Security Fixes 10.04.100
Firefox
- Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
- Fixes for mfsa2018-07, also known as CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
Base System
Added support for UEFI Secure Boot.
When booted with Secure Boot the downgrade to a firmware version older than 10.04.100 is locked.- When booted with Secure Boot the downgrade to a firmware version older than 10.04.100 is locked.
- Fixed evince security issue CVE-2017-1000159.
- Fixed bind9 security issue CVE-2017-3145.
- Fixed glibc security issues CVE-2018-1000001, CVE-2017-16997, CVE-2017-15804, CVE-2017-15670, CVE-2017-1000409 and CVE-2017-1000408.
- Fixed gdk-pixbuf security issues CVE-2017-6314, CVE-2017-6313, CVE-2017-6312 and CVE-2017-1000422.
- Fixed webkit2gtk security issues CVE-2017-7156, CVE-2017-5753, CVE-2017-5715, CVE-2017-13870, CVE-2017-13866, CVE-2017-13856, CVE-2018-4096, CVE-2018-4088, CVE-2017-7165, CVE-2017-7161, CVE-2017-7160, CVE-2017-7153, CVE-2017-13885 and CVE-2017-13884.
- Fixed poppler security issues CVE-2017-14976 and CVE-2017-1000456.
- Fixed openssl security issues CVE-2017-3738 and CVE-2017-3737.
- Fixed libxml2 security issues CVE-2017-16932 and CVE-2017-15412.
- Fixed nvidia-graphics-drivers-384 security issue CVE-2017-5753.
- Fixed openssh security issues CVE-2017-15906, CVE-2016-10012, CVE-2016-10011, CVE-2016-10010 and CVE-2016-10009.
- Fixed libtasn1-6 security issues CVE-2018-6003 and CVE-2017-10790.
- Fixed curl security issues CVE-2018-1000005 and CVE-2018-1000007.
- Fixed libvorbis security issues CVE-2017-14633 and CVE-2017-14632.
- Fixed wavpack security issue CVE-2016-10169.
- Fixed cups security issue CVE-2017-18190.
- Fixed sensible-utils security issue CVE-2017-17512.
- Removed terminal start function from task manager menu bar.
- Updated kernel to version 4.15.15
- Fixed Meltdown (CVE-2017-5754) by PTI (page table isolation)
- Fixed Spectre Variant 1 (CVE-2017-5753) by __user pointer sanitization
- Fixed Spectre Variant 2 (CVE-2017-5715) by full generic retpoline
- Fixed beep security issue CVE-2018-0492.
Added Intel Processor Microcode Updates to provide IBRS/IBPB/STIBP microcode support for Spectre Variant 2 (CVE-2017-5715) mitigation.
Product Name
CPU ID
Platform ID
Microcode Revision
IGEL UD9-LX Touch 41, IGEL UD9-LX 40, IGEL UD6-LX 51, IGEL UD5-LX 50 Bay Trail
30678
0C
0x836
IGEL UD2-LX 40 Bay Trail
30679
0F
0x90A
IGEL UD5-LX 40 Sandy Bridge
206A7
12
0x2D
Network
Disabled weak message authentication codes for SSH server and client as default. If problems occur change the default setting.
Disabled weak key exchange algorithms for SSH server and client as default. If problems occur, change the default setting.
Disabled weak hostkeys (server) and hostkey algorithms (client) for SSH server and client as default. If problems occur, change the default setting.
- Changed SMB protocol version default v1.0 to v2.0 for mounting windows shares to improve security.
Added the possibility to change the SMB protocol version for windows shares. The windows shares are configurable at IGEL Setup > Network > Network Drives > Windows Drive.
RDP / IGEL RDP Client 2
- Fixed RDP: CVE-2018-0886.
Java
- Fixed in Oracle JRE 1.8U162 : CVE-2018-2638, CVE-2018-2639, CVE-2018-2633, CVE-2018-2627, CVE-2018-2637, CVE-2018-2634, CVE-2018-2582, CVE-2018-2641, CVE-2018-2618, CVE-2018-2629, CVE-2018-2603, CVE-2018-2657, CVE-2018-2599, CVE-2018-2581, CVE-2018-2602, CVE-2018-2677, CVE-2018-2678, CVE-2018-2588, CVE-2018-2663, CVE-2018-2675, CVE-2018-2579