Welcome to our third stable update of 2019. So what do we have with this one?
We addressed the following security issues within systemd v239 series:
- CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.
- CVE-2018-15687: A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files.
- CVE-2018-6954_2: systemd-tmpfiles in systemd through 239 mishandles symlinks present in non-terminal path components.
- CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog.
- CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket.
- CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’.
This is also addressed with v239.6-4 in our testing branch and with v240.275-1 in our unstable branch.
We hope with all these changes Manjaro to be more efficient for you all.
Some of our core developers will join PINE64 Inc. at FOSDEM19 in Brussels. We will establish an even more closer relationship with this ARM based company. Also we are looking forward to see your reactions on the big announcement PINE64 Inc. will do at FOSDEM19. Stay tuned for any upcoming news.
Partnership with FCS Linux Aarhus
We are happy to announce a new partnership with FCS Linux Aarhus owned by @fhdk. This enables us to offer you Laptops with Manjaro pre-installed and Manjaro Stickers you can use on your own hardware or gift them to a friend. For each sale FCS will donate a percentage to the Manjaro project.
Manjaro v18.0.2 released!
To end the year with a high note we updated our flagship ISOs of Manjaro Illyria with the latest packages. It comes with refreshed packages and updated tools. You may want to download our XFCE Edition with the latest 4.13 packages, aswell as our most recent styling efforts. Our KDE fans may try our KDE Edition with the latest KDE v5.14 instead. And our GNOME fans may try our Gnome Edition with the latest GNOME v3.30.
Current supported Kernels
- linux316 3.16.62
- linux318 3.18.131 [EOL]
- linux44 4.4.167
- linux49 4.9.149
- linux414 4.14.92
- linux417 4.17.19 [EOL]
- linux418 4.18.20 [EOL]
- linux419 4.19.14
- linux420 4.20.1
- linux414-rt 4.14.87_rt49
- linux416-rt 4.16.18_rt11
- linux418-rt 4.18.16_rt9
Package Updates (Sat Jan 12 10:12:43 CET 2019)
- stable core x86_64: 4 new and 4 removed package(s)
- stable multilib x86_64: 1 new and 1 removed package(s)
- No issue, everything went smoothly
- Yes there was an issue. I was able to resolve it myself.(Please post your solution)
- Yes i am currently experiencing an issue due to the update. (Please post about it)
Check if your mirror has already synced: