sub patterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror.
• CVE-2015-8387: PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integeroverflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8388: PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8389: PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service(infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8390: PCRE before 8.38 mishandles the [: and \ substrings in character classes,which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8391: The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8392: PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 andCVE-2015-8395.
• CVE-2015-8393: pcre grep in PCRE before 8.38 mishandles the -q option for binary files,which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
• CVE-2015-8394: PCRE before 8.38 mishandles the (?() and (?(R) conditions,which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2015-8395: PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScriptRegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
• CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the/((?:F?+(?:^(?(R)a+"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'){97)?J)?J)(?'R'(?'R'){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
• CVE-2016-3191: The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 andpcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an(*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service(stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, akaZDI-CAN-3542.

1.48.0

Notably, this release addresses an issue where applications staged with stacks 1.45 or lower will fail to restart due to references to the mysql library. All applications pushed using stacks 1.48.0 or later will link against libmariadb, as expected.

Additionally, this release addresses USN-2939-1: LibTIFF vulnerabilities Ubuntu Security Notice USN-2939-1:

• CVE-2015-8665: Out-of-bounds Read
• CVE-2015-8683: out-of-bounds read in CIE Lab image format
• CVE-2015-8781: tif_luv.c in libtiff allows attackers to cause a denial of service(out-of-bounds write) via an invalid number of samples per pixel in a LogLcompressed TIFF image, a different vulnerability than CVE-2015-8782.
• CVE-2015-8782: tif_luv.c in libtiff allows attackers to cause a denial of service(out-of-bounds writes) via a crafted TIFF image, a different vulnerabilitythan CVE-2015-8781.
• CVE-2015-8783: tif_luv.c in libtiff allows attackers to cause a denial of service(out-of-bounds reads) via a crafted TIFF image.
• CVE-2015-8784: potential out-of-bound write in NeXTDecode()

1.47.0

This release includes a patch for USN-2938-1: Git vulnerabilities Ubuntu Security Notice USN-2938-1:

• CVE-2016-2315: Denial of service or possibly remote code execution via crafted git repo
• CVE-2016-2324: Denial of service or possibly remote code execution via crafted git repo

1.46.0

This release only contains non-critical updates to the rootfs. See the receipt changes at this commit for more information.

1.45.0

This release includes two changes:

1. cflinuxfs2 has dropped support for libmysqlclient in favor of libmariadbd
2. This release addresses USN-2935-1: PAM vulnerabilities Ubuntu Security Notice USN-2935-1 and USN-2935-2: PAM regression Ubuntu Security Notice USN-2935-2:
   • CVE-2013-7041: The pam_userdb module for Pam uses a case-insensitive method to comparehashed passwords, which makes it easier for attackers to guess the passwordvia a brute force attack.
   • CVE-2014-2583: Multiple directory traversal vulnerabilities in pam_timestamp.c in thepam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users tocreate aribitrary files or possibly bypass authentication via a .. (dotdot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTYvalue to the check_tty funtion, which is used by the format_timestamp_namefunction.
   • CVE-2015-3238: The _unix_run_helper_binary function in the pam_unix module in Linux-PAM(aka pam) before 1.2.1, when unable to directly access passwords, allowslocal users to enumerate usernames or cause a denial of service (hang) viaa large password.

1.44.0

Notably, this release addresses USN-2927-1: graphite2 vulnerabilities Ubuntu Security Notice USN-2927-1:

• CVE-2016-1977: Graphite2 Machine::Code::decoder::analysis::set_ref stack out ofbounds bit set
• CVE-2016-2790: Use of uninitialised memory in [@graphite2::TtfUtil::GetTableInfo]
• CVE-2016-2791: graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::glyph]
• CVE-2016-2792: graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:232
• CVE-2016-2793: graphite2: heap-buffer-overflow read in CachedCmap.cpp
• CVE-2016-2794: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12NextCodepoint]
• CVE-2016-2795: Use of uninitialised memory in [@graphite2::FileFace::get_table_fn]
• CVE-2016-2796: graphite2: heap-buffer-overflow write in [@graphite2::vm::Machine::Code::Code]
• CVE-2016-2797: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup]
• CVE-2016-2798: graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::Loader::Loader]
• CVE-2016-2799: graphite2: heap-buffer-overflow write in [@graphite2::Slot::setAttr]
• CVE-2016-2800: graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:234
• CVE-2016-2801: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup] TtfUtil.cpp:1126
• CVE-2016-2802: graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable4NextCodepoint]

1.43.0

Notably, this release addresses USN-2925-1: Bind vulnerabilities Ubuntu Security Notice USN-2925-1:

• CVE-2016-1285: named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allowsremote attackers to cause a denial of service (assertion failure and daemonexit) via a malformed packet to the rndc (aka control channel) interface,related to alist.c and sexpr.c.
• CVE-2016-1286: named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allowsremote attackers to cause a denial of service (assertion failure and daemonexit) via a crafted signature record for a DNAME record, related to db.cand resolver.c.

1.42.0

Notably, this release upgrades the version of the packaged ruby from version 1.9.3 to version 2.2.4

1.41.0

Notably, this release addresses USN-2919-1: JasPer vulnerabilities Ubuntu Security Notice USN-2919-1:

• CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer1.900.1 and earlier allows remote attackers to cause a denial of service(crash) or possibly execute arbitrary code via a crafted ICC color profilein a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
• CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1and earlier allows remote attackers to cause a denial of service (memoryconsumption) via a crafted ICC color profile in a JPEG 2000 image file.

and USN-2918-1: pixman vulnerability Ubuntu Security Notice USN-2918-1:

• CVE-2014-9766: integer overflow in create_bits