Linux Advisory Watch: January 11th, 2018

Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144

Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.

Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.

Security fix for CVE-2017-1000501

Security fix for CVE-2017-15103 and CVE-2017-15104

Update to upstream 2.1-15. 20180108. Includes fix for Spectre.

Yet another security issue

- Update to 57.0.4 - Security fixes to address the Meltdown and Spectre timing attacks - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ - Require new nss 3.34 (fixed #1531031) - Disabled ARM on all Fedoras due to #1523912

Depenency for Electrum that have a security issue in all the releases.

Depend on https://bodhi.fedoraproject.org/updates/FEDORA-2018-92de33f3b9

Security fix for CVE-2017-15103 and CVE-2017-15104

Update to the latest upstream version.

Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789

Security fix for CVE-2017-1000456.

Microcode update for AMD cpus

Update to upstream 14.7.5 release for AST-2017-014/CVE-2017-17850 security issue

Security fixes - Fix local denial of service CVE-2017-16927 #958 #979 (fix already in 0.9.4-2) New features - Add a new log level TRACE more verbose than DEBUG #835 #944 - SSH agent forwarding via RDP #867 #868 FreeRDP/FreeRDP#4122 - Support horizontal wheel properly #928 Bug fixes - Avoid use of hard-coded sesman port #895 - Workaround for corrupted display with Windows Server 2008

rebase to 1.12 CVE-2017-17866

Update to 7.5.0 GA release (CVE-2017-17439)

New upstream version 2.4.3. It contains fixes for CVE-2017-17084, CVE-2017-17083 and CVE-2017-17085.

Security fix for CVE-2017-1000456.

Update to the latest upstream version.

Microcode update for AMD cpus

This update addresses the following vulnerabilities: * [CVE-2017-13866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13866), [CVE-2017-13870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13870), [CVE-2017-7156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7156), [CVE-2017-13856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13856)

Security fixes - Fix local denial of service CVE-2017-16927 #958 #979 (fix already in 0.9.4-2) New features - Add a new log level TRACE more verbose than DEBUG #835 #944 - SSH agent forwarding via RDP #867 #868 FreeRDP/FreeRDP#4122 - Support horizontal wheel properly #928 Bug fixes - Avoid use of hard-coded sesman port #895 - Workaround for corrupted display with Windows Server 2008

Update to 7.5.0 GA release (CVE-2017-17439)

Patch for CVE-2016-6328

Fixes https://bitcointalk.org/index.php?topic=2702103.0 Changelog: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES ---- Fixes https://bitcointalk.org/index.php?topic=2702103.0

- Update to 57.0.4 - Security fixes to address the Meltdown and Spectre timing attacks - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ - Require new nss 3.34 (fixed rhbz#1531031) - Disabled ARM on all Fedoras due to rhbz#1523912

Updated to version 3.1.1 Fixes https://bitcointalk.org/index.php?topic=2702103.0 ---- Updated to version 3.1

Adds support for early microcode for **AMD CPUs family >= 0x17**. Note: Intel CPU support is fine. To add the microcode to all your initramfs images: ``` # dracut --regenerate-all --force ``` To only add it to the current kernel version: ``` # dracut --force ```

Adds support for early microcode for **AMD CPUs family >= 0x17**. Note: Intel CPU support is fine. To add the microcode to all your initramfs images: ``` # dracut --regenerate-all --force ``` To only add it to the current kernel version: ``` # dracut --force ```

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.

* CVE-2017-1000256: libvirt: TLS certificate verification disabled for clients (bz #1503687)

Fix for CVE-2017-1000158

A vulnerability in PySAML2 might allow remote attackers to bypass authentication.

Multiple vulnerabilities have been found in TigerVNC, the worst of which may lead to arbitrary code execution.

Multiple vulnerabilities have been found in icoutils, the worst of which may lead to arbitrary code execution.

A vulnerability has been found in LibXfont and LibXfont2 which may allow for arbitrary file access.

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may lead to arbitrary code execution.

A vulnerability in MiniUPnPc might allow remote attackers to execute arbitrary code.

A vulnerability has been found in Emacs which may allow for arbitrary command execution.

A command injection vulnerability in 'Back in Time' may allow for the execution of arbitrary shell commands.

A flaw has been discovered in OpenSSH which could allow a remote attacker to create zero-length files.

A vulnerability in LibXcursor might allow remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in OptiPNG, the worst of which may allow execution of arbitrary code.

Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. [More...]

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 11.0 (Ocata). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Liberty). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for linux-firmware is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for rhevm-setup-plugins is now available for RHEV Engine version 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rhevm-setup-plugins is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ovirt-guest-agent-docker is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rhvm-appliance is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for redhat-virtualization-host is now available for RHEV 3.X Hypervisor and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for vdsm is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for redhat-virtualization-host is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact

An update for vdsm is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for libvirt is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libvirt is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm-rhev is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for linux-firmware is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7.

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves three vulnerabilities and has 5 fixes is now available.

An update that fixes 16 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 46 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 32 vulnerabilities and has 7 fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 14 vulnerabilities and has three fixes is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

An update that solves 5 vulnerabilities and has 19 fixes is now available.

An update that solves 5 vulnerabilities and has 35 fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 5 vulnerabilities and has 13 fixes is now available.

An update that solves 17 vulnerabilities and has 13 fixes is now available.

An update that solves 5 vulnerabilities and has 26 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes 46 vulnerabilities is now available.

USN-3522-2 introduced a regression in the Linux Hardware Enablement kernel.

USN-3522-1 introduced a regression in the Linux kernel.

