Thank you for subscribing to the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.

Important advisories issued this week include updates from Ubuntu and Debian which fix several security vulnerabilities discovered in ClamAV that could result in DoS conditions and a warning from Gentoo of multiple flaws in Google Chrome and Chromium which could result in the arbitrary execution of code. Continue reading to learn about other significant advisories issued this week. Stay healthy, safe and secure - both on and offline!

LinuxSecurity.com Feature Extras:

New Report: Severe Flaws in Cyberoams Firewall and VPN Technology Left At Least 86,000 Networks Vulnerable to Exploit - A new report published by vpnMentor examines two critical vulnerabilities in cybersecurity provider Cyberoam s firewall and VPN technology, which - both independently and combined - could be exploited by malicious actors to access the companys email quarantine system without authentication and remotely execute arbitrary commands. These flaws were discovered by different security researchers working independently, and have both been patched by Sophos .

Know The Enemy: Upgrade Your Threat Detection Strategy with Honeynets - Honeynets are an invaluable offensive security tool for learning the tactics and motives of the blackhat community and sharing the information and insights gathered. This article will explore what a Honeynet is, its value, how it works and the risks involved with deploying a Honeynet. It will also examine some great open-source honeynet options your organization may wish to consider.

  Debian: DSA-4691-1: pdns-recursor security update (May 21)
 

Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient validation of NXDOMAIN responses lacking an SOA.
  Debian: DSA-4690-1: dovecot security update (May 20)
 

Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service.
  Debian: DSA-4689-1: bind9 security update (May 19)
 

Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2019-6477
  Debian: DSA-4688-1: dpdk security update (May 18)
 

Multiple vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers.
  Debian: DSA-4687-1: exim4 security update (May 16)
 

It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default.
  Debian: DSA-4686-1: apache-log4j1.2 security update (May 15)
 

It was discovered that the SocketServer class included in apache-log4j1.2, a logging library for java, is vulnerable to deserialization of untrusted data. An attacker can take advantage of this flaw to execute arbitrary code in the context of the logger
  Debian: DSA-4685-1: apt security update (May 14)
 

Shuaibing Lu discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could result in denial of service when processing specially crafted deb files.
  Fedora 30: php FEDORA-2020-9fa7f4e25c (May 22)
 

**PHP version 7.3.18** (14 May 2020) **Core:** * Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant). (Nikita) *
  Fedora 31: ruby FEDORA-2020-a95706b117 (May 21)
 

Update to Ruby 2.6.6. Also fixes CVE-2020-10933 and CVE-2020-10663.
  Fedora 31: php FEDORA-2020-8838d072d5 (May 21)
 

**PHP version 7.3.18** (14 May 2020) **Core:** * Fixed bug php#78875 (Long filenames cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (**CVE-2019-11048**) (cmb) * Fixed bug php#79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant). (Nikita) *
  Fedora 30: abcm2ps FEDORA-2020-eb7a965fcf (May 20)
 

New upstream release with fixes for CVEs and other enhancements.
  Fedora 32: abcm2ps FEDORA-2020-a820f2b735 (May 20)
 

New upstream release with fixes for CVEs and other enhancements.
  Fedora 31: abcm2ps FEDORA-2020-7016bb7a0d (May 20)
 

New upstream release with fixes for CVEs and other enhancements.
  Fedora 31: oddjob FEDORA-2020-b1fa09aa64 (May 20)
 

This update includes a security fix for CVE-2020-10737. Additionally, From 0.34.6: - update license on src/buffer.h - changes "/var/run" to "/run" in systemd service file (Orion Poplawski, #1834511) From 0.34.5: - apply patch from Matthias Gerstner of the SUSE security team to fix a possible race condition in the mkhomedir helper (noted above, this fixes CVE-2020-10737) -
  Fedora 30: kernel FEDORA-2020-5a69decc0c (May 19)
 

The 5.6.13 stable kernel update contains a number of important fixes across the tree ---- The 5.6.12 stable update contains a number of important fixes across the tree.
  Fedora 30: moodle FEDORA-2020-7aba37f66a (May 19)
 

Latest upstream.
  Fedora 32: transmission FEDORA-2020-e67318b4b4 (May 19)
 

Backported patch for CVE-2018-10756.
  Fedora 32: kernel FEDORA-2020-4336d63533 (May 19)
 

