Weekly Overview of Linux Security Updates: July 7, 2017 Highlights

Jul 07, 2017 •

11 - 22 min read

Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

	Debian: DSA-3903-1: tiff security update (Jul 5)
	Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
	Debian: DSA-3902-1: jabberd2 security update (Jul 5)
	It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration.
	Debian: DSA-3901-1: libgcrypt20 security update (Jul 2)
	Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024.

	Fedora 25: webkitgtk4 Security Update (Jul 7)
	This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ >= 3.20. * Fix positioning of popup menus in Wayland. * Fix JavaScriptCore crashes on big-
	Fedora 26: qt5-qtwebengine Security Update (Jul 6)
	This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015,
	Fedora 25: bind Security Update (Jul 5)
	Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1.
	Fedora 25: dnsperf Security Update (Jul 5)
	Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1.
	Fedora 25: bind-dyndb-ldap Security Update (Jul 5)
	Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1.
	Fedora 25: php-horde-Horde-Image Security Update (Jul 5)
	Horde_Image 2.5.1 * [mjr] SECURITY: Fix more potential places for command injections. ---- Horde_Image 2.5.0 * [mjr] SECURITY: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] SECURITY: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi
	Fedora 25: kmail Security Update (Jul 5)
	CVE-2017-9604 kmail: Send Later with Delay bypasses OpenPGP
	Fedora 25: kf5-messagelib Security Update (Jul 5)
	Security fix for CVE-2017-9604
	Fedora 25: kdepim4 Security Update (Jul 5)
	Security fix for CVE-2016-7968
	Fedora 25: globus-xio-pipe-driver Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: myproxy Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: drupal7 Security Update (Jul 3)
	* [7.56](https://www.drupal.org/project/drupal/releases/7.56) * [SA- CORE-2017-003](https://www.drupal.org/SA-CORE-2017-003)
	Fedora 25: libgcrypt Security Update (Jul 3)
	New upstream release fixing moderate security issue CVE-2017-7526.
	Fedora 25: globus-net-manager Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-gridftp-server Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-xio Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-xio-gsi-driver Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-xio-udt-driver Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-gram-job-manager Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-io Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-gass-copy Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-gass-cache-program Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-gssapi-gsi Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: globus-ftp-client Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-net-manager Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-xio-gsi-driver Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: myproxy Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-xio-udt-driver Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: drupal7 Security Update (Jul 3)
	* [7.56](https://www.drupal.org/project/drupal/releases/7.56) * [SA- CORE-2017-003](https://www.drupal.org/SA-CORE-2017-003)
	Fedora 24: globus-xio Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-gridftp-server Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-io Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-xio-pipe-driver Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-gass-copy Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-ftp-client Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-gram-job-manager Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-gssapi-gsi Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 24: globus-gass-cache-program Security Update (Jul 3)
	globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public
	Fedora 25: zabbix Security Update (Jul 2)
	- https://www.zabbix.com/rn/rn3.0.8 - https://www.zabbix.com/rn/rn3.0.9 - https://www.zabbix.com/documentation/3.0/en/manual/introduction/whatsnew308 - https://www.zabbix.com/documentation/3.0/en/manual/introduction/whatsnew309
	Fedora 24: zabbix Security Update (Jul 2)
	- https://www.zabbix.com/rn/rn3.0.8 - https://www.zabbix.com/rn/rn3.0.9 - https://www.zabbix.com/documentation/3.0/en/manual/introduction/whatsnew308 - https://www.zabbix.com/documentation/3.0/en/manual/introduction/whatsnew309
	Fedora 24: systemd Security Update (Jul 2)
	A fix for an out-of-bounds write in systemd-resolved after a crafted DNS packet (CVE-2017-9445). No need to reboot or log out.
	Fedora 24: xen Security Update (Jul 1)
	xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86: insufficient reference counts during shadow emulation [XSA-219] x86: PKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due to insufficient error checking [XSA-222] ARM guest
	Fedora 24: openvpn Security Update (Jun 30)
	Updates to the latest upstream OpenVPN 2.3.17, containing security updates for CVE-2017-7508, CVE-2017-7520 and CVE-2017-7521.
	Fedora 25: systemd Security Update (Jun 29)
	A fix for an out-of-bounds write in systemd-resolved after a crafted DNS packet (CVE-2017-9445). No need to reboot or log out.
	Fedora 25: tomcat Security Update (Jun 29)
	This update includes a rebase from 8.0.43 up to 8.0.44 which resolves a single CVE along with various other bugs/features: * rhbz#1459160 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
	Fedora 25: chromium-native_client Security Update (Jun 29)
	Chromium 59. Add smaller logo files. Fix lots of security bugs: Security fix for CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5086, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085
	Fedora 24: tomcat Security Update (Jun 29)
	This update includes a rebase from 8.0.43 up to 8.0.44 which resolves a single CVE along with various other bugs/features: * rhbz#1459160 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
	Fedora 26: systemd Security Update (Jun 29)
	A fix for an out-of-bounds write in systemd-resolved after a crafted DNS packet (CVE-2017-9445). No need to reboot or log out.

	(Jul 5)
	Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code.

