Software Update: SteamOS 2.151 Beta

SteamOS was designed by Valve as an operating system focused on playing games, of course in conjunction with the steam store. It can also play games stream from another Linux, macOS, or Windows system on the network. Valve has released a new update of SteamOS in the brewmaster beta branch with version number 2.151. The corresponding announcement looks like this:

SteamOS update 2.151 pushed to brewmaster beta

A lot of minor package updates with security fixes and updates from Debian 8.11. As usual, some of the referenced updated packages are only used for building and aren’t distributed as part of the SteamOS repository.

We have recently updated our build infrastructure and this update is intentionally kept small in order to test the waters before our upcoming kernel and graphics drivers update.

==== SteamOS build 151 2018-07-03 ====

• chrony – CVE-2016-1567
• gdk-pixbuf – CVE-2017-1000422, CVE-2017-2862, CVE-2015-8875, CVE-2015-7552, CVE-2015-4491, CVE-2015-7673, CVE-2015-7674, CVE-2015- 4491
• glibc – CVE-2017-1000366, CVE-2015-5180, CVE-2016-6323, CVE-2016-1234, CVE-2016-3075, CVE-2016-3706, CVE-2016-4429, CVE-2013-2207
• graphicsmagick – many CVEs including “ImageTragick”
• imagemagick – many CVEs including “ImageTragick”
• libgcrypt20 – CVE-2018-0495
• ncurses – CVE-2017-16879, CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113, CVE-2017-13728, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734, CVE-2017-13733
• php5 – CVE-2018-7584, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549
• poppler – CVE-2017-1000456, CVE-2017-14929, CVE-2017-9406, CVE-2017-9408, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865, CVE-2017-14517, CVE-2017-14518, CVE-2017-14519, CVE-2017-14520, CVE-2017-14617, CVE-2017-14975, CVE-2017-14976, CVE-2017-14977, CVE-2017-15565, CVE- 2015-8868
• procps – CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
• redis – CVE-2018-11218, CVE-2018-11219, CVE-2018-12326
• systemd – stable update from Debian 8.11
• tiff – many CVEs
• xorg server – CVE-2017-13721, CVE-2017-13723, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017- 12185, CVE-2017-12186, CVE-2017-12187, CVE-2017-12179, CVE-2017-12178, CVE-2017-12177, CVE-2017-12176, CVE-2017-2624, CVE-2015-3164, CVE-2017-10971, CVE-2017-10972
• apache2 – CVE-2018-1312 CVE-2018-1303 CVE-2018-1301 CVE-2018-1283 CVE-2017-15715 CVE-2017-15710
• bind9 – CVE-2017-3145
• curl – CVE-2018-1000301 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000007
• gcc-4.9 – Backport retpoline support
• gnupg – CVE-2018-12020
• gnupg2 – CVE-2018-12020
• icu – CVE-2017-15422
• isc-dhcp – CVE-2017-3144 CVE-2018-5733 CVE-2018-5732
• lame – CVE-2017-9872, CVE-2017-9871, CVE-2017-9870, CVE-2017-9869, CVE-2017-15046, CVE-2017-15045, CVE-2017-15018
• libav – CVE-2017-16803
• libipc-run-perl – Backport upstream patch to fix memory leak
• libmad – CVE-2017-8372 CVE-2017-8373 CVE-2017-8374
• libnss-myhostname – New package
• libvorbis – CVE-2018-5146
• libvpx – CVE-2017-13194
• libxml2 – CVE-2017-15412
• openssl – CVE-2018-0739 CVE-2017-3735 CVE-2016-8610 CVE-2017-3731 CVE-2016-7056
• p7zip – CVE-2017-17969
• patch – CVE-2018-1000156
• perl – CVE-2018-12015 CVE-2018-6913
• sdl-image1.2 – CVE-2017-2887 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3837 CVE-2018- 3838 CVE-2018-3839
• xdg-utils – CVE-2017-18266