The 5.6.13 stable kernel update contains a number of important fixes across the tree
  Fedora 32: moodle FEDORA-2020-758e089ff7 (May 19)
 

3.8.3
  Fedora 31: kernel FEDORA-2020-c6b9fff7f8 (May 19)
 

The 5.6.13 stable kernel update contains a number of important fixes across the tree ---- The 5.6.12 stable update contains a number of important fixes across the tree.
  Fedora 31: moodle FEDORA-2020-a1b4d24680 (May 19)
 

Latest upstream.
  Fedora 31: perl-Mojolicious FEDORA-2020-aceb5a1d0a (May 18)
 

This package fixes a security issue that allowed for _method query parameters to be used with GET requests. The fix is backported from Mojolicious v8.42.
  Fedora 30: perl-Mojolicious FEDORA-2020-8d3b359179 (May 18)
 

This package fixes a security issue that allowed for _method query parameters to be used with GET requests. The fix is backported from Mojolicious v8.42.
  Fedora 32: openconnect FEDORA-2020-143735a624 (May 18)
 

Update to 8.10 release (CVE-2020-12823)
  Fedora 32: php FEDORA-2020-3ea2253402 (May 18)
 

**PHP version 7.4.6** (14 May 2020) **Core:** * Fixed bug php#78434 (Generator yields no items after valid() call). (Nikita) * Fixed bug php#79477 (casting object into array creates references). (Nikita) * Fixed bug php#79514 (Memory leaks while including unexistent file). (cmb, Nikita) * Fixed bug php#79470 (PHP incompatible with 3rd party file system on demand). (cmb) * Fixed bug php#78784
  Fedora 32: perl-Mojolicious FEDORA-2020-cc7deffbf1 (May 18)
 

This package fixes a security issue that allowed for _method query parameters to be used with GET requests. The fix is backported from Mojolicious v8.42.
  Fedora 31: java-1.8.0-openjdk FEDORA-2020-a60ad9d4ec (May 17)
 

Update to OpenJDK 8u252 (April Critical Patch Update) - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8227542: Manifest improved jar headers -
  Fedora 32: condor FEDORA-2020-fb5af97476 (May 17)
 

Update to latest upstream 8.8.8
  Fedora 31: java-1.8.0-openjdk-aarch32 FEDORA-2020-831ec85119 (May 16)
 

8u252 update
  Fedora 31: condor FEDORA-2020-f9a598f815 (May 16)
 

Update to latest upstream 8.8.8
  Fedora 31: chromium FEDORA-2020-da49fbb17c (May 16)
 

Are you ready, kids? I said, are you ready? Whoooooo has another update for you to see? Google Chromium! For browsing and tweeting (but not FTP) Google Chromium! If improved security be something you wish Google Chromium! Then run dnf while you flop like a fish! Google Chromium! Google Chromium! Google Chromium! Google Chromium! Ahem. Sorry*. This update fixes the following
  Fedora 31: sleuthkit FEDORA-2020-1dd340ab85 (May 16)
 

Update to 4.9.0
  Fedora 30: condor FEDORA-2020-ae934f6790 (May 16)
 

Update to latest upstream 8.8.8
  Fedora 30: chromium FEDORA-2020-06c54925d3 (May 16)
 

Are you ready, kids? I said, are you ready? Whoooooo has another update for you to see? Google Chromium! For browsing and tweeting (but not FTP) Google Chromium! If improved security be something you wish Google Chromium! Then run dnf while you flop like a fish! Google Chromium! Google Chromium! Google Chromium! Google Chromium! Ahem. Sorry*. This update fixes the following
  Fedora 30: sleuthkit FEDORA-2020-6e3e0c6386 (May 16)
 

Update to 4.9.0
  Fedora 32: java-1.8.0-openjdk-aarch32 FEDORA-2020-07aa58121a (May 16)
 

8u252 update
  Fedora 32: sleuthkit FEDORA-2020-94c2f78e0c (May 16)
 

Update to 4.9.0
  Fedora 30: squid FEDORA-2020-a6a921a591 (May 16)
 

Version update + security fix
  Fedora 32: squid FEDORA-2020-56e809930e (May 15)
 

Version update + security fix
  Fedora 32: mingw-OpenEXR FEDORA-2020-e244f22a51 (May 15)
 