	Slackware: 2017-184-01: Slackware 14.0 kernel Security Update (Jul 3)
	New kernel packages are available for Slackware 14.0 to fix security issues.
	Slackware: 2017-181-01: glibc Security Update (Jun 30)
	New glibc packages are available for Slackware 14.2 and -current to fix security issues.
	Slackware: 2017-181-02: kernel Security Update (Jun 30)
	New kernel packages are available for Slackware 14.2 and -current to fix security issues.
	Slackware: 2017-180-03: httpd Security Update (Jun 29)
	New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
	Slackware: 2017-180-02: bind Security Update (Jun 29)
	New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
	Slackware: 2017-180-01: Slackware 14.1 kernel Security Update (Jun 29)
	New kernel packages are available for Slackware 14.1 to fix security issues.
	Slackware: 2017-180-04: libgcrypt Security Update (Jun 29)
	New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue.

	SuSE: 2017:1815-1: important: Recommended ncurses (Jul 7)
	An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.
	SuSE: 2017:1812-1: important: xen (Jul 7)
	An update that solves 17 vulnerabilities and has one errata An update that solves 17 vulnerabilities and has one errata An update that solves 17 vulnerabilities and has one errata is now available. is now available.
	openSUSE: 2017:1809-1: important: bind (Jul 6)
	An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
	openSUSE: 2017:1797-1: important: clamav (Jul 6)
	An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
	SuSE: 2017:1795-1: important: xen (Jul 6)
	An update that solves 16 vulnerabilities and has two fixes An update that solves 16 vulnerabilities and has two fixes An update that solves 16 vulnerabilities and has two fixes is now available. is now available.
	SuSE: 2017:1790-1: important: Recommended ncurses (Jul 6)
	An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
	SuSE: 2017:1778-1: important: sudo (Jul 4)
	An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
	SuSE: 2017:1774-1: important: qemu (Jul 4)
	An update that solves 23 vulnerabilities and has four fixes An update that solves 23 vulnerabilities and has four fixes An update that solves 23 vulnerabilities and has four fixes is now available. is now available.
	SuSE: 2017:1770-1: important: xen (Jul 4)
	An update that solves 6 vulnerabilities and has 12 fixes is An update that solves 6 vulnerabilities and has 12 fixes is An update that solves 6 vulnerabilities and has 12 fixes is now available. now available.
	SuSE: 2017:1760-1: important: unrar (Jul 3)
	An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
	SuSE: 2017:1745-1: important: unrar (Jun 30)
	An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
	SuSE: 2017:1744-1: important: python-pycrypto (Jun 30)
	An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
	SuSE: 2017:1742-1: important: xen (Jun 30)
	An update that solves two vulnerabilities and has 9 fixes An update that solves two vulnerabilities and has 9 fixes An update that solves two vulnerabilities and has 9 fixes is now available. is now available.
	SuSE: 2017:1738-1: important: bind (Jun 29)
	An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
	SuSE: 2017:1736-1: important: bind (Jun 29)
	An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
	SuSE: 2017:1737-1: important: bind (Jun 29)
	An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
	SuSE: 2017:1735-1: important: the Linux kernel (Jun 29)
	An update that contains security fixes can now be installed. An update that contains security fixes can now be installed. An update that contains security fixes can now be installed.
	SuSE: 2017:1718-1: important: openvpn-openssl1 (Jun 29)
	An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata is now available. is now available.
	SuSE: 2017:1716-1: important: clamav (Jun 29)
	An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.
	SuSE: 2017:1715-1: important: xen (Jun 29)
	An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes is now available. is now available.

	Ubuntu 3350-1: poppler vulnerabilities (Jul 7)
	poppler could be made to crash or run programs as your login if it opened a specially crafted file.
	Ubuntu 3321-1: Thunderbird vulnerabilities (Jul 5)
	Several security issues were fixed in Thunderbird.
	Ubuntu 3348-1: Samba vulnerability (Jul 5)
	Samba could be made to hang if it received specially crafted network traffic.
	Ubuntu 3349-1: NTP vulnerabilities (Jul 5)
	Several security issues were fixed in NTP.
	Ubuntu 3347-1: Libgcrypt vulnerabilities (Jul 3)
	Several security issues were fixed in Libgcrypt.
	Ubuntu 3346-1: bind9 vulnerabilities (Jun 29)
	Bind could be made to serve incorrect information or expose sensitive information over the network.
	Ubuntu 3342-2: Linux kernel (HWE) vulnerabilities (Jun 29)
	Several security issues were fixed in the Linux kernel.
	Ubuntu 3323-2: GNU C Library vulnerability (Jun 29)
	Gnu C library could be made to run programs as an administrator.
	Ubuntu 3343-2: Linux kernel (Trusty HWE) vulnerabilities (Jun 29)
	Several security issues were fixed in the Linux kernel.
	Ubuntu 3345-1: Linux kernel vulnerabilities (Jun 29)
	Several security issues were fixed in the Linux kernel.
	Ubuntu 3338-2: Linux kernel regression (Jun 29)
	Several security issues were fixed in the Linux kernel.
	Ubuntu 3344-2: Linux kernel (Xenial HWE) vulnerabilities (Jun 29)
	Several security issues were fixed in the Linux kernel.
	Ubuntu 3342-1: Linux kernel vulnerabilities (Jun 29)
	Several security issues were fixed in the Linux kernel.
	Ubuntu 3344-1: Linux kernel vulnerabilities (Jun 29)
	Several security issues were fixed in the Linux kernel.
	Ubuntu 3343-1: Linux kernel vulnerabilities (Jun 29)
	Several security issues were fixed in the Linux kernel.