Debian And Fedora Advisories: July 14, 2017 - Multiple Critical Fixes

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus' Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center (KDC-REP) component and could be used by

An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.

Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol client and server library which may result in memory disclosure, denial of service and potentially the execution of arbitrary code.

Two vulnerabilities have been discovered in Undertow, a web server written in Java, which may lead to denial of service or HTTP request smuggling.

Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak. For the oldstable distribution (jessie), these problems have been fixed

Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.

- CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488)

https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes

- Update to 1.1.12 - Fix Cross-site Scripting (XSS) issue with link.php (CVE-2017-10970) Release notes: Release notes:

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

updated to 2.6.1 (security bugfix release)

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public

**PHP version 7.0.21** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in

Updated to the latest version; Security fix for CVE-2017-10788

Updated to the latest version; Security fix for CVE-2017-10788

This update updates QtWebEngine to the 5.9.1 release, a security and bugfix release from the 5.9 branch. QtWebEngine 5.9.1 is part of the Qt 5.9.1 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.9.0: CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078,

https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes

New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017

Security fix for CVE-2017-9304, CVE-2017-9465

Fix CVE-2017-9868 (rhbz#1464946)

This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015,

Security fix for DB_CONFIG parsing when db_home is not set. This update also introduces modified fixes for rhbz#1394862 once again and additionally fixes ppc specific hangs described in rhbz#1460003. Please be aware that this update is expected to cause **DB_VERSION_MISMATCH** errors during installation if you are still running an older release of libdb. These errors are a result of packages

xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86: insufficient reference counts during shadow emulation [XSA-219] x86: PKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due to insufficient error checking [XSA-222] ARM guest

fix CVE-2017-6892

https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes

Security fix for CVE-2017-9304, CVE-2017-9465

Fix CVE-2017-9868 (rhbz#1464946)

Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140

Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140

Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140

Backport fix for CVE-2017-9735

Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679

Security fix for DB_CONFIG parsing when db_home is not set. This update also introduces modified fixes for rhbz#1394862 once again and additionally fixes ppc specific hangs described in rhbz#1460003. Please be aware that this update is expected to cause **DB_VERSION_MISMATCH** errors during installation if you are still running an older release of libdb. These errors are a result of packages

Security fix for CVE-2017-9780 Update to 0.8.7

**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi

Chromium 59. Add smaller logo files. Fix lots of security bugs: Security fix for CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5086, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085

fix CVE-2017-6892

Security fix for CVE-2017-9304, CVE-2017-9465

Update to 0.18.2, see https://www.libraw.org/news/libraw-0-18-2 for details.

**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi

Update to new ISC supported version 9.9.10.

Update to new ISC supported version 9.9.10.

Update to latest upstream release in order to fix CVE-2017-9735

update

Update to latest upstream release in order to fix CVE-2017-9735

Update to latest upstream release in order to fix CVE-2017-9735

This is new version with security fixes for CVE-2017-9468, CVE-2017-9469.

update

New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017

Update to new ISC supported version 9.9.10-P2 including security fixes.

Update to annulen-branch of qt5-qtwebkit, which contains a lot of security fixes. Drop-in replacement for the old unmaintained qt5-qtwebkit

Update to new ISC supported version 9.9.10-P2 including security fixes.

Fix CVE-2017-9868 (rhbz#1464946)

Update to last supported version, fixes CVE-2017-3142 and CVE-2017-3143. Includes minor fix of missing dependencies.

New upstream release fixing moderate security issue CVE-2017-7526.

update

Update to latest upstream release in order to fix CVE-2017-9735

Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679

This is an security fix for CVE-2017-9468, CVE-2017-9469.

Security fix for DB_CONFIG parsing when db_home is not set. This update also introduces modified fixes for rhbz#1394862 once again and additionally fixes ppc specific hangs described in rhbz#1460003. Please be aware that this update is expected to cause **DB_VERSION_MISMATCH** errors during installation if you are still running an older release of libdb. These errors are a result of packages

Fix: ocaml: Insufficient sanitisation allows privilege escalation for setuid binaries (CVE-2017-9772) (RHBZ#1464920).

* [7.56](https://) * [SA- CORE-2017-003](https://)

- https://www.zabbix.com/rn/rn3.0.8 - https://www.zabbix.com/rn/rn3.0.9 - https://www.zabbix.com/documentation/3.0/en/manual/introduction/whatsnew308 - https://www.zabbix.com/documentation/3.0/en/manual/introduction/whatsnew309

xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86: insufficient reference counts during shadow emulation [XSA-219] x86: PKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in event channel poll [XSA-221] (#1463231) stale P2M mappings

This update includes a rebase from 8.0.43 up to 8.0.44 which resolves a single CVE along with various other bugs/features: * rhbz#1459160 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism

This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ >= 3.20. * Fix positioning of popup menus in Wayland. * Fix JavaScriptCore crashes on big-

This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015,

A vulnerability in Gajim might allow remote attackers to intercept encrypted communications.

Multiple vulnerabilities have been found in libcroco, the worst of which may have unspecified impacts.

A vulnerability in MAN DB allows local users to gain root privileges.

A vulnerability in RoundCube may allow authenticated users to bypass security restrictions.

Multiple vulnerabilities have been found in VLC, the worst of which may allow remote attackers to execute arbitrary code.

A vulnerability has been found in GNOME applet for NetworkManager allowing local attackers to access the local filesystem.

A vulnerability in feh might allow remote attackers to execute arbitrary code.

A vulnerability in phpMyAdmin might allow remote attackers to bypass authentication.

Multiple vulnerabilities have been found in JasPer, the worst of which could could allow an attacker to execute arbitrary code.

Multiple vulnerabilities have been found in virglrenderer, the worst of which could allow local guest OS users to cause a Denial of Service condition. [More...]

Multiple vulnerabilities have been found in OpenSLP, the worst of which allows remote attackers to cause a Denial of Service condition or other unspecified impacts. [More...]

Multiple vulnerabilities have been found in libsndfile, the worst of which might allow remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code.

New libtirpc packages are available for Slackware 14.2 and -current to fix a security issue.

New rpcbind packages are available for Slackware 14.2 and -current to fix a security issue.

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that solves 15 vulnerabilities and has 162 fixes An update that solves 15 vulnerabilities and has 162 fixes An update that solves 15 vulnerabilities and has 162 fixes is now available. is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available.

An update that solves two vulnerabilities and has 14 fixes An update that solves two vulnerabilities and has 14 fixes An update that solves two vulnerabilities and has 14 fixes is now available. is now available.

An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.

An update that solves 17 vulnerabilities and has one errata An update that solves 17 vulnerabilities and has one errata An update that solves 17 vulnerabilities and has one errata is now available. is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that solves 16 vulnerabilities and has two fixes An update that solves 16 vulnerabilities and has two fixes An update that solves 16 vulnerabilities and has two fixes is now available. is now available.

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

nginx could be made to expose sensitive information over the network.

Evince could be made run programs as your login if it opened a specially crafted file.

poppler could be made to crash or run programs as your login if it opened a specially crafted file.