Linux Advisory Watch: January 26th, 2018

Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005

Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with

It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty.

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host.

The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution.

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for

Fixes some regressions of previous versions ---- Security fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908) ---- - Fix bugs 1126595,1464269,1126625 and 1258536, - Update of main.cvd, daily.cvd and bytecode.cvd ---- - Fixes for rhbz 1530678 and 1518016

- Update to latest version - Firefox 58.0

Upgrades to latest minor supported BIND. Includes first -P1 security release fixing CVE-2017-3145.

Upgrades to latest minor supported BIND. Includes first -P1 security release fixing CVE-2017-3145.

Upgrades to latest minor supported BIND. Includes first -P1 security release fixing CVE-2017-3145.

The 4.14.14 stable update contains a number of important fixes across the tree. This update also includes some PPC mitigations, and has been built with a retpoline capable compiler for improved Spectre mitigation on x86_64.

Update to 4.13 (#1535261)

fix for CVE-2017-13194

This update addresses two security vulnerabilities: * CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with `$ORIGIN` rpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (RHBZ#1526866). * CVE-2018-1000001: `getcwd` would

Update to Ruby 2.4.3.

Security fix for **CVE-2017-15370** and **CVE-2017-15371**

Update to 0.12.13

This update addresses two security vulnerabilities: * CVE-2017-15670, CVE-2017-15671, CVE-2017-15804: Various vulnerabilities could lead to memory corruption in the `glob` and `glob64` function. (RHBZ#1505298, RHBZ##1504807) * CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with `$ORIGIN`

The 4.14.14 stable update contains a number of important fixes across the tree. This update also includes some PPC mitigations, and has been built with a retpoline capable compiler for improved Spectre mitigation on x86_64.

Update to 0.12.13

**Update to 10.1.30** sysusers and tmpfiles added by upstream **Release notes:** https://mariadb.com/kb/en/mariadb-10130-release-notes/ **CVE's fixed:** CVE-2017-15365

Security fix for **CVE-2017-15370** and **CVE-2017-15371**

Security fix for CVE-2017-15111, CVE-2017-15112 Two minor security issues were discovered and were assigned CVE's. CVE-2017-15112 concerns the ability to pass a password on the command line where it could be exposed. That option has been deprecated. See the man page for multiple ways to pass the password. CVE-2017-15111 corrects the default location of a log file when running the low

Fix permissions on rootsh log directory to limit it to root.

Fix permissions on rootsh log directory to limit it to root.

- Update to 52.5.3 - Patched for mozilla bug-1427870 (spectre mitigation)

Security fix for CVE-2018-5702 (Mitigate dns rebinding attacks against daemon)

An update for nautilus is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for dhcp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for rh-eclipse46-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvirt is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact

An update for libvirt is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact

An update for libvirt is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvirt is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvirt is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

An update that solves one vulnerability and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes 15 vulnerabilities is now available.

An update that fixes 89 vulnerabilities is now available.

An update that solves 22 vulnerabilities and has 72 fixes is now available.

An update that fixes 11 vulnerabilities is now available.

An update that fixes 11 vulnerabilities is now available.

An update that solves 26 vulnerabilities and has 24 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

The system could be made to crash or run programs as an administrator.

The system could be made to crash or run programs as an administrator.

Several security issues were fixed in Libtasn1.

Several security issues were fixed in MySQL.

Several security issues were addressed in the Linux kernel.

Several security issues were addressed in the Linux kernel.

Several security issues were addressed in the Linux kernel.

Several security issues were addressed in the Linux kernel.

Several security issues were addressed in the Linux kernel.

Several security issues were addressed in the Linux kernel.

Several security issues were fixed in GIMP.

The package bind before version 9.11.2.P1-1 is vulnerable to denial of service.

The package perl-xml-libxml before version 2.0130-1 is vulnerable to arbitrary code execution.

The package transmission-cli before version 2.92-8 is vulnerable to arbitrary command execution.

The package nrpe before version 3.2.1-3 is vulnerable to arbitrary command execution.

The package irssi before version 1.0.6-1 is vulnerable to denial of service.

An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate) * The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, whic [More...]

It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality. (CVE-2017-3144) SL7 x86_64 dhclient-4.2.5-58.el7_4.1.x86_64.rpm dhcp-common-4.2.5-58.el7_4.1.x86_64.rpm [More...]

An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a .desktop file disguised as a document, such as a PDF, and execute arbitrary commands. (CVE-2017-14604) Note: This update will change the behavior of Nautilus. Nautilus wi [More...]

A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. (CVE-2017-15134) Bug Fix(es): * Previously, when a connection received a high operation rate, Directory Server stopped to poll the [More...]

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel [More...]

This update upgrades Firefox to version 52.6.0 ESR. * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018- [More...]

A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) SL6 x86_64 bind-debuginfo-9.8.2-0. [More...]

A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) SL7 x86_64 bind-debuginfo-9.9.4-51 [More...]

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service.

Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure

Michael Stepankin and Olga Barinova discovered a remote code execution vulnerability in Apache Solr by exploiting XML External Entity processing (XXE) in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. To resolve this

OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does not block attempts to use HTTP POST for sending data to localhost, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

CVE-2017-12635 Prevent non-admin users to give themselves admin privileges.

It was discovered that PHP5 was vulnerable to a reflected cross-site scripting (XSS) attack on the PHAR 404 error page by manipulating the URI of a request for a .phar file. This issue is only exploitable if the web server is configured to handle phar files using PHP5.

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.59, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for

It was discovered that there was a code-injection vulnerability in smarty3, a PHP template engine. A via specially-crafted filename in comments could result in arbitray code

It was discovered that there was a denial-of-service attack in the libgd2 image library. A corrupt file could have exploited a signedness confusion leading to an infinite loop.

It was discovered that there was an injection vulnerability in the rsync file-copying tool. For Debian 7 "Wheezy", this issue has been fixed in rsync version

Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface(s) may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running.

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0223

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0151

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0158

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0163

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0122

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0122

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0102

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0101

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0095

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0095