Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  Debian: DSA-3915-1: ruby-mixlib-archive security update (Jul 20)
 

It was discovered that ruby-mixlib-archive, a Chef Software's library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing ".." in its entries.
  Debian: DSA-3914-1: imagemagick security update (Jul 18)
 

This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,
  Debian: DSA-3913-1: apache2 security update (Jul 18)
 

Robert Swiecki reported that mod_auth_digest does not properly initialize or reset the value placeholder in [Proxy-]Authorization headers of type 'Digest' between successive key=value assignments, leading to information disclosure or denial of service.
  Debian: DSA-3912-1: heimdal security update (Jul 16)
 

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext (Ticket), rather than the authenticated and encrypted KDC response. A
  Debian: DSA-3910-1: knot security update (Jul 14)
 

Clément Berthaux from Synaktiv discovered a signature forgery vulnerability in knot, an authoritative-only DNS server. This vulnerability allows an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.
  Debian: DSA-3911-1: evince security update (Jul 14)
 

Felix Wilhelm discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely
  Debian: DSA-3909-1: samba security update (Jul 14)
 

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus' Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center (KDC-REP) component and could be used by
 
  Fedora 25: knot Security Update (Jul 20)
 

New upstream release: 2.4.5
  Fedora 25: knot-resolver Security Update (Jul 20)
 

Update to upstream version 1.3.1.
  Fedora 24: spice Security Update (Jul 20)
 

Security fix for CVE-2017-7506
  Fedora 24: knot-resolver Security Update (Jul 20)
 

Update to upstream version 1.3.1.
  Fedora 24: knot Security Update (Jul 20)
 

New upstream release: 2.4.5
  Fedora 26: knot Security Update (Jul 20)
 

New upstream release: 2.4.5
  Fedora 26: knot-resolver Security Update (Jul 20)
 

build experimental command line interface "kresc"
  Fedora 25: putty Security Update (Jul 19)
 

This is an update fixing CVE-2017-6542.
  Fedora 26: irssi Security Update (Jul 19)
 

This is an update fixing CVE-2017-10965 and CVE-2017-10966.
  Fedora 25: poppler Security Update (Jul 18)
 

* various flaws: CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 ---- * CVE-2017-9406 CVE-2017-9408 various memory leak flaws
  Fedora 25: openldap Security Update (Jul 18)
 

Security fix for CVE-2017-9287
  Fedora 24: php Security Update (Jul 18)
 

**PHP version 5.6.31** (06 Jul 2017) **Core:** * Fixed bug php#73807 (Performance problem with processing post request over 2000000 chars). (Nikita) * Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) * Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) * Fixed bug php#74819 (wddx_deserialize() heap
  Fedora 26: php Security Update (Jul 18)
 

**PHP version 7.1.7** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
  Fedora 25: kernel Security Update (Jul 17)
 

The 4.11.10 update contains a number of important fixes across the tree
  Fedora 24: kernel Security Update (Jul 17)
 

The 4.11.10 update contains a number of important fixes across the tree
  Fedora 26: kernel Security Update (Jul 17)
 

The 4.11.10 update contains a number of important fixes across the tree
  Fedora 24: sqlite Security Update (Jul 16)
 

Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function
  Fedora 24: c-ares Security Update (Jul 16)
 

CVE-2017-1000381: c-ares NAPTR parser out of bounds access
  Fedora 26: spatialite-tools Security Update (Jul 16)
 

Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function Additionally sqlite has been updated to version 3.19.3, and spatialite-tools rebuilt for the update.
  Fedora 26: sqlite Security Update (Jul 16)
 

Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function Additionally sqlite has been updated to version 3.19.3, and spatialite-tools rebuilt for the update.
  Fedora 26: poppler Security Update (Jul 16)
 

* various flaws: CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 ---- * CVE-2017-9406 CVE-2017-9408 various memory leak flaws
  Fedora 26: qt5-qtwebkit Security Update (Jul 16)
 

Qt5WebKit update to the new, maintained "annulen branch". Drop-in replacement for the old unmaintained QtWebKit.
  Fedora 26: openvas-scanner Security Update (Jul 16)
 

Update to openvas-9
  Fedora 26: openvas-manager Security Update (Jul 16)
 

