June 2017 Linux Security Updates and Vulnerabilities Overview

It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable.

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing.

It was discovered that a side channel attack in the EdDSA session key handling in Libgcrypt may result in information disclosure. For the stable distribution (jessie), this problem has been fixed in

Multiple security vulnerabilities have been found in oSIP, a library implementing the Session Initiation Protocol, which might result in denial of service through malformed SIP messages.

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed.

It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a

Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.

It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened.

Agostino Sarubbo and AromalUllas discovered that ettercap, a network security tool for traffic interception, contains vulnerabilities that allowed an attacker able to provide maliciously crafted filters to cause a denial-of-service via application crash.

- new upstream update (54.0)

Update to version 1.8.2. The upstream release notes: https://mail.gnome.org/archives/ftp-release-list/2017-June/msg00015.html

**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB **Removed patches: (fixed by upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14: %{pkgnamepatch}-example-config-

Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor

FIx for CVE-2017-8366

Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor

FIx for CVE-2017-8366

fixes buffer overflows for flac and pcm

This update addresses the following vulnerabilities: * [CVE-2017-2496](https://www.cve.org/CVERecord?id=CVE-2017-2496), [CVE-2017-2539](https://www.cve.org/CVERecord?id=CVE-2017-2539), [CVE-2017-2510](https://www.cve.org/CVERecord?id=CVE-2017-2510) Additional fixes: * Fix URL shown in the title of beforeunload dialogs. * Focus

CVE-2017-7511 poppler: Null pointer dereference in pdfunite via crafted documents

Update to a bugfix release of yara.

The 4.11.4 update contains a number of important fixes across the tree ---- This is a rebase to the 4.11 series of kernels. It includes all fixes

https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html

Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor

fixes buffer overflows for flac and pcm

Security fix for CVE-2017-5645

Security fix for CVE-2017-5645

Per release notes: https://www.postgresql.org/docs/9.5/release-9-5-7.html

Multiple security flaws were found on oniguruma currently being shipped on Fedora. This new rpm should fix the issue. Fixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228

Multiple security flaws were found on oniguruma currently being shipped on Fedora. This new rpm should fix the issue. Fixed CVEs: CVE-2017-9226 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228

Fixed CVE-2017-6508: CRLF injection in the url_parse function in url.c

Security fix for CVE-2017-9432

- Update to upstream 3.5.13 release

fixes buffer overflows for flac and pcm

FIx for CVE-2017-8366

Security fixes.

Security fix for CVE-2017-5645

* fixed CVE-2017-6508 CRLF injection in the url_parse function in url.c * fixed use of .netrc

- update to 1.8.20p2 - added sudo package to dnf/yum protected packages ---- - update to 1.8.20p1 - fixes CVE-2017-1000367

This release fixes a possible setting arbitrary mode on an arbitrary file in rmtree() and remove_tree() calls known as CVE-2017-6512.

This update fixes CVEs 2017-7511 and 2017-9083.

Rebuild with new bochs version

CVE-2017-7511 poppler: Null pointer dereference in pdfunite via crafted documents

Noteworthy changes in release 4.11 (released 2017-05-27) [stable] - Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields. - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509

Upgrade FreeRADIUS to upstream v3.0.14 release. The release includes fixes for various issues, including security issues, one of which is CVE-2017-9148.

Multiple security flaws were found on the previous version of oniguruma. This new version should fix the issue. Fixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228

Update to 4.12 (#1456190)

Security fixes for CVE-2017-9078 CVE-2017-9079

This update addresses the following vulnerabilities: * [CVE-2017-2496](https://www.cve.org/CVERecord?id=CVE-2017-2496), [CVE-2017-2539](https://www.cve.org/CVERecord?id=CVE-2017-2539), [CVE-2017-2510](https://www.cve.org/CVERecord?id=CVE-2017-2510) Additional fixes: * Fix URL shown in the title of beforeunload dialogs. * Focus

Contains fixes to ensure Puppet can start correctly and a security fix for remote code execution tracked as [CVE-2017-2295](https://bugzilla.redhat.com/show_bug.cgi?id=1452654). * Fix remote code execution in Puppet master during fact uploads - Fedora#1452654 * Fix SSL monkey patches error on startup - Fedora#1440710 , Fedora#1443673 * Fix

Cumulative bug-fix, enhancement and security update, including fix for CVE-2016-10374: perltidy relies on the current working directory for certain output files and did not have a symlink-attack protection mechanism, which allowed local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim could not

Fix for CVE-2017-8779

**WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC

New release fixing moderate (information leak) issue with PAM configuration when authentication to remote services via SSSD is enabled. To fix the incorrect configuration run: authconfig --updateall

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069

Fixed typo in memory leaks patch

- security fix for rhbz 1450956

This updates fixes a security bug in the route manager, to prevent it from overwriting arbitrary files (CVE-2017-8921)

A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.

A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.

A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.

Fix for CVE-2017-6949, also bump to 4.12.0

Fixes CVE-2017-7484 CVE-2017-7485 CVE-2017-7486.

Security fix for CVE-2017-8849. https://kde.org/info/security/advisory-20170510-2.txt

Update to 2.5.0 / https://cisofy.com/security/cve/cve-2017-8108/

fix insufficient escaping of user-supplied data (CVE-2017-7692)

This update fixes CVEs 2017-7511 and 2017-9083.

Upgrade FreeRADIUS to upstream v3.0.14 release. The release includes fixes for various issues, including security issues, one of which is CVE-2017-9148.

This update fixes CVEs 2017-7511 and 2017-9083.

- update to 1.8.20p2 - added sudo package to dnf/yum protected packages ---- - update to 1.8.20p1 - fixes CVE-2017-1000367

New mozilla-firefox packages are available for Slackware 14.2, and -current to fix security issues.

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.

An update that solves 8 vulnerabilities and has 68 fixes is An update that solves 8 vulnerabilities and has 68 fixes is An update that solves 8 vulnerabilities and has 68 fixes is now available. now available.

An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available.

libmwaw could be made to crash or run programs as your login if it opened a specially crafted file.

zziplib could be made to crash or run programs as your login if it opened a specially crafted file.

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Several security issues were fixed in GnuTLS.