Difference between revisions of "Security Updates"

Latest revision as of 08:53, 5 April 2024

QuantaStor ISO images uses Ubuntu Server LTS Linux distributions as an OS basis but RHEL based installation options with RHEL/RockyLinux/AlmaLinux are available for specialized environments. QuantaStor has monthly updates to include security patches to the underlying operating system to ensure the security and stability of the system.

The QuantaStor Security Notice (QSN) server processes published Linux CVE and indicates which ones affect packages used by QuantaStor. OSNexus recommends running an upgrade via the 'Upgrade Manager' on a monthly or quarterly basis to keep current with the latest security patches which address the issues noted in QSNs.

QuantaStor Security Notifications

On this page we maintain a summary of all the product changes made to QuantaStor which are security related and we post specific notices about Linux security issues that effect packages distributed with QuantaStor such as the openssl libraries.

For details on the all the latest security notifications for the Ubuntu LTS release used by QuantaStor please see (https://services.osnexus.com/security).

We recommend that system administrators perform periodic auditing of their systems and install any and all security updates by using the QuantaStor 'Upgrade Manager' via the QuantaStor web management interface or script this using the QuantaStor CLI or API. This will automatically apply the latest updates and security updates. Our package servers are updated with the latest security updates at least once per month as part of standard maintenance updates. To see more detail on when the most recent product update was published please see our product change log.

Difference between revisions of "Security Updates"