Update to openvas-9
  Fedora 26: openvas-gsa Security Update (Jul 16)
 

Update to openvas-9
  Fedora 26: openvas-cli Security Update (Jul 16)
 

Update to openvas-9
  Fedora 26: openvas-libraries Security Update (Jul 16)
 

Update to openvas-9
  Fedora 25: httpd Security Update (Jul 15)
 

File /etc/sysconfig/httpd is ghosted now ---- Version update ---- Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679
  Fedora 25: evince Security Update (Jul 15)
 

- CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488)
  Fedora 25: qt5-qtwebengine Security Update (Jul 15)
 

This update updates QtWebEngine to the 5.9.1 release, a security and bugfix release from the 5.9 branch. QtWebEngine 5.9.1 is part of the Qt 5.9.1 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.9.0: CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078,
  Fedora 24: GraphicsMagick Security Update (Jul 15)
 

New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017
  Fedora 25: sqlite Security Update (Jul 14)
 

Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function
  Fedora 25: cacti Security Update (Jul 14)
 

- Update to 1.1.12 - Fix Cross-site Scripting (XSS) issue with link.php (CVE-2017-10970) Release notes: Release notes:

  Fedora 25: jabberd Security Update (Jul 14)
 

updated to 2.6.1 (security bugfix release)
  Fedora 24: cacti Security Update (Jul 14)
 

- Update to 1.1.12 - Fix Cross-site Scripting (XSS) issue with link.php (CVE-2017-10970) Release notes: Release notes:

  Fedora 24: jabberd Security Update (Jul 14)
 

updated to 2.6.1 (security bugfix release)
  Fedora 24: libgcrypt Security Update (Jul 14)
 

New upstream release fixing moderate security issue CVE-2017-7526.
  Fedora 26: evince Security Update (Jul 14)
 

- CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488)
  Fedora 26: expat Security Update (Jul 14)
 

https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes
  Fedora 26: cacti Security Update (Jul 14)
 

- Update to 1.1.12 - Fix Cross-site Scripting (XSS) issue with link.php (CVE-2017-10970) Release notes: Release notes:

  Fedora 26: myproxy Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: jabberd Security Update (Jul 14)
 

updated to 2.6.1 (security bugfix release)
  Fedora 26: globus-xio-gsi-driver Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-xio-pipe-driver Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-xio Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-xio-udt-driver Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-gram-job-manager Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-gridftp-server Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-net-manager Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-gssapi-gsi Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-io Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-gass-cache-program Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-gass-copy Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-ftp-client Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-gram-job-manager-condor Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 26: globus-gram-client Security Update (Jul 14)
 

globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
  Fedora 25: php Security Update (Jul 13)
 

**PHP version 7.0.21** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in
  Fedora 25: perl-DBD-MySQL Security Update (Jul 13)
 

Updated to the latest version; Security fix for CVE-2017-10788
  Fedora 26: perl-DBD-MySQL Security Update (Jul 13)
 

Updated to the latest version; Security fix for CVE-2017-10788
 
  Slackware: 2017-195-01: mariadb Security Update (Jul 14)
 

New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
  Slackware: 2017-195-02: samba Security Update (Jul 14)
 

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
 
  SuSE: 2017:1925-1: important: Linux Kernel Live Patch 6 for SLE 12 SP2 (Jul 21)
 

An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now available. is now available.
  SuSE: 2017:1924-1: important: Linux Kernel Live Patch 19 for SLE 12 (Jul 21)
 

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.
  SuSE: 2017:1922-1: important: Linux Kernel Live Patch 18 for SLE 12 (Jul 21)
 

An update that solves one vulnerability and has four fixes An update that solves one vulnerability and has four fixes An update that solves one vulnerability and has four fixes is now available. is now available.
  SuSE: 2017:1923-1: important: Linux Kernel Live Patch 4 for SLE 12 SP2 (Jul 21)
 

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.
  SuSE: 2017:1915-1: important: Linux Kernel Live Patch 16 for SLE 12 SP1 (Jul 20)
 

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.
  SuSE: 2017:1914-1: important: Linux Kernel Live Patch 3 for SLE 12 SP2 (Jul 20)
 

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.
  SuSE: 2017:1912-1: important: Linux Kernel Live Patch 22 for SLE 12 (Jul 20)
 