Update to OpenEXR-2.4.1, see https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 for details.
  Fedora 32: mingw-ilmbase FEDORA-2020-e244f22a51 (May 15)
 

Update to OpenEXR-2.4.1, see https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 for details.
  Fedora 31: squid FEDORA-2020-848065cc4c (May 15)
 

Version update + security fix
  Fedora 30: viewvc FEDORA-2020-c952520959 (May 15)
 

Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir lastmod file name (#211) - fix standalone.py first request failure (#195) ViewVC 1.1.27 ChangeLog: - suppress stack traces (with option to show) (#140) - distinguish text/binary/image files by icons (#166, #175) - colorize alternating file content lines (#167) - link to the instance root from the
  Fedora 32: kernel FEDORA-2020-4c69987c40 (May 14)
 

The 5.6.12 stable update contains a number of important fixes across the tree.
  Fedora 32: mailman FEDORA-2020-20b748e81e (May 14)
 

New version v2.1.32 Security fix for CVE-2020-12137 Change mode of /etc/mailman to 2755 (#1656765)
  Gentoo: GLSA-202005-13: Chromium, Google Chrome: Multiple vulnerabilities (May 14)
 

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
  Gentoo: GLSA-202005-12: OpenSLP: Multiple vulnerabilities (May 14)
 

Multiple vulnerabilities have been found in OpenSLP, the worst of which could result in the arbitrary execution of code.
  Gentoo: GLSA-202005-11: VLC: Buffer overflow (May 14)
 

A buffer overflow in VLC might allow local or remote attacker(s) to execute arbitrary code.
  Gentoo: GLSA-202005-10: libmicrodns: Multiple vulnerabilities (May 14)
 

Multiple vulnerabilities have been found in libmicrodns, the worst of which could result in the arbitrary execution of code.
  Gentoo: GLSA-202005-09: Python: Denial of Service (May 14)
 

A vulnerability in Python could lead to a Denial of Service condition.
  Gentoo: GLSA-202005-08: Xen: Multiple vulnerabilities (May 14)
 

Multiple vulnerabilities have been found in Xen, the worst of which could allow privilege escalation.
  Gentoo: GLSA-202005-07: FreeRDP: Multiple vulnerabilities (May 14)
 

Multiple vulnerabilities have been found in FreeRDP, the worst of which could result in a Denial of Service condition.
  Gentoo: GLSA-202005-06: LIVE555 Media Server: Multiple vulnerabilities (May 14)
 

Multiple vulnerabilities have been found in LIVE555 Media Server, the worst of which could result in the arbitrary execution of code.
  RedHat: RHSA-2020-2250:01 Important: dotnet3.1 security update (May 21)
 

An update for dotnet3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2249:01 Important: .NET Core on Red Hat Enterprise Linux (May 21)
 

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2242:01 Important: kernel-rt security and bug fix update (May 20)
 

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2241:01 Important: java-1.8.0-ibm security update (May 20)
 

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2239:01 Important: java-1.8.0-ibm security update (May 20)
 

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2238:01 Important: java-1.7.1-ibm security update (May 20)
 

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2237:01 Important: java-1.8.0-ibm security update (May 20)
 

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2236:01 Important: java-1.7.1-ibm security update (May 20)
 

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2231:01 Important: Red Hat Ceph Storage 4.1 security, (May 19)
 

Red Hat Ceph Storage 4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2210:01 Important: ksh security update (May 19)
 

An update for ksh is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
  RedHat: RHSA-2020-2213:01 Important: ipmitool security update (May 19)
 

An update for ipmitool is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
  RedHat: RHSA-2020-2214:01 Important: kernel security update (May 19)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
  RedHat: RHSA-2020-2212:01 Moderate: ruby security update (May 19)
 

An update for ruby is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
  RedHat: RHSA-2020-2199:01 Important: kernel security, bug fix, (May 19)
 

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2203:01 Important: kpatch-patch security update (May 19)
 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2136:01 Important: OpenShift Container Platform 4.4.4 (May 18)
 

Red Hat OpenShift Container Platform release 4.4.4 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2067:01 Important: Red Hat build of Thorntail 2.5.1 (May 18)
 

