Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  Debian: DSA-3863-1: imagemagick security update (May 25)
 

This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,
  Debian: DSA-3862-1: puppet security update (May 25)
 

It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code.
  Debian: DSA-3861-1: libtasn1-6 security update (May 24)
 

Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by
  Debian: DSA-3860-1: samba security update (May 24)
 

steelo discovered a remote code execution vulnerability in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client with access to a writable share, can take advantage of this flaw by uploading a shared library and then cause the server to load and execute it.
  (May 19)
 

Security Report Summary
  (May 19)
 

Security Report Summary
  (May 18)
 

Security Report Summary
  (May 18)
 

Security Report Summary
  (May 18)
 

Security Report Summary
 
  Fedora 25: kernel Security Update (May 26)
 

The 4.10.17 stable kernel update contains a number of important fixes across the tree.
  Fedora 25: wordpress Security Update (May 26)
 

**WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC
  Fedora 25: libvncserver Security Update (May 26)
 

Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility.
  Fedora 25: FlightCrew Security Update (May 26)
 

- security fix for rhbz 1450956
  Fedora 24: libvncserver Security Update (May 26)
 

Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility.
  Fedora 24: wordpress Security Update (May 26)
 

**WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC
  Fedora 24: FlightCrew Security Update (May 26)
 

- security fix for rhbz 1450956
  Fedora 25: FlightGear Security Update (May 24)
 

This updates fixes a security bug in the route manager, to prevent it from overwriting arbitrary files (CVE-2017-8921)
  Fedora 24: openvpn Security Update (May 24)
 

Security fix for two remote DoS issues (CVE-2017-7478, CVE-2017-7479)
  Fedora 24: FlightGear Security Update (May 24)
 

This updates fixes a security bug in the route manager, to prevent it from overwriting arbitrary files (CVE-2017-8921)
  Fedora 24: python-fedora Security Update (May 24)
 

This update set fixed problems with Bodhi update submitting. It also includes two security fixes for python-fedora.
  Fedora 24: kernel Security Update (May 22)
 

The 4.10.16 stable kernel update contains a number of important fixes across the tree.
  Fedora 25: kernel Security Update (May 22)
 

The 4.10.16 stable kernel update contains a number of important fixes across the tree.
  Fedora 25: chromium Security Update (May 22)
 

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069
  Fedora 25: chromium-native_client Security Update (May 22)
 

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069
  Fedora 25: kernel Security Update (May 22)
 

The 4.10.16 stable kernel update contains a number of important fixes across the tree.
  Fedora 25: chromium Security Update (May 22)
 

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069
  Fedora 25: chromium-native_client Security Update (May 22)
 

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069
  Fedora 24: kernel Security Update (May 22)
 

The 4.10.16 stable kernel update contains a number of important fixes across the tree.
  Fedora 24: smb4k Security Update (May 22)
 

Security fix for CVE-2017-8849. https://www.kde.org/info/security/advisory-20170510-2.txt
  Fedora 24: chicken Security Update (May 22)
 

Fix for CVE-2017-6949, also bump to 4.12.0
  Fedora 25: chicken Security Update (May 22)
 

Fix for CVE-2017-6949, also bump to 4.12.0
 
  (May 26)
 

A vulnerability in Smb4K could allow local attackers to execute commands as root.
  (May 26)
 

Teeworlds client vulnerability in snap handling could result in execution of arbitrary code.
  (May 26)
 

Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
  (May 26)
 

Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation.
 
  RedHat: RHSA-2017-1297:01 Important: kernel-rt security and bug fix update (May 25)
 

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-1298:01 Important: kernel-rt security and bug fix update (May 25)
 

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-1308:01 Important: kernel security, bug fix, (May 25)
 

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-1272:01 Important: samba3x security update (May 24)
 

An update for samba3x is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2017-1271:01 Important: samba4 security update (May 24)
 

An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-1270:01 Important: samba security update (May 24)
 

An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2017-1267:01 Important: rpcbind security update (May 23)
 

An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-1268:01 Important: libtirpc security update (May 23)
 

An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
 
  Slackware: 2017-144-01: samba Security Update (May 24)
 

New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
 
  openSUSE: 2017:1412-1: important: rpcbind (May 26)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1404-1: important: ghostscript (May 24)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  openSUSE: 2017:1401-1: important: samba (May 24)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1400-1: important: java-1_7_0-openjdk (May 24)
 

An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available.
  SuSE: 2017:1392-1: important: samba (May 24)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1393-1: important: samba (May 24)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1391-1: important: samba (May 24)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1384-1: important: java-1_7_0-ibm (May 23)
 

An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available.
  SuSE: 2017:1387-1: important: java-1_7_1-ibm (May 23)
 

An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available.
  SuSE: 2017:1386-1: important: java-1_8_0-ibm (May 23)
 

An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available.
  openSUSE: 2017:1381-1: important: libtirpc (May 23)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:1382-1: important: tomcat (May 23)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
 
  Ubuntu 3299-1: Firefox update (May 25)
 

Firefox was updated to a new version.
  Ubuntu 3296-2: Samba vulnerability (May 24)
 

Samba could be made to run programs as an administrator.
  Ubuntu 3298-2: MiniUPnP vulnerability (May 24)
 

MiniUPnP could be made to crash or run programs if it received specially crafted network traffic.
  Ubuntu 3296-1: Samba vulnerability (May 24)
 

Samba could be made to run programs as an administrator.
  Ubuntu 3297-1: jbig2dec vulnerabilities (May 24)
 

Several security issues were fixed in jbig2dec.
  Ubuntu 3298-1: MiniUPnP vulnerability (May 24)
 

MiniUPnP could be made to crash or run programs if it received specially crafted network traffic.
  Ubuntu 3283-2: rtmpdump vulnerabilities (May 23)
 

rtmpdump could be made to crash or run programs as your login if it processed a specially crafted stream.