Latest revision as of 08:53, 5 April 2024

QuantaStor Security Notifications

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Solution Design Guide

Installation Guide

Getting Started

Administrator Guide

User Guide

Developer (REST API) Guide

Command Line Interface (CLI) Guide

Integration Guide

Web Management (WUI) Guide

Support Guide

IBM Cloud Deployment Guide

Links

Tools

@@ Line 1: / Line 1: @@
-QuantaStor uses the Ubuntu Server LTS linux distributions as a Linux OS basis.  QuantaStor also utilizes the security patches packaged by Canonical to address the needs of customers to patch various parts of the operating system to ensure security and stability of the system.
+[[Category:support_guide]]
+QuantaStor ISO images uses Ubuntu Server LTS Linux distributions as an OS basis but RHEL based installation options with RHEL/RockyLinux/AlmaLinux are available for specialized environments.  QuantaStor has monthly updates to include security patches to the underlying operating system to ensure the security and stability of the system.
-== QuantaStor 3.x Security Notifications ==
+The [https://services.osnexus.com/security QuantaStor Security Notice (QSN) server] processes published Linux CVE and indicates which ones affect packages used by QuantaStor.  OSNexus recommends running an upgrade via the 'Upgrade Manager' on a monthly or quarterly basis to keep current with the latest security patches which address the issues noted in QSNs.
+== QuantaStor Security Notifications ==
 On this page we maintain a summary of all the product changes made to QuantaStor which are security related and we post specific notices about Linux security issues that effect packages distributed with QuantaStor such as the openssl libraries.
-For details on the all the latest security notifications for the Ubuntu LTS release used by QuantaStor please see (http://www.ubuntu.com/usn/precise/).  We recommend that appliance administrators perform periodic auditing of their systems and install any and all security updates. It is highly recommended that systems are updated to the latest patched before being initially deployed.  To apply the latest updates including security updates you should login to the system as the administrator 'qadmin' account and run the following commands:
+For details on the all the latest security notifications for the Ubuntu LTS release used by QuantaStor please see (https://services.osnexus.com/security).
-<pre>
-sudo apt-get update
-sudo apt-get upgrade
-</pre>
-== Linux Base OS Security Fixes / Notifications ==
-{| class="wikitable"
-|-
-! scope="col"| Date
-! scope="col" style="width: 200px;"| Vulnerability
-! scope="col" style="width: 100px;"| USN
-! scope="col"| References
-|-
-|05/21/2015
-|FUSE vulnerability
-|[http://www.ubuntu.com/usn/USN-2617-1/ USN-2617-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3202.html CVE-2015-3202]
-|-
-|05/12/2015
-|OpenSSL update
-|[http://www.ubuntu.com/usn/USN-2606-1/ USN-2606-1]
-|[https://launchpad.net/bugs/1442970 LP: 1442970]
-|-
-|05/11/2015
-|Libtasn1 vulnerability
-|[http://www.ubuntu.com/usn/USN-2604-1/ USN-2604-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3622.html CVE-2015-3622]
-|-
-|05/05/2015
-|ppp vulnerability
-|[http://www.ubuntu.com/usn/USN-2595-1/ USN-2595-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3310.html CVE-2015-3310]
-|-
-|04/30/2015
-|curl vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2591-1/ USN-2591-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3143.html CVE-2015-3143] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3148.html CVE-2015-3148] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3153.html CVE-2015-3153]
-|-
-|04/27/2015
-|tcpdump vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2580-1/ USN-2580-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0261.html CVE-2015-0261] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2155.html CVE-2015-2155]
-|-
-|04/21/2015
-|OpenJDK 6 vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2573-1/ USN-2573-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0488.html CVE-2015-0488] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0460.html CVE-2015-0460] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0478.html CVE-2015-0478] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0480.html CVE-2015-0480]
-|-
-|04/13/2015
-|libx11, libxrender vulnerability
-|[http://www.ubuntu.com/usn/USN-2568-1/ USN-2568-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7439.html CVE-2013-7439]
-|-
-|04/08/2015
-|Libtasn1 vulnerability
-|[http://www.ubuntu.com/usn/USN-2559-1/ USN-2559-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2806.html CVE-2015-2806]
-|-
-|04/01/2015
-|Libgcrypt vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2555-1/ USN-2555-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3591.html CVE-2014-3591] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0837.html CVE-2015-0837]
-|-
-|04/01/2015
-|GnuPG vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2554-1/ USN-2554-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1606.html CVE-2015-1606] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3591.html CVE-2014-3591] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1607.html CVE-2015-1607]
-|-
-|03/23/2015
-|GnuTLS vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2540-1/ USN-2540-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8155.html CVE-2014-8155] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0294.html CVE-2015-0294]