An update is now available for Red Hat build of Thorntail. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
  RedHat: RHSA-2020-2171:01 Important: kernel-rt security and bug fix update (May 14)
 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2169:01 Moderate: Red Hat JBoss Enterprise Application (May 14)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2165:01 Moderate: openstack-manila security update (May 14)
 

An update for openstack-manila is now available for Red Hat OpenStack Platform 16 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2168:01 Moderate: Red Hat JBoss Enterprise Application (May 14)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  Slackware: 2020-140-02: libexif Security Update (May 19)
 

New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  Slackware: 2020-140-01: bind Security Update (May 19)
 

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  Slackware: 2020-139-01: sane Security Update (May 18)
 

New sane packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  SUSE: 2020:1382-1 important: dom4j (May 22)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1383-1 important: dom4j (May 22)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1381-1 moderate: memcached (May 22)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1379-1 important: dovecot23 (May 22)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1380-1 important: dovecot23 (May 22)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1364-1 important: tomcat (May 21)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1363-1 important: tomcat (May 21)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1365-1 important: tomcat (May 21)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1350-1 important: bind (May 20)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1352-1 moderate: ant (May 20)
 

An update that solves one vulnerability and has two fixes is now available.
  SUSE: 2020:1353-1 moderate: freetype2 (May 20)
 

An update that solves one vulnerability and has one errata is now available.
  SUSE: 2020:1351-1 moderate: ant (May 20)
 

An update that solves one vulnerability and has two fixes is now available.
  SUSE: 2020:1334-1 moderate: dpdk (May 19)
 

An update that fixes 5 vulnerabilities is now available.
  SUSE: 2020:1337-1 moderate: openconnect (May 19)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1339-1 moderate: python (May 19)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2020:1338-1 moderate: rpmlint (May 19)
 

An update that contains security fixes can now be installed.
  SUSE: 2020:1335-1 moderate: dpdk (May 19)
 

An update that fixes 5 vulnerabilities is now available.
  SUSE: 2020:1300-1 important: gstreamer-plugins-base (May 18)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1296-1 moderate: autoyast2 (May 18)
 

An update that solves one vulnerability and has 6 fixes is now available.
  SUSE: 2020:1301-1 important: mailman (May 18)
 

An update that solves two vulnerabilities and has two fixes is now available.
  SUSE: 2020:1295-1 moderate: git (May 18)
 

An update that solves two vulnerabilities and has 6 fixes is now available.
  SUSE: 2020:1292-1 moderate: openexr (May 18)
 

An update that solves four vulnerabilities and has one errata is now available.
  SUSE: 2020:1297-1 moderate: libvpx (May 18)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1293-1 moderate: openexr (May 18)
 

An update that solves 7 vulnerabilities and has one errata is now available.
  SUSE: 2020:1298-1 moderate: libbsd (May 18)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1294-1 moderate: file (May 18)
 

An update that solves one vulnerability and has one errata is now available.
  SUSE: 2020:1299-1 moderate: libxml2 (May 18)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1289-1 important: libvirt (May 15)
 

An update that solves one vulnerability and has 6 fixes is now available.
  SUSE: 2020:1285-1 important: python-PyYAML (May 15)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1277-1 important: libvirt (May 14)
 

An update that solves two vulnerabilities and has four fixes is now available.
  SUSE: 2020:14369-1 moderate: syslog-ng (May 14)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1275-1 important: the Linux Kernel (May 14)
 

An update that solves 35 vulnerabilities and has 21 fixes is now available.
  SUSE: 2020:1274-1 important: python-paramiko (May 14)
 

An update that fixes one vulnerability is now available.
  Ubuntu 4370-2: ClamAV vulnerabilities (May 21)
 

Several security issues were fixed in ClamAV.
  Ubuntu 4372-1: QEMU vulnerabilities (May 21)
 

Several security issues were fixed in QEMU.
  Ubuntu 4371-1: libvirt vulnerabilities (May 21)
 

Several security issues were fixed in libvirt.
  Ubuntu 4370-1: ClamAV vulnerabilities (May 21)
 

Several security issues were fixed in ClamAV.
  Ubuntu 4369-1: Linux kernel vulnerabilities (May 20)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4365-2: Bind vulnerabilities (May 20)
 

Several security issues were fixed in Bind.
  Ubuntu 4368-1: Linux kernel vulnerabilities (May 19)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4367-1: Linux kernel vulnerabilities (May 19)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4366-1: Exim vulnerability (May 19)
 