Several security issues were fixed in Ruby.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

SSSD could be made to expose sensitive information.

The system could be made to expose sensitive information.

The system could be made to expose sensitive information.

Several security issues were fixed in the Linux kernel.

On January 9, fixes for CVE-2017-5754 were released into the Ubuntu Xenialkernel version 4.4.0-108.131. This CVE, also known as "Meltdown," is a security vulnerability caused by flaws in the design of speculative executionhardware in the computer's CPU. [More...]

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

PySAML2 could allow authentication without a password.

Several security issues were fixed in poppler.

Ruby could be made to execute arbitrary commands if opened a speciallycrafted file.

USN-3430-2 introduced regression in Dnsmasq.

USN-3480-2 introduced regressions in Apport.

The package intel-ucode before version 20180108-1 is vulnerable to access restriction bypass.

The package glibc before version 2.26-9 is vulnerable to multiple issues including arbitrary code execution and denial of service.

The package lib32-glibc before version 2.26-9 is vulnerable to multiple issues including arbitrary code execution and denial of service.

The package graphicsmagick before version 1.3.27-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

The package mongodb before version 3.6.0-1 is vulnerable to arbitrary code execution.

The package linux-hardened before version 4.14.11.a-1 is vulnerable to multiple issues including access restriction bypass, denial of service, privilege escalation and information disclosure.

The package linux-zen before version 4.14.11-1 is vulnerable to multiple issues including access restriction bypass, denial of service, privilege escalation and information disclosure.

The package linux-lts before version 4.9.74-1 is vulnerable to multiple issues including denial of service, privilege escalation and information disclosure.

The package linux before version 4.14.11-1 is vulnerable to multiple issues including access restriction bypass, denial of service, privilege escalation and information disclosure.

Multiple flaws were found in the processing of malformed web content. Aweb page containing malicious content could cause Thunderbird to crash or,potentially, execute arbitrary code with the privileges of the userrunning Thunderbird. (CVE-2017-7846, CVE-2017-7847, CVE-2017-7848,CVE-2017-7829)

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the libvirt side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the libvirt side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Note: This issue is present in hardware and cannot be fully fixed viasoftware update. The updated kernel packages provide software mitigationfor this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workloadand hardware configuration.In this update mitigations for x86-64 architecture are provided.Variant CVE-2017-5753 triggers the speculative execution by performing abounds-check bypass. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall boundary and read privileged memory by conductingtargeted cache side-channel attacks. (CVE-2017-5753, Important)Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715, Important)Variant CVE-2017-5754 relies on the fact that, on impactedmicroprocessors, during speculative execution of instruction permissionfaults, exception generation triggered by a faulting access is suppresseduntil the retirement of the whole instruction block. In a combination withthe fact that memory accesses may populate the cache even when the blockis being dropped and never committed (executed), an unprivileged localattacker could use this flaw to read privileged (kernel space) memory byconducting targeted cache side-channel attacks. (CVE-2017-5754, Important)Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64microprocessors are not affected by this issue.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Note: This issue is present in hardware and cannot be fully fixed viasoftware update. The updated kernel packages provide software mitigationfor this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workloadand hardware configuration.In this update mitigations for x86-64 architecture are provided.Variant CVE-2017-5753 triggers the speculative execution by performing abounds-check bypass. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall boundary and read privileged memory by conductingtargeted cache side-channel attacks. (CVE-2017-5753, Important)Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715, Important)Variant CVE-2017-5754 relies on the fact that, on impactedmicroprocessors, during speculative execution of instruction permissionfaults, exception generation triggered by a faulting access is suppresseduntil the retirement of the whole instruction block. In a combination withthe fact that memory accesses may populate the cache even when the blockis being dropped and never committed (executed), an unprivileged localattacker could use this flaw to read privileged (kernel space) memory byconducting targeted cache side-channel attacks. (CVE-2017-5754, Important)Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64microprocessors are not affected by this issue.

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact thatmemory accesses may cause allocation into the microprocessor's data cacheeven for speculatively executed instructions that never actually commit(retire). As a result, an unprivileged attacker could use this flaw tocross the syscall and guest/host boundaries and read privileged memory byconducting targeted cache side-channel attacks. (CVE-2017-5715)Note: This is the microcode counterpart of the CVE-2017-5715 kernelmitigation.

Multiple vulnerabilities have been discovered in Ming: CVE-2017-11732

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands.

Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands.

The patch introduced in DLA-1234-1 had a problem that caused gdk-pixbuf's gif module to fail to load. For Debian 7 "Wheezy", these problems have been fixed in version

Opencv 3.3 and earlier has problems while reading data, which might result in either buffer overflows or integer overflows.

It was discovered that there were several integer overflows in gdk-pixbuf, a library to manipulate images for the GTK graphics toolkit. This could have led to memory corruption and potential code execution.

The NSFocus Security Team discovered multiple security issues in Graphicsmagick, a collection of image processing tools. Several heap-based buffer over-reads may lead to a denial-of-service (application crash) or possibly have other unspecified impact when

It was discovered that there was a use-after-free vulnerability in gifsicle, a command-line tool for manipulating GIF images. For Debian 7 "Wheezy", this issue has been fixed in gifsicle version

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

It was discovered that there were two vulnerabilities in the imagemagick image manipulation program: CVE-2017-1000445: A null pointer dereference in the MagickCore

Jason Crain discovered a overflow vulnerability in the poppler PDF rendering library. For Debian 7 "Wheezy", this issue has been fixed in poppler version

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0061

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0061

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0023

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0029

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0030

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0008

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0013

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0014

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0012

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0007