Linux Advisory Watch: August 2nd, 2019

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems:

Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed.

Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default (and unusual) configurations where ${sort } expansion is used for items

This update addresses an arbitrary file copy vulnerability in mod_copy in ProFTPD, which allowed for remote code execution and information disclosure without authentication due to not honoring ` ` constraints. Upstream bug: http://bugs.proftpd.org/show_bug.cgi?id=4372

Update to v5.1.20 ---- Update to v5.1.19

Update to v5.1.20 ---- Update to v5.1.19

Some security issues are found on oniguruma. This new rpm should fix these issues

Some security issues are found on oniguruma. This new rpm should fix these issues.

Rebase to radare2 3.6.0 and fix CVE-2019-12790, CVE-2019-12802 and CVE-2019-12865 and rebase cutter to 1.8.3.

Rebase to radare2 3.6.0 and fix CVE-2019-12790, CVE-2019-12802 and CVE-2019-12865 and rebase cutter to 1.8.3.

Security fix for CVE-2019-13228, CVE-2019-13229, CVE-2019-13227, CVE-2019-13226.

Security fix for CVE-2019-13228, CVE-2019-13229, CVE-2019-13227, CVE-2019-13226.

Security fix for CVE-2019-13228, CVE-2019-13229, CVE-2019-13227, CVE-2019-13226.

Fixed out of bounds heap read in function rtreenode() Enhance the rtreenode() function of rtree (used for testing) so that it uses the newer sqlite3_str object for better performance and improved error reporting.

Update to v5.1.19

Update to v5.1.19

An update for icedtea-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for icedtea-web is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for nss and nspr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

This is the final notification for the retirement of Red Hat OpenShift Enterprise 3.6 and Red Hat OpenShift Container Platform 3.7. This notification applies only to those customers with subscriptions for Red Hat OpenShift Enterprise 3.6 and Red Hat OpenShift Container Platform 3.7.

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7. Red Hat Product Security has rated this update as having a Important security impact. A Common Vulnerability Scoring System (CVSS) base score,

Updated samba packages that fix one security issue and provide several bug fixes and enhancements are now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact

Updated samba packages that fix one security issue and provide several bug fixes and enhancements are now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for perl is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ruby is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libssh2 is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for keepalived is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for vim is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

This is the one-month notification for the end of the maintenance phase for Red Hat OpenShift Enterprise 3.6 and 3.7. This notification applies only to customers with subscriptions for Red Hat OpenShift Enterprise 3.6 and 3.7. 2. Description:

An update for rh-redis32-redis is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves 8 vulnerabilities and has one errata is now available.

An update that fixes two vulnerabilities is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes three vulnerabilities is now available.

An update that solves three vulnerabilities and has 41 fixes is now available.

An update that fixes 10 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 8 vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 10 vulnerabilities is now available.

An update that solves two vulnerabilities and has two fixes is now available.

An update that solves two vulnerabilities and has 10 fixes is now available.

An update that solves three vulnerabilities and has 9 fixes is now available.

An update that fixes one vulnerability is now available.

SoX could be made to crash if it received a specially crafted MP3 file.

Sigil could be made to overwrite files.

Several security issues were fixed in Django.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in OpenJDK 11.

Subversion could be made to crash if it received specially crafted network traffic.

Pango could be made to execute arbitrary code if it received a specially crafted input.

Several security issues were fixed in OpenJDK.

SoX could be made to crash if it received a specially crafted MP3 file.

Several security issues were fixed in OpenLDAP.

tmpreaper could be made to overwrite files as the administrator.

urllib3 could be used to perform a CRLF injection if it received a specially crafted request.

Several security issues were fixed in the kernel.

Several security issues were fixed in the Linux kernel.

USN-4054-1 caused some minor regressions in Firefox.

Exim could be made to run programs as an administrator if it received specially crafted network traffic.

Several security issues were fixed in VLC.

libEBML could be made to crash if it opened a specially crafted file.

A XSS vulnerability was discovered in SquirrelMail. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mails can be executed within the application context via

Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details.

Various minor issues have been addressed in the GLib library. GLib is a useful general-purpose C library used by projects such as GTK+, GIMP, and GNOME.

Several more boundary checks have been backported to libssh2's src/sftp.c. Furthermore, all boundary checks in src/sftp.c now result in an LIBSSH2_ERROR_BUFFER_TOO_SMALL error code, rather than a

The following issues have been found in sdl-image1.2, the 1.x version of the image file loading library. CVE-2018-3977

An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed.

Various security problems have been additionally fixed in libssh2, an SSH client implementation written in C++.

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1898

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1883

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1884

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1880

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1896

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1873

icedtea-web: path traversal while processing elements of JNLP files results in arbitrary file overwrite (CVE-2019-10182) * icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite (CVE-2019-10185) * icedtea-web: unsigned code injection in a signed JAR file (CVE-2019-10181) SL7 x86_64 icedtea-web-1.7.1-2.el7_6.x86_64.rpm icedtea- [More...]

kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_ [More...]

httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) SL7 x86_64 httpd-2.4.6-89.el7_6.1.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.1.x86_64.rpm httpd-devel-2.4.6-89.el7_6.1.x86_64.rpm httpd-tools-2.4.6-89.el7_6.1.x86_64.rpm mod_ldap-2.4.6-89.el7_6.1.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.1.x86_64.rpm mod_session-2.4.6-89.el7_6.1.x86_64.rpm [More...]

389-ds-base: DoS via hanging secured connections (CVE-2019-3883) Bug Fix(es): * Previously, if you were using the PAM plugin and attempted to bind as a dn that doesn't exist, the server would crash. This has now been fixed. SL7 x86_64 389-ds-base-1.3.8.4-25.1.el7_6.x86_64.rpm 389-ds-base-debuginfo-1.3.8.4-25.1.el7_6.x86_64.rpm 389-ds-base-devel-1.3.8.4-25.1.el7_6.x86_64.rpm [More...]

libssh2: Out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) SL7 x86_64 libssh2-1.4.3-12.el7_6.3.i686.rpm libssh2-1.4.3-12.el7_6.3.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.3.i686.rpm libssh2-devel-1.4.3-12.el7_6.3.x86_64.rpm libssh2- [More...]

QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * As newer machine remove csske feature, detection of the processor fail and machine used old version a [More...]

An update that solves two vulnerabilities and has 10 fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes 10 vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes 52 vulnerabilities is now available.

An update that fixes 10 vulnerabilities is now available.

An update that solves two vulnerabilities and has one errata is now available.

OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are susceptible to a vulnerability that could lead to disclosure of sensitive information or the addition or modification of data (CVE-2019-1543). Oracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability

VLC 3.0.7 has been released on June 6 including security fixes References: - https://bugs.mageia.org/show_bug.cgi?id=24940 - https://jbkempf.com/blog/post/2019/VLC-3.0.7-and-security/