Debian & Fedora Security Updates: July 28, 2017 Overview

Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases (ESR) of Thunderbird.

The security update announced as DSA-3904-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response.

A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.

It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives (CBT). Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.

It was discovered that ruby-mixlib-archive, a Chef Software's library used to handle various archive formats, was vulnerable to a directory traversal attack. This allowed attackers to overwrite arbitrary files by using a malicious tar archive containing ".." in its entries.

- Upgrade to upstream v3.0.15 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Resolves: Bug#1471848 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1471860 CVE-2017-10983 freeradius: Out-of-bounds read in

This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865).

Rebuilt to new upstream version 2.7.1 fixes rhbz#1443071 and rhbz#1443129

Fixes CVE-2017-3142 and CVE-2017-3143

Fixes CVE-2017-3142 and CVE-2017-3143

This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865).

Rebuilt to new upstream version 2.7.1 fixes rhbz#1443071 and rhbz#1443129

This update addresses the following vulnerabilities: * [CVE-2017-7018](https://www.cve.org/CVERecord?id=CVE-2017-7018), [CVE-2017-7030](https://www.cve.org/CVERecord?id=CVE-2017-7030), [CVE-2017-7034](https://www.cve.org/CVERecord?id=CVE-2017-7034), [CVE-2017-7037](https://www.cve.org/CVERecord?id=CVE-2017-7037),

## 2.8.25 (2017-07-17) * security #23507 [Security] validate empty passwords again (xabbuh) * bug #23526 [HttpFoundation] Set meta refresh time to 0 in RedirectResponse content (jnvsor) * bug #23540 Disable inlining deprecated services (alekitto) * bug #23468 [DI] Handle root namespace in service definitions (ro0NL) * bug #23256 [Security] Fix authentication.failure event

- Upgrade to upstream v3.0.15 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Resolves: Bug#1471848 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1471860 CVE-2017-10983 freeradius: Out-of-bounds read in

This update fixes multiple security vulnerabilities (CVE-2017-7515, CVE-2017-9775, CVE-2017-9776, CVE-2017-9865).

Rebuilt to new upstream version 2.7.1 fixes rhbz#1443071 and rhbz#1443129

* Bump to 1.8.3 * Security fix for CVE-2017-8932 * add support for 28+bit OIDs in asn1

The 4.11.12 update contains a number of important fixes across the tree.

Updated to latest security fxes. https://www.oracle.com/security-alerts/cpujul2017.html - search Java SE Risk Matrix (yah, href is no longer an option obviously...) Disabled autokarmatism as I need to run JDK testsuite over weekend. ---- restored support for system NSS (commented out in java.security by default)

The 4.11.12 update contains a number of important fixes across the tree. ---- The 4.11.11 update contains a number of important fixes across the tree.

Fix /tmp race conditions in libDeployPkg (CVE-2015-5191).

Updated to latest security fxes. https://www.oracle.com/security-alerts/cpujul2017.html - search Java SE Risk Matrix (yah, href is no longer an option obviously...) Disabled autokarmatism as I need to run JDK testsuite over weekend.

This release fixes a use-after-free in replaceChild() call.

* CVE-2017-7718: cirrus: OOB read access issue (bz #1443443) * CVE-2016-9603: cirrus: heap buffer overflow via vnc connection (bz #1432040) * CVE-2017-7377: 9pfs: fix file descriptor leak (bz #1437872) * CVE-2017-7980: cirrus: OOB r/w access issues in bitblt (bz #1444372) * CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2 (bz #1445622) * CVE-2017-8309: audio: host memory lekage via

This release fixes a use-after-free in replaceChild() call.

Fix CVE-2017-11368 (remote triggerable assertion failure in krb5kdc)

This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ >= 3.20. * Fix positioning of popup menus in Wayland. * Fix JavaScriptCore crashes on big-

This update includes the latest stable release of _Apache Subversion_, version **1.9.6**. ### User-visible changes: #### Client-side bugfixes: * cp/mv: improve error message when target is an unversioned dir * merge: reduce memory usage with large amounts of mergeinfo ([issue 4667](https://issues.apache.org/jira/browse/SVN-4667)) #### Server-side

Fix CVE-2017-11368 (remote triggerable assertion failure in krb5kdc)

librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.html

Security fix for CVE-2017-11403

bump to 3.6.3 release - bugfix CVE-2017-11328

Fix CVE-2017-11107 (#1471112)

Security fix for CVE-2017-11173, new upstream version

[Security update](https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/)

Fix CVE-2017-11107 (#1471112)

[Security update](https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/)

librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.html

Updated to latest security fxes. https://www.oracle.com/security-alerts/cpujul2017.html - search Java SE Risk Matrix (yah, href is no longer an option obviously...) Disabled autokarmatism as I need to run JDK testsuite over weekend.

bump to 3.6.3 release - bugfix CVE-2017-11328

Security fix for CVE-2017-11403

librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.html

Fix CVE-2017-11368 (remote triggerable assertion failure in krb5kdc)

bump to 3.6.3 release - bugfix CVE-2017-11328

Fix CVE-2017-11107 (#1471112)

Last upstream release (with security fixes)

The 4.11.11 update contains a number of important fixes across the tree.

Update to 7.4.0 GA release (CVE-2017-11103)

This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS (long-term support) branch. This is a snapshot of the QtWebEngine that will be included in the bugfix and security release Qt 5.6.3, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.6.2: CVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155,

Security fix for CVE-2017-11403

The 4.11.11 update contains a number of important fixes across the tree

This release fixes a use-after-free in replaceChild() call.

[Security update](https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/)

Last upstream release (with security fixes)

Update to 7.4.0 GA release (CVE-2017-11103)

New upstream release: 2.4.5

Update to upstream version 1.3.1.

Security fix for CVE-2017-7506

Update to upstream version 1.3.1.

New upstream release: 2.4.5

New upstream release: 2.4.5

build experimental command line interface "kresc"

Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is now available. now available.

An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now available. is now available.

An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now available. is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has 5 fixes is An update that solves one vulnerability and has 5 fixes is An update that solves one vulnerability and has 5 fixes is now available. now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now available. is now available.

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.

An update that solves one vulnerability and has four fixes An update that solves one vulnerability and has four fixes An update that solves one vulnerability and has four fixes is now available. is now available.

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.

An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is now available. now available.

An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is now available. now available.

An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is now available. now available.

An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is An update that solves one vulnerability and has 11 fixes is now available. now available.

An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is now available. now available.

An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is An update that solves one vulnerability and has 8 fixes is now available. now available.

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes is now available. is now available.

Several security issues were fixed in OpenJDK 8.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the kernel.

Several security issues were fixed in MySQL.

Samba could allow unintended access to network services.

Heimdal could allow unintended access to network services.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.