-|-
-|03/19/2015
-|OpenSSL vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2537-1/ USN-2537-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0209.html CVE-2015-0209] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0289.html CVE-2015-0289] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0293.html CVE-2015-0293] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0288.html CVE-2015-0288]
-|-
-|03/16/2015
-|Sudo vulnerability
-|[http://www.ubuntu.com/usn/USN-2533-1/ USN-2533-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9680.html CVE-2014-9680]
-|-
-|02/26/2015
-|GNU C Library vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2519-1/ USN-2519-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7423.html CVE-2013-7423] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1473.html CVE-2015-1473]
-|-
-|02/24/2015
-|FreeType vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2510-1/ USN-2510-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9656.html CVE-2014-9656] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9663.html CVE-2014-9663] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9660.html CVE-2014-9660] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9667.html CVE-2014-9667] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9664.html CVE-2014-9664] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9668.html CVE-2014-9668] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9659.html CVE-2014-9659] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9675.html CVE-2014-9675] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9671.html CVE-2014-9671] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9672.html CVE-2014-9672]
-|-
-|02/23/2015
-|ca-certificates update
-|[http://www.ubuntu.com/usn/USN-2509-1/ USN-2509-1]
-|[https://launchpad.net/bugs/1423904 LP: 1423904]
-|-
-|02/23/2015
-|Samba vulnerability
-|[http://www.ubuntu.com/usn/USN-2508-1/ USN-2508-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0240.html CVE-2015-0240]
-|-
-|02/23/2015
-|e2fsprogs vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2507-1/ USN-2507-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0247.html CVE-2015-0247] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1572.html CVE-2015-1572]
-|-
-|02/19/2015
-|NSS update
-|[http://www.ubuntu.com/usn/USN-2504-1/ USN-2504-1]
-|[https://launchpad.net/bugs/1423031 LP: 1423031]
-|-
-|02/17/2015
-|unzip vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2502-1/ USN-2502-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1315.html CVE-2015-1315]
-|-
-|02/10/2015
-|Kerberos vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2498-1/ USN-2498-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5351.html CVE-2014-5351] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9421.html CVE-2014-9421] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9423.html CVE-2014-9423] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5354.html CVE-2014-5354]
-|-
-|02/04/2015
-|file vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2494-1/ USN-2494-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3710.html CVE-2014-3710] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8117.html CVE-2014-8117]
-|-
-|01/27/2015
-|OpenJDK 6 vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2486-1/ USN-2486-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html CVE-2014-3566] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0410.html CVE-2015-0410] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0395.html CVE-2015-0395] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0400.html CVE-2015-0400] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6591.html CVE-2014-6591] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6593.html CVE-2014-6593] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0412.html CVE-2015-0412]
-|-
-|01/27/2015
-|GNU C Library vulnerability
-|[http://www.ubuntu.com/usn/USN-2485-1/ USN-2485-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0235.html CVE-2015-0235]
-|-
-|01/22/2015
-|elfutils vulnerability
-|[http://www.ubuntu.com/usn/USN-2482-1/ USN-2482-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9447.html CVE-2014-9447]
-|-
-|01/19/2015
-|libevent vulnerability
-|[http://www.ubuntu.com/usn/USN-2477-1/ USN-2477-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6272.html CVE-2014-6272]
-|-
-|01/15/2015
-|curl vulnerability
-|[http://www.ubuntu.com/usn/USN-2474-1/ USN-2474-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8150.html CVE-2014-8150]
-|-
-|01/14/2015
-|coreutils vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2473-1/ USN-2473-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9471.html CVE-2014-9471] [http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4135.html CVE-2009-4135]
-|-
-|01/14/2015
-|unzip vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2472-1/ USN-2472-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8141.html CVE-2014-8141] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8139.html CVE-2014-8139]
-|-
-|01/13/2015
-|Git vulnerability
-|[http://www.ubuntu.com/usn/USN-2470-1/ USN-2470-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9390.html CVE-2014-9390]
-|-
-|01/12/2015
-|OpenSSL vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2459-1/ USN-2459-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3570.html CVE-2014-3570] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0204.html CVE-2015-0204] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8275.html CVE-2014-8275] [http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0206.html CVE-2015-0206]
-|-
-|01/08/2015
-|GNU cpio vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2456-1/ USN-2456-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-0624.html CVE-2010-0624] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9112.html CVE-2014-9112]
-|-
-|01/07/2015
-|mime-support vulnerability
-|[http://www.ubuntu.com/usn/USN-2453-1/ USN-2453-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7209.html CVE-2014-7209]
-|-
-|01/07/2015
-|NSS vulnerability
-|[http://www.ubuntu.com/usn/USN-2452-1/ USN-2452-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1569.html CVE-2014-1569]
-|-
-|12/04/2014
-|tcpdump vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2433-1/ USN-2433-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8767.html CVE-2014-8767] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9140.html CVE-2014-9140]
-|-
-|12/03/2014
-|GNU C Library vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2432-1/ USN-2432-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7817.html CVE-2014-7817] [http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6656.html CVE-2012-6656]
-|-
-|12/01/2014
-|ppp vulnerability
-|[http://www.ubuntu.com/usn/USN-2429-1/ USN-2429-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3158.html CVE-2014-3158]
-|-
-|11/27/2014
-|DBus vulnerability
-|[http://www.ubuntu.com/usn/USN-2425-1/ USN-2425-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7824.html CVE-2014-7824]
-|-
-|11/10/2014
-|curl vulnerability
-|[http://www.ubuntu.com/usn/USN-2399-1/ USN-2399-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3707.html CVE-2014-3707]
-|-
-|10/30/2014
-|Wget vulnerability
-|[http://www.ubuntu.com/usn/USN-2393-1/ USN-2393-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4877.html CVE-2014-4877]
-|-
-|10/27/2014
-|libxml2 vulnerability
-|[http://www.ubuntu.com/usn/USN-2389-1/ USN-2389-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3660.html CVE-2014-3660]
-|-
-|10/16/2014
-|OpenJDK 6 vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2386-1/ USN-2386-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6457.html CVE-2014-6457] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6506.html CVE-2014-6506] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6531, CVE-2014-6558, https://launchpad.net/bugs/1382205.html CVE-2014-6531, CVE-2014-6558, https://launchpad.net/bugs/1382205] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6519.html CVE-2014-6519] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6511.html CVE-2014-6511]
-|-
-|10/16/2014
-|OpenSSL vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2385-1/ USN-2385-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3513.html CVE-2014-3513] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3567.html CVE-2014-3567]
-|-
-|10/09/2014
-|Rsyslog vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2381-1/ USN-2381-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3683.html CVE-2014-3683] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3634.html CVE-2014-3634]
-|-
-|10/09/2014
-|Bash vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2380-1/ USN-2380-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6277.html CVE-2014-6277] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6278.html CVE-2014-6278]
-|-
-|10/08/2014
-|APT vulnerability
-|[http://www.ubuntu.com/usn/USN-2370-1/ USN-2370-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7206.html CVE-2014-7206]
-|-
-|10/02/2014
-|file vulnerability
-|[http://www.ubuntu.com/usn/USN-2369-1/ USN-2369-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3587.html CVE-2014-3587]
-|-
-|10/02/2014
-|OpenSSL update
-|[http://www.ubuntu.com/usn/USN-2367-1/ USN-2367-1]
-|[https://launchpad.net/bugs/1376447 LP: 1376447]
-|-
-|09/27/2014
-|Bash vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2364-1/ USN-2364-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7186.html CVE-2014-7186] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7187.html CVE-2014-7187]
-|-
-|09/25/2014
-|Bash vulnerability
-|[http://www.ubuntu.com/usn/USN-2363-1/ USN-2363-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html CVE-2014-7169]
-|-
-|09/24/2014
-|NSS vulnerability
-|[http://www.ubuntu.com/usn/USN-2361-1/ USN-2361-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1568.html CVE-2014-1568]
-|-
-|09/24/2014
-|Bash vulnerability
-|[http://www.ubuntu.com/usn/USN-2362-1/ USN-2362-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6271.html CVE-2014-6271]
-|-
-|09/23/2014
-|APT vulnerability
-|[http://www.ubuntu.com/usn/USN-2353-1/ USN-2353-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6273.html CVE-2014-6273]
-|-
-|09/22/2014
-|DBus vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2352-1/ USN-2352-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3638.html CVE-2014-3638] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3639.html CVE-2014-3639] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3635.html CVE-2014-3635]
-|-
-|09/22/2014
-|NSS update
-|[http://www.ubuntu.com/usn/USN-2350-1/ USN-2350-1]
-|[https://launchpad.net/bugs/1372410 LP: 1372410]
-|-