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.
  SuSE: 2017:1913-1: important: Linux Kernel Live Patch 2 for SLE 12 SP2 (Jul 20)
 

An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is now available. now available.
  SuSE: 2017:1910-1: important: Linux Kernel Live Patch 8 for SLE 12 SP1 (Jul 20)
 

An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is now available. now available.
  SuSE: 2017:1909-1: important: Linux Kernel Live Patch 9 for SLE 12 SP1 (Jul 20)
 

An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is now available. now available.
  SuSE: 2017:1908-1: important: Linux Kernel Live Patch 0 for SLE 12 SP2 (Jul 20)
 

An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is now available. now available.
  SuSE: 2017:1907-1: important: Linux Kernel Live Patch 1 for SLE 12 SP2 (Jul 20)
 

An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is now available. now available.
  SuSE: 2017:1905-1: important: Linux Kernel Live Patch 16 for SLE 12 (Jul 20)
 

An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is now available. now available.
  SuSE: 2017:1906-1: important: Linux Kernel Live Patch 17 for SLE 12 (Jul 20)
 

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.
  SuSE: 2017:1904-1: important: Linux Kernel Live Patch 7 for SLE 12 SP2 (Jul 20)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1903-1: important: Linux Kernel Live Patch 8 for SLE 12 SP2 (Jul 20)
 

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.
  SuSE: 2017:1898-1: important: systemd, dracut (Jul 19)
 

An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is now available. now available.
  SuSE: 2017:1893-1: important: evince (Jul 18)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1894-1: important: evince (Jul 18)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  openSUSE: 2017:1885-1: important: xorg-x11-server (Jul 15)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  openSUSE: 2017:1882-1: important: Recommended ncurses (Jul 14)
 

An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.
  openSUSE: 2017:1872-1: important: qemu (Jul 14)
 

An update that solves 23 vulnerabilities and has four fixes An update that solves 23 vulnerabilities and has four fixes An update that solves 23 vulnerabilities and has four fixes is now available. is now available.
  SuSE: 2017:1865-1: important: cryptctl (Jul 14)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1860-1: important: xorg-x11-server (Jul 14)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:1861-1: important: xorg-x11-server (Jul 14)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:1859-1: important: xorg-x11-server (Jul 14)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:1853-1: important: the Linux Kernel (Jul 13)
 

An update that solves 15 vulnerabilities and has 162 fixes An update that solves 15 vulnerabilities and has 162 fixes An update that solves 15 vulnerabilities and has 162 fixes is now available. is now available.
 
  Ubuntu 3361-1: Linux kernel (HWE) vulnerabilities (Jul 21)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3360-1: Linux kernel vulnerabilities (Jul 21)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3359-1: Linux kernel vulnerabilities (Jul 20)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3358-1: Linux kernel vulnerabilities (Jul 20)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3356-2: Expat vulnerability (Jul 19)
 

Expat could be made to hang if it received specially crafted input.
  Ubuntu 3212-3: LibTIFF vulnerabilities (Jul 19)
 

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
  Ubuntu 3307-2: OpenLDAP vulnerability (Jul 19)
 

OpenLDAP could be made to crash if it received specially crafted network traffic.
  Ubuntu 3309-2: Libtasn1 vulnerability (Jul 18)
 

Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file.
  Ubuntu 0025-1: Linux kernel vulnerability (Jul 18)
 

Several security issues were fixed in the kernel.
  Ubuntu 3354-1: Apport vulnerability (Jul 18)
 

An attacker could trick a user into opening a malicious .crash file and execute arbitrary code as the user.
  Ubuntu 3274-2: ICU vulnerabilities (Jul 18)
 

Several security issues were fixed in ICU.
  Ubuntu 3347-2: Libgcrypt vulnerability (Jul 17)
 

Several security issues were fixed in Libgcrypt.
  Ubuntu 3353-2: Samba vulnerability (Jul 14)
 

Samba could allow unintended access to network services.
  Ubuntu 3353-1: Heimdal vulnerability (Jul 14)
 

Heimdal could allow unintended access to network services.
  Ubuntu 3352-1: nginx vulnerability (Jul 13)
 

nginx could be made to expose sensitive information over the network.
  Ubuntu 3351-1: Evince vulnerability (Jul 13)
 

Evince could be made run programs as your login if it opened a specially crafted file.