Exim could be made to access sensitive information or bypass authentication if it received a specially crafted input.
  Ubuntu 4365-1: Bind vulnerabilities (May 19)
 

Several security issues were fixed in Bind.
  Ubuntu 4364-1: Linux kernel vulnerabilities (May 18)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4363-1: Linux kernel vulnerabilities (May 18)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4362-1: DPDK vulnerabilities (May 18)
 

Several security issues were fixed in DPDK.
  Ubuntu 4361-1: Dovecot vulnerabilities (May 18)
 

Several security issues were fixed in Dovecot.
  Ubuntu 4360-3: json-c regression (May 15)
 

USN-4360-1 introduced a regression in json-c.
  Ubuntu 4360-2: json-c regression (May 15)
 

USN-4360-1 introduced a regression in json-c.
  Ubuntu 4360-1: json-c vulnerability (May 14)
 

json-c could be made to execute arbitrary code if it received a specially crafted JSON file.
  Ubuntu 4359-1: APT vulnerability (May 14)
 

APT could be made to crash if it opened a specially crafted file.
  Debian LTS: DLA-2215-1: clamav security update (May 20)
 

The following CVE(s) were found in src:clamav package. CVE-2020-3327
  Debian LTS: DLA-2213-1: exim4 security update (May 18)
 

It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default.
  Debian LTS: DLA-2214-1: libexif security update (May 18)
 

Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files.
  Debian LTS: DLA-2212-1: openconnect security update (May 16)
 

OpenConnect, a VPN software, had a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
  Debian LTS: DLA-2210-1: apt security update (May 14)
 

When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not
  Debian LTS: DLA-2176-1: inetutils security update (May 14)
 

NOTE: This DLA was intially sent on 2020-04-14 but for reasons unknown failed to reach the mailing list. It is being re-sent now to ensure that it appears in the mailing list archive. No new version of
  ArchLinux: 202005-8: keycloak: arbitrary code execution (May 20)
 

The package keycloak before version 10.0.1-1 is vulnerable to arbitrary code execution.
  ArchLinux: 202005-7: thunderbird: multiple issues (May 20)
 

The package thunderbird before version 68.8.0-1 is vulnerable to multiple issues including arbitrary code execution and content spoofing.
  ArchLinux: 202005-6: qemu: multiple issues (May 20)
 

The package qemu before version 5.0.0-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
  CentOS: CESA-2020-2040: Important CentOS 7 squid (May 21)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:2040
  CentOS: CESA-2020-0984: Important CentOS 7 ipmitool (May 21)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0984
  CentOS: CESA-2020-2103: Important CentOS 6 kernel (May 21)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:2103
  CentOS: CESA-2020-2049: Critical CentOS 6 thunderbird (May 21)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:2049
  CentOS: CESA-2020-2036: Critical CentOS 6 firefox (May 21)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:2036
  CentOS: CESA-2020-2050: Critical CentOS 7 thunderbird (May 21)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:2050
  CentOS: CESA-2020-2037: Critical CentOS 7 firefox (May 21)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:2037
  SciLinux: SLSA-2020-2082-1 Important: kernel on SL7.x x86_64 (May 15)
 

kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) SL7 x86_64 bpftool-3.10.0-1127.8.2.el7.x86_6 [More...]
  openSUSE: 2020:0668-1: moderate: nextcloud (May 17)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2020:0667-1: moderate: nextcloud (May 17)
 

An update that solves two vulnerabilities and has one errata is now available.
  openSUSE: 2020:0661-1: moderate: mailman (May 15)
 

An update that solves one vulnerability and has one errata is now available.
  Mageia 2020-0215: libreswan security update (May 15)
 

Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange
  Mageia 2020-0214: suricata security update (May 15)
 

Updated suricata packages fix security vulnerabilities: The suricata package has been updated to version 4.1.8, which fixes security issues and other bugs. See the upstream announcements for details.
  Mageia 2020-0213: jbig2dec security update (May 15)
 

Updated jbig2dec packages fix security vulnerability: jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow (CVE-2020-12268).
  Mageia 2020-0212: ntp security update (May 15)
 

The updated packages fix security vulnerabilities including: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled
  Mageia 2020-0211: netkit-telnet security update (May 15)
 

Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet servers (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated