Download PDF
Download page Security Fixes 10.04.100.
Security Fixes 10.04.100
Firefox
- Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
- Fixes for mfsa2018-07, also known as CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
Base System
Added support for UEFI Secure Boot.
When booted with Secure Boot the downgrade to a firmware version older than 10.04.100 is locked.- When booted with Secure Boot the downgrade to a firmware version older than 10.04.100 is locked.
- Fixed evince security issue CVE-2017-1000159.
- Fixed bind9 security issue CVE-2017-3145.
- Fixed glibc security issues CVE-2018-1000001, CVE-2017-16997, CVE-2017-15804, CVE-2017-15670, CVE-2017-1000409 and CVE-2017-1000408.
- Fixed gdk-pixbuf security issues CVE-2017-6314, CVE-2017-6313, CVE-2017-6312 and CVE-2017-1000422.
- Fixed webkit2gtk security issues CVE-2017-7156, CVE-2017-5753, CVE-2017-5715, CVE-2017-13870, CVE-2017-13866, CVE-2017-13856, CVE-2018-4096, CVE-2018-4088, CVE-2017-7165, CVE-2017-7161, CVE-2017-7160, CVE-2017-7153, CVE-2017-13885 and CVE-2017-13884.
- Fixed poppler security issues CVE-2017-14976 and CVE-2017-1000456.
- Fixed openssl security issues CVE-2017-3738 and CVE-2017-3737.
- Fixed libxml2 security issues CVE-2017-16932 and CVE-2017-15412.
- Fixed nvidia-graphics-drivers-384 security issue CVE-2017-5753.
- Fixed openssh security issues CVE-2017-15906, CVE-2016-10012, CVE-2016-10011, CVE-2016-10010 and CVE-2016-10009.
- Fixed libtasn1-6 security issues CVE-2018-6003 and CVE-2017-10790.
- Fixed curl security issues CVE-2018-1000005 and CVE-2018-1000007.
- Fixed libvorbis security issues CVE-2017-14633 and CVE-2017-14632.
- Fixed wavpack security issue CVE-2016-10169.
- Fixed cups security issue CVE-2017-18190.
- Fixed sensible-utils security issue CVE-2017-17512.
- Removed terminal start function from task manager menu bar.
- Updated kernel to version 4.15.15
- Fixed Meltdown (CVE-2017-5754) by PTI (page table isolation)
- Fixed Spectre Variant 1 (CVE-2017-5753) by __user pointer sanitization
- Fixed Spectre Variant 2 (CVE-2017-5715) by full generic retpoline
- Fixed beep security issue CVE-2018-0492.
Added Intel Processor Microcode Updates to provide IBRS/IBPB/STIBP microcode support for Spectre Variant 2 (CVE-2017-5715) mitigation.
Product Name
CPU ID
Platform ID
Microcode Revision
IGEL UD9-LX Touch 41, IGEL UD9-LX 40, IGEL UD6-LX 51, IGEL UD5-LX 50 Bay Trail
30678
0C
0x836
IGEL UD2-LX 40 Bay Trail
30679
0F
0x90A
IGEL UD5-LX 40 Sandy Bridge
206A7
12
0x2D
Network
Disabled weak message authentication codes for SSH server and client as default. If problems occur change the default setting.
MoreParameter
Disable weak message authentication codes
Registry
network.ssh_client.disable_weak_macs
Value
enabled / disabled
Parameter
Disable weak message authentication codes
Registry
network.ssh_server.disable_weak_macs
Value
enabled / disabled
Disabled weak key exchange algorithms for SSH server and client as default. If problems occur, change the default setting.
MoreParameter
Disable weak key exchange algorithms
Registry
network.ssh_client.disable_weak_kexalgorithms
Value
enabled / disabled
Parameter
Disable weak key exchange algorithms
Registry
network.ssh_server.disable_weak_kexalgorithms
Value
enabled / disabled
Disabled weak hostkeys (server) and hostkey algorithms (client) for SSH server and client as default. If problems occur, change the default setting.
MoreParameter
Disable weak Hostkey algorithms
Registry
network.ssh_client.disable_weak_hostkey_algos
Value
enabled / disabled
Parameter
Disable weak Hostkeys
Registry
network.ssh_server.disable_weak_hostkeys
Value
enabled / disabled
- Changed SMB protocol version default v1.0 to v2.0 for mounting windows shares to improve security.
Added the possibility to change the SMB protocol version for windows shares. The windows shares are configurable at IGEL Setup > Network > Network Drives > Windows Drive.
MoreParameter
SMB protocol version
Registry
network.smbmount.smb_version
Range
1.0 / 2.0 / 2.1 / 3.0
When using a very old Windows file server, the change to version 1.0 is necessary.
RDP / IGEL RDP Client 2
- Fixed RDP: CVE-2018-0886.
Java
- Fixed in Oracle JRE 1.8U162 : CVE-2018-2638, CVE-2018-2639, CVE-2018-2633, CVE-2018-2627, CVE-2018-2637, CVE-2018-2634, CVE-2018-2582, CVE-2018-2641, CVE-2018-2618, CVE-2018-2629, CVE-2018-2603, CVE-2018-2657, CVE-2018-2599, CVE-2018-2581, CVE-2018-2602, CVE-2018-2677, CVE-2018-2678, CVE-2018-2588, CVE-2018-2663, CVE-2018-2675, CVE-2018-2579