-|09/16/2014
-|APT vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2348-1/ USN-2348-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0490.html CVE-2014-0490] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0487.html CVE-2014-0487]
-|-
-|09/15/2014
-|curl vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2346-1/ USN-2346-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3620.html CVE-2014-3620] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3613.html CVE-2014-3613]
-|-
-|09/09/2014
-|NSS vulnerability
-|[http://www.ubuntu.com/usn/USN-2343-1/ USN-2343-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1544.html CVE-2014-1544]
-|-
-|09/03/2014
-|Libgcrypt vulnerability
-|[http://www.ubuntu.com/usn/USN-2339-2/ USN-2339-2]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5270.html CVE-2014-5270]
-|-
-|09/03/2014
-|GnuPG vulnerability
-|[http://www.ubuntu.com/usn/USN-2339-1/ USN-2339-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5270.html CVE-2014-5270]
-|-
-|08/28/2014
-|GNU C Library vulnerability
-|[http://www.ubuntu.com/usn/USN-2328-1/ USN-2328-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5119.html CVE-2014-5119]
-|-
-|08/12/2014
-|OpenJDK 6 vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2312-1/ USN-2312-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4262.html CVE-2014-4262] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4263.html CVE-2014-4263] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4268.html CVE-2014-4268] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2490.html CVE-2014-2490] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4219.html CVE-2014-4219] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4218.html CVE-2014-4218]
-|-
-|08/11/2014
-|Kerberos vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2310-1/ USN-2310-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1016.html CVE-2012-1016] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4343.html CVE-2014-4343] [http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1418.html CVE-2013-1418] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4345.html CVE-2014-4345] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4344.html CVE-2014-4344] [http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-6800.html CVE-2013-6800]
-|-
-|08/07/2014
-|OpenSSL vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2308-1/ USN-2308-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3505.html CVE-2014-3505] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3512.html CVE-2014-3512] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3508.html CVE-2014-3508] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3509.html CVE-2014-3509] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5139.html CVE-2014-5139]
-|-
-|08/04/2014
-|GNU C Library vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2306-1/ USN-2306-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4357.html CVE-2013-4357] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4043.html CVE-2014-4043]
-|-
-|07/22/2014
-|Libtasn1 vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2294-1/ USN-2294-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3467.html CVE-2014-3467] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3469.html CVE-2014-3469]
-|-
-|07/15/2014
-|file vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2278-1/ USN-2278-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3538.html CVE-2014-3538] [http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7345.html CVE-2013-7345] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3480.html CVE-2014-3480] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3479.html CVE-2014-3479]
-|-
-|07/08/2014
-|DBus vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2275-1/ USN-2275-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3533.html CVE-2014-3533] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3477.html CVE-2014-3477]
-|-
-|07/02/2014
-|NSPR vulnerability
-|[http://www.ubuntu.com/usn/USN-2265-1/ USN-2265-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1545.html CVE-2014-1545]
-|-
-|06/26/2014
-|GnuPG vulnerability
-|[http://www.ubuntu.com/usn/USN-2258-1/ USN-2258-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4617.html CVE-2014-4617]
-|-
-|06/26/2014
-|Samba vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2257-1/ USN-2257-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0178.html CVE-2014-0178] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3493.html CVE-2014-3493]
-|-
-|06/23/2014
-|OpenSSL regression
-|[http://www.ubuntu.com/usn/USN-2232-3/ USN-2232-3]
-|[https://launchpad.net/bugs/1332643 LP: 1332643]
-|-
-|06/17/2014
-|APT vulnerability
-|[http://www.ubuntu.com/usn/USN-2246-1/ USN-2246-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0478.html CVE-2014-0478]
-|-
-|06/17/2014
-|libxml2 regression
-|[http://www.ubuntu.com/usn/USN-2214-3/ USN-2214-3]
-|[https://launchpad.net/bugs/1321869 LP: 1321869]
-|-
-|06/12/2014
-|OpenSSL regression
-|[http://www.ubuntu.com/usn/USN-2232-2/ USN-2232-2]
-|[https://launchpad.net/bugs/1329297 LP: 1329297]
-|-
-|06/09/2014
-|libxml2 regression
-|[http://www.ubuntu.com/usn/USN-2214-2/ USN-2214-2]
-|[https://launchpad.net/bugs/1321869 LP: 1321869]
-|-
-|06/05/2014
-|OpenSSL vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2232-1/ USN-2232-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3470.html CVE-2014-3470] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0195.html CVE-2014-0195]
