Linux Advisory Watch: December 1st, 2017

Several vulnerabilities have been discovered in Exim, a mail transport agent. The Common Vulnerabilities and Exposures project identifies the following issues:

Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection.

Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.

The 4.13.16 update contains various fixes across the tree.

Update to upstream 1.1.7 release to remediate DoS issue npm:brace- expansion:20170302

Update to upstream 1.1.7 release to remediate DoS issue npm:brace- expansion:20170302

Fix for CVE-2017-15110.

Update to 0.12.2 which also fixes CVE-2016-10516

The 4.13.16 update contains various fixes across the tree.

Fix for CVE-2017-15110.

Update to 0.12.2 which also fixes CVE-2016-10516

https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/EIECM2E7PQ2VN3O4DSZBCE6K7HDW7AJC/

Harden the Slurm build and allows it to operate in full relro with GOT sections of the ELF binaries marked read-only.

CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685 CVE-2017-14686 CVE-2017-14687

Security fix for CVE-2017-12629

rebase to version 1.2.2, solves CVE-2017-16227, solves error produced by install script

Security fix for CVE-2017-12629

- Update to 1.1.28 - CVE-2017-16641, CVE-2017-16660, CVE-2017-16661, CVE-2017-16785 Release notes:

update to 0.14 (bugfix release CVE-2017-9216)

This update addresses the following vulnerabilities: * [CVE-2017-13798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798), [CVE-2017-13788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788), [CVE-2017-13803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13803) Additional fixes: * Improve calculation of font metrics to prevent scrollbars

This latest stable release on rpm 4.13.x branch brings in several important bugfixes. For details see release notes at http://rpm.org/wiki/Releases/4.13.0.2.

Minor security update 1.0.2m.

Security fix for CVE-2017-15906: Improper write operations in readonly mode

Security fix for CVE-2017-12629

Previous versions of git mishandled layers of tree objects, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS)

Minor security update release 1.1.0g.

This update addresses the following vulnerabilities: * [CVE-2017-13798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798), [CVE-2017-13788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788), [CVE-2017-13803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13803) Additional fixes: * Improve calculation of font metrics to prevent scrollbars

rebase to version 1.2.2, solves CVE-2017-16227, solves error produced by install script

- Update to 1.1.28 - CVE-2017-16641, CVE-2017-16660, CVE-2017-16661, CVE-2017-16785 Release notes:

- Update to 1.1.28 - CVE-2017-16641, CVE-2017-16660, CVE-2017-16661, CVE-2017-16785 Release notes:

Security fix for CVE-2017-14746 and CVE-2017-15275

Security fix for CVE-2017-14746 and CVE-2017-15275

An update of QtWebEngine to the security and bugfix release 5.9.2, including: Chromium Snapshot: * Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107, CVE-2017-5112, CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118 * Fixed Skia to to render text

https://lists.wikimedia.org/hyperkitty/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/EIECM2E7PQ2VN3O4DSZBCE6K7HDW7AJC/

**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command

**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command

**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command

**Update** - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Virtualization (RHEV) 4.X, Red Hat Enterprise Virtualization Hypervisor (RHEV-H) and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

This is the one-month notification for the retirement of Red Hat Enterprise Linux 6.2 Advanced Mission Critical (AMC). This notification applies only to those customers subscribed to the Advanced Mission Critical (AMC) channel for Red Hat Enterprise Linux 6.2.

An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for tcmu-runner is now available for Red Hat Gluster Storage 3.3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for apr is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for procmail is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update is now available for Red Hat OpenShift Container Platform 3.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for samba is now available for Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6 and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

An update that solves 5 vulnerabilities and has 17 fixes is An update that solves 5 vulnerabilities and has 17 fixes is An update that solves 5 vulnerabilities and has 17 fixes is now available. now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four An update that solves two vulnerabilities and has four fixes is now available. fixes is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.

An update that solves 33 vulnerabilities and has 7 fixes is An update that solves 33 vulnerabilities and has 7 fixes is An update that solves 33 vulnerabilities and has 7 fixes is now available. now available.

An update that solves two vulnerabilities and has three An update that solves two vulnerabilities and has three An update that solves two vulnerabilities and has three fixes is now available. fixes is now available.

An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes is now available. is now available.

An update that solves two vulnerabilities and has three An update that solves two vulnerabilities and has three An update that solves two vulnerabilities and has three fixes is now available. fixes is now available.

An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two An update that solves three vulnerabilities and has two fixes is now available. fixes is now available.

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.

Several security issues were fixed in OpenJDK 7.

Python could be made to run arbitrary code.

Python could be made to run arbitrary code.

Python could be made to run arbitrary code.

postgresql-common could be made to overwrite files as the administrator.

Several security issues were fixed in the kernel.

Various security vulnerabilities were discovered in sox, a command line utility to convert audio formats, that may lead to a denial-of-service (application crash / infinite loop) or memory corruptions by processing a malformed input file.

optipng, an advanced PNG (Portable Network Graphics) optimizer, has been found vulnerable to a buffer overflow which allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an

CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of

CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the

A file disclosure vulnerability was discovered in roundcube, a skinnable AJAX based webmail solution for IMAP servers.

A security issue that allows XSS on the Werkzeug debugger allows remote attackers to inject arbitrary stuff via a field that contains an exception message.

A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language.

A minor security vulnerability has been discovered in Python 2.7, an interactive high-level object-oriented language.

Pranjal Jumde (@pjumde) reported an heap overflow in memory debug code of libxml2. For Debian 7 "Wheezy", these problems have been fixed in version

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, unauthorized access, sandbox bypass or HTTP header injection.

Several vulnerabilities have been discovered in the X.Org X server. An attacker who's able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

The package powerdns before version 4.0.5-1 is vulnerable to access restriction bypass.

The package powerdns-recursor before version 4.0.7-1 is vulnerable to multiple issues including cross-site scripting, denial of service and insufficient validation.

Upstream details at : https://access.redhat.com/errata/RHSA-2017:3269

Upstream details at : https://access.redhat.com/errata/RHSA-2017:3270

Upstream details at : https://access.redhat.com/errata/RHSA-2017:3270

Upstream details at : https://access.redhat.com/errata/RHSA-2017:3260

Upstream details at : https://access.redhat.com/errata/RHSA-2017:3263

An out-of-bounds array dereference was found in apr_time_exp_get(). Anattacker could abuse an unvalidated usage of this function to cause adenial of service or potentially lead to data leak. (CVE-2017-12613)

A memory disclosure flaw was found in samba. An attacker could retrieveparts of server memory, which could contain potentially sensitive data, bysending specially-crafted requests to the samba server. (CVE-2017-15275)

A heap-based buffer overflow flaw was found in procmail's formailutility. A remote attacker could send a specially crafted email that, whenprocessed by formail, could cause formail to crash or, possibly, executearbitrary code as the user running formail. (CVE-2017-16844)

A buffer overrun flaw was found in the IMAP handler of libcurl. Bytricking an unsuspecting user into connecting to a malicious IMAP server,an attacker could exploit this flaw to potentially cause informationdisclosure or crash the application. (CVE-2017-1000257)

A memory disclosure flaw was found in samba. An attacker could retrieveparts of server memory, which could contain potentially sensitive data, bysending specially-crafted requests to the samba server. (CVE-2017-15275)