Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Essential tools for hardening and securing Unix based Environments - System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services.

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.


  Debian: 3292-1: cinder: Summary (Jun 19)
 

Security Report Summary

  Debian: 3291-1: drupal7: Summary (Jun 18)
 

Security Report Summary

  Debian: 3290-1: linux: Summary (Jun 18)
 

Security Report Summary

  Debian: 3289-1: p7zip: Summary (Jun 15)
 

Security Report Summary

  Debian: 3252-2: sqlite3: Summary (Jun 14)
 

Security Report Summary

  Debian: 3288-1: libav: Summary (Jun 13)
 

Security Report Summary

  Debian: 3287-1: openssl: Summary (Jun 13)
 

Security Report Summary

  Debian: 3286-1: xen: Summary (Jun 13)
 

Security Report Summary

  Debian: 3285-1: qemu-kvm: Summary (Jun 12)
 

Security Report Summary

  Debian: 3284-1: qemu: Summary (Jun 12)
 

Security Report Summary


  Fedora 21 mbedtls-1.3.11-1.fc21 (Jun 18)
 

- Update to 1.3.11This release is mainly fixing a number of outstanding issues and security fixes. Minor features have been added to enhance functionality and usability.Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-1.3.11-released

  Fedora 20 python-django14-1.4.20-1.fc20 (Jun 18)
 

update to 1.4.20

  Fedora 21 Update: python-urllib3-1.10.4-3.20150503gita91975b.fc21 (Jun 18)
 

Inject pyOpenSSL. https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl

  Fedora 21 python-requests-2.7.0-1.fc21 (Jun 18)
 

Inject pyOpenSSL. https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl

  Fedora 20 mbedtls-1.3.11-1.fc20 (Jun 18)
 

- Update to 1.3.11This release is mainly fixing a number of outstanding issues and security fixes. Minor features have been added to enhance functionality and usability.Release notes: https://tls.mbed.org/tech-updates/releases/mbedtls-1.3.11-released

  Fedora 22 xen-4.5.0-10.fc22 (Jun 14)
 

replace deprecated gnutls use in qemu-xen-traditional based on qemu-xen patches,work around a gcc 5 bug,Potential unintended writes to host MSI message data field via qemu[XSA-128, CVE-2015-4103],PCI MSI mask bits inadvertently exposed to guests [XSA-129,CVE-2015-4104],Guest triggerable qemu MSI-X pass-through error messages [XSA-130,CVE-2015-4105],Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]

  Fedora 21 xen-4.4.2-5.fc21 (Jun 14)
 

Potential unintended writes to host MSI message data field via qemu[XSA-128, CVE-2015-4103],PCI MSI mask bits inadvertently exposed to guests [XSA-129,CVE-2015-4104],Guest triggerable qemu MSI-X pass-through error messages [XSA-130,CVE-2015-4105],Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]

  Fedora 20 armacycles-ad-0.2.8.3.3-1.fc20 (Jun 14)
 

Changes since 0.2.8.3.2:- security fix: do not read ahead of the beginning of network buffer.- security fix: don't attribute network errors from processing random packets to the connection to the server- security fix: while at it, don't process random packets unless they may be important- fix for potential crash with friend list filtering- intel driver compatibility- fix for rare crash with sound lock- fix for camera turning for bizarre axis configurations

  Fedora 21 armacycles-ad-0.2.8.3.3-1.fc21 (Jun 14)
 

Changes since 0.2.8.3.2:- security fix: do not read ahead of the beginning of network buffer.- security fix: don't attribute network errors from processing random packets to the connection to the server- security fix: while at it, don't process random packets unless they may be important- fix for potential crash with friend list filtering- intel driver compatibility- fix for rare crash with sound lock- fix for camera turning for bizarre axis configurations

  Fedora 22 armacycles-ad-0.2.8.3.3-1.fc22 (Jun 14)
 

Changes since 0.2.8.3.2:- security fix: do not read ahead of the beginning of network buffer.- security fix: don't attribute network errors from processing random packets to the connection to the server- security fix: while at it, don't process random packets unless they may be important- fix for potential crash with friend list filtering- intel driver compatibility- fix for rare crash with sound lock- fix for camera turning for bizarre axis configurations

  Fedora 20 libreswan-3.13-1.fc20 (Jun 14)
 

Updated to 3.13 for CVE-2015-3204

  Fedora 20 nss-util-3.19.1-1.0.fc20 (Jun 14)
 

Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_noteshttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

  Fedora 20 nss-softokn-3.19.1-1.0.fc20 (Jun 14)
 

Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_noteshttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

  Fedora 20 nss-3.19.1-1.0.fc20 (Jun 14)
 

Security fix for CVE-2015-4000Update to the upstream NSS 3.19.1 release, which includes a fix for the recently published logjam attack.The previous 3.19 release made several notable changes related to the TLS protocol, one of them was to disable the SSL 3 protocol by default.For the full list of changes in the 3.19 and 3.19.1 releases, please refer to the upstream release notes documents:https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_noteshttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

  Fedora 22 filezilla-3.11.0.2-1.fc22 (Jun 13)
 

Latest upstream, multiple security and bug fixes: https://filezilla-project.org/

  Fedora 20 ntfs-3g-2015.3.14-2.fc20 (Jun 13)
 

Fix CVE-2015-3202.

  Fedora 20 fuse-2.9.4-1.fc20 (Jun 13)
 

Update to 2.9.4, which fixes CVE-2015-3202.

  Fedora 22 qemu-2.3.0-5.fc22 (Jun 11)
 

* CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894)


  Red Hat: 2015:1123-01: cups: Important Advisory (Jun 17)
 

Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]

  Red Hat: 2015:1120-01: kernel: Important Advisory (Jun 16)
 

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.9 Advanced Update Support. Red Hat Product Security has rated this update as having Important security [More...]

  Red Hat: 2015:1090-01: wpa_supplicant: Important Advisory (Jun 11)
 

An updated wpa_supplicant package that fixes two security issues and adds one enhancement is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]


  Slackware: 2015-162-02: php: Security Update (Jun 11)
 

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]

  Slackware: 2015-162-01: openssl: Security Update (Jun 11)
 

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]


  Ubuntu: 2648-1: Aptdaemon vulnerability (Jun 16)
 

Aptdaemon could be made to expose sensitive information, or allow fileaccess as the administrator.

  Ubuntu: 2650-1: wpa_supplicant and hostapd vulnerabilities (Jun 16)
 

wpa_supplicant and hostapd could be made to crash if they receivedspecially crafted network traffic.

  Ubuntu: 2649-1: devscripts vulnerability (Jun 16)
 

devscripts could be made to overwrite files.

  Ubuntu: 2645-1: Linux kernel (Vivid HWE) vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2643-1: Linux kernel vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2642-1: Linux kernel (Trusty HWE) vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2644-1: Linux kernel (Utopic HWE) vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2647-1: Linux kernel vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2641-1: Linux kernel (OMAP4) vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2640-1: Linux kernel vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2646-1: Linux kernel vulnerability (Jun 15)
 

The system could be made to run programs as an administrator.

  Ubuntu: 2639-1: OpenSSL vulnerabilities (Jun 11)
 

Several security issues were fixed in OpenSSL.