-|-
-|06/02/2014
-|GnuTLS vulnerability
-|[http://www.ubuntu.com/usn/USN-2229-1/ USN-2229-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3466.html CVE-2014-3466]
-|-
-|05/15/2014
-|libxml2 vulnerability
-|[http://www.ubuntu.com/usn/USN-2214-1/ USN-2214-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0191.html CVE-2014-0191]
-|-
-|05/05/2014
-|OpenSSL vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2192-1/ USN-2192-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0198.html CVE-2014-0198] [http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-5298.html CVE-2010-5298]
-|-
-|05/01/2014
-|OpenJDK 6 vulnerabilities
-|[http://www.ubuntu.com/usn/USN-2191-1/ USN-2191-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1876.html CVE-2014-1876] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2427.html CVE-2014-2427] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2421.html CVE-2014-2421] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2403.html CVE-2014-2403] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0429.html CVE-2014-0429] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2405.html CVE-2014-2405] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0453.html CVE-2014-0453] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0452.html CVE-2014-0452] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0462.html CVE-2014-0462] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2423.html CVE-2014-2423] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0459.html CVE-2014-0459] [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0458.html CVE-2014-0458]
-|-
-|05/05/2014
-|OpenSSL Security Updates and fix for Heartbleed and POODLE
-|[http://www.ubuntu.com/usn/USN-2165-1/ USN-2165-1][http://www.ubuntu.com/usn/USN-2367-1/ USN-2367-1][http://www.ubuntu.com/usn/USN-2367-1/ USN-2367-1]
-|[http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0076.html CVE-2014-0076][http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html CVE-2014-0160][http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html CVE-2014-3566][http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3513.html CVE-2014-3513][http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3568.html CVE-2014-3568][http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3567.html CVE-2014-3567]
-<pre>
-sudo apt-get update
-sudo apt-get install openssl libssl1.0.0
-</pre>
-|}
-=== Bash Security Updates 'SHELLSHOCK' CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 ===
-Ubuntu Security update notifications:
-http://www.ubuntu.com/usn/usn-2362-1/
-http://www.ubuntu.com/usn/usn-2363-2/
-http://www.ubuntu.com/usn/usn-2364-1/
-You can upgrade your Bash release to the latest which includes the security fixes for bash with the below console commands as the 'qadmin' administrative user:
-<pre>
-sudo apt-get update
-sudo apt-get install bash
-</pre>
-== Core Product Security Updates ==
-=== QuantaStor 3.15.1 (May 28th 2015) ===
-* adds [http://wiki.osnexus.com/index.php?title=Firewall_Configuration firewall support] for disabling access to unused storage services
-* fix to support creation of roles with no permissions
-=== QuantaStor 3.15.0 (May 1st 2015) ===
-* adds support for customizing the pem files for all services (core qs_service, REST service, and Tomcat)
-* adds support for customizing the SSL ciphers, applies strong cipher limits automatically
-* adds SSL cert generation script which deposits custom certs into /var/opt/osnexus/quantastor/ssl which are automatically picked up by REST and core services
-* adds script command to upgrade from Java 6 to Java 7 (qs-util java7upgrade), which allows browsers to connect via https using stronger ciphers / TLS 1.2
-* fix to disable all use of SSLv3 across all internal services (Core service, Tomcat, REST API service) in favor of TLS for improved security / HIPAA compliance
-* fix to allow removal of duplicate 'admin' users
-* fix to remove duplicate user entries in Samba config when user assigned as 'Admin' on a share
-* fix to password length enforcement (8-34 char)
-=== QuantaStor 3.12.2 (July 22nd 2014) ===
-* fix to set password error message to show 8 to 40 characters required
-* fix to update user password changes to all grid nodes
-=== QuantaStor 3.12.0 (June 27th 2014) ===
-* adds new https keystore for web management interface (be sure to clear your browser cache)
-* adds secure mode 'qs-util disablehttp' to enable/disable http access (port 80) to force admins to use https for web management
-* fix to core service to allow for changing openssl pem files
-=== QuantaStor 3.9.3 (March 7th 2014) ===
+We recommend that system administrators perform periodic auditing of their systems and install any and all security updates by using the QuantaStor 'Upgrade Manager' via the QuantaStor web management interface or script this using the QuantaStor CLI or API.
-* fix to AD domain leave operation to remove AD computer entry
+This will automatically apply the latest updates and security updates.  Our package servers are updated with the latest security updates at least once per month as part of standard maintenance updates.  To see more detail on when the most recent product update was published please see our [https://wiki.osnexus.com/index.php?title=QuantaStor_Version_ChangeLog product change log].