Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.


LinuxSecurity.com Feature Extras:

Essential tools for hardening and securing Unix based Environments - System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.


  Fedora 26: knot Security Update (Nov 16)
 

Major updates for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for

  Fedora 26: knot-resolver Security Update (Nov 16)
 

Major updates for Knot DNS and Knot Resolver: Knot Resolver 1.5.0 (2017-11-02) Darwin Improvements ------------ - new module ta_signal_query supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145 section 5); it is enabled by default - attempt validation for more records but require it for

  Fedora 25: nagios Security Update (Nov 15)
 

Try to fix error on update with systemctl

  Fedora 25: lame Security Update (Nov 15)
 

Update to 3.100 (#1470202, #1505107)

  Fedora 25: systemd Security Update (Nov 15)
 

- systemd-detect-virt QEMU CPUID logic update - Fix rfkill on some thinkpads - Fix systemd-resolved DOS with crafted NSEC packets (LP#1725351) (No need to reboot.)

  Fedora 25: wget Security Update (Nov 15)
 

new upstream release with CVE fixes

  Fedora 25: xen Security Update (Nov 15)
 

pin count / page reference race in grant table code [XSA-236, CVE-2017-15597]

  Fedora 25: wordpress Security Update (Nov 15)
 

Update to wordpress 4.8.3. See: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ for details

  Fedora 25: perl-Catalyst-Plugin-Static-Simple Security Update (Nov 15)
 

Security fix for CVE-2017-16248. Catalyst::Plugin::Static::Simple has been changed to not serve static files with dots in the names (i.e. .svn, .git, ...)

  Fedora 25: hostapd Security Update (Nov 15)
 

Latest hostapd release with KRACK patches applied.

  Fedora 25: php-PHPMailer Security Update (Nov 15)
 

**Version 5.2.26** (November 4th 2017) * Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output.

  Fedora 26: ImageMagick Security Update (Nov 15)
 

6.9.9-22

  Fedora 26: icu Security Update (Nov 15)
 

Resolves: rhbz#1510932 CVE-2017-14952

  Fedora 26: firefox Security Update (Nov 15)
 

Updated to the latest version - Firefox 57 Please note that this update is incompatible with many recent Firefox add-ons, please see Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ leap/ ---- Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details:

  Fedora 26: poppler Security Update (Nov 15)
 

Security fix for CVE-2017-15565

  Fedora 26: liblouis Security Update (Nov 15)
 

Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744

  Fedora 26: jackson-databind Security Update (Nov 15)
 

Security fix for CVE-2017-15095

  Fedora 26: rubygem-ox Security Update (Nov 15)
 

Security fix for CVE-2017-15928

  Fedora 26: perl-Catalyst-Plugin-Static-Simple Security Update (Nov 15)
 

Security fix for CVE-2017-16248. Catalyst::Plugin::Static::Simple has been changed to not serve static files with dots in the names (i.e. .svn, .git, ...)

  Fedora 26: hostapd Security Update (Nov 15)
 

Latest hostapd release with KRACK patches applied.

  Fedora 26: php-PHPMailer Security Update (Nov 15)
 

**Version 5.2.26** (November 4th 2017) * Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output.

  Fedora 26: wordpress Security Update (Nov 15)
 

Update to wordpress 4.8.3. See: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ for details

  Fedora 26: krb5 Security Update (Nov 15)
 

Fix CVE-2017-15088 (Buffer overflow in get_matching_data())

  Fedora 26: apr Security Update (Nov 15)
 

Security fix + version update

  Fedora 26: apr-util Security Update (Nov 15)
 

Security fix

  Fedora 26: nodejs Security Update (Nov 15)
 

# 2017-10-24, Version 6.11.5 'Boron' (LTS), @MylesBorins This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities. ## Notable Changes * zlib: * CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate

  Fedora 26: xen Security Update (Nov 15)
 

pin count / page reference race in grant table code [XSA-236, CVE-2017-15597]

  Fedora 27: ghostscript Security Update (Nov 15)
 

Latest release of `Ghostscript` (version `9.22`) fixes several *low-impact* security issues, as it provides regular quality improvements & fixes as well.

  Fedora 27: poppler-data Security Update (Nov 15)
 

Latest release of `Ghostscript` (version `9.22`) fixes several *low-impact* security issues, as it provides regular quality improvements & fixes as well.

  Fedora 27: poppler Security Update (Nov 15)
 

Security fix for CVE-2017-15565

  Fedora 27: chromium Security Update (Nov 15)
 

Security fix for CVE-2017-15398, CVE-2017-15399 ---- Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127. Build switched to use gtk3.

  Fedora 27: firefox Security Update (Nov 15)
 

Update to Firefox 57 a.k.a. Quantum This update may break your installed extension, please see this Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/leap/

  Fedora 27: compat-openssl10 Security Update (Nov 15)
 

Minor update release 1.0.2m from upstream.

  Fedora 27: webkitgtk4 Security Update (Nov 15)
 

This update addresses the following vulnerabilities: * [CVE-2017-13798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798), [CVE-2017-13788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788), [CVE-2017-13803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13803) Additional fixes: * Improve calculation of font metrics to prevent scrollbars

  Fedora 27: firefox Security Update (Nov 15)
 

Updated to the latest version - Firefox 57 Please note that this update is incompatible with many recent Firefox add-ons, please see Fedora Magazine article for details: https://fedoramagazine.org/firefox-57-coming-soon-quantum-leap/ leap/

  Fedora 27: hostapd Security Update (Nov 15)
 

Latest hostapd release with KRACK patches applied.

  Fedora 27: php-PHPMailer Security Update (Nov 15)
 

**Version 5.2.26** (November 4th 2017) * Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output.

  Fedora 27: icu Security Update (Nov 15)
 

Resolves: rhbz#1510932 CVE-2017-14952

  Fedora 27: liblouis Security Update (Nov 15)
 

Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744

  Fedora 27: jackson-databind Security Update (Nov 15)
 

Security fix for CVE-2017-15095

  Fedora 27: rubygem-ox Security Update (Nov 15)
 

Update to 2.8.2 - new features and fixes, security fix for CVE-2017-15928

  Fedora 27: php Security Update (Nov 15)
 

**PHP version 7.1.11** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent).

  Fedora 27: wget Security Update (Nov 15)
 

new upstream release with CVE fixes

  Fedora 27: nagios Security Update (Nov 15)
 

Update to close CVE

  Fedora 27: git-annex Security Update (Nov 14)
 

Update to 6.20170925 * https://hackage.haskell.org/package/git-annex-6.20170925/changelog Security fix for CVE-2017-12976.

  Fedora 27: ImageMagick Security Update (Nov 14)
 

6.9.9-22

  Fedora 27: kernel Security Update (Nov 14)
 

The 4.13.12 update contains a number of important fixes across the tree. It contains security fixes for CVE-2017-16532 and CVE-2017-16538.

  Fedora 25: kernel Security Update (Nov 14)
 

The 4.13.12 update contains a number of important fixes across the tree. It contains security fixes for CVE-2017-16532 and CVE-2017-16538.

  Fedora 25: libgcrypt Security Update (Nov 14)
 

Minor security update release 1.7.9.

  Fedora 26: kernel Security Update (Nov 14)
 

The 4.13.12 update contains a number of important fixes across the tree. It contains security fixes for CVE-2017-16532 and CVE-2017-16538.

  Fedora 25: tomcat Security Update (Nov 11)
 

This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features: rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615

  Fedora 27: kernel Security Update (Nov 11)
 

The 4.13.11 update contains a number of important fixes across the tree.

  Fedora 27: ansible Security Update (Nov 11)
 

Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes.

  Fedora 27: wordpress Security Update (Nov 11)
 

Update to wordpress 4.8.3. See: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ for details

  Fedora 27: slurm Security Update (Nov 11)
 

Upstream version 17.02.9 closes privilege escalation issue [CVE-2017-15566](https://nvd.nist.gov/vuln/detail/CVE-2017-15566).

  Fedora 27: kernel Security Update (Nov 11)
 

The 4.13.10 update contains a number of important fixes across the tree.

  Fedora 27: systemd Security Update (Nov 11)
 

- Use infinite timeouts for passwords during boot when JobTimeoutSec=0 - Some tty utf8-mode fixes - Only send one auxillary fd set over dbus - Various network-manager crash and spurious assert fixes - Do not remount network filesystems ro during shutdown and unmount DM devices better - Fix cryptsetup devices disappearing when used for btrfs - Fix assertions messages sometimes not

  Fedora 27: apr Security Update (Nov 11)
 

Security fix + version update

  Fedora 27: xen Security Update (Nov 11)
 

pin count / page reference race in grant table code [XSA-236, CVE-2017-15597] (#1506693)

  Fedora 27: community-mysql Security Update (Nov 11)
 

A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz#1497694: Fix owner and perms on log file in post script CVE fixes: rhbz#1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314

  Fedora 27: tomcat Security Update (Nov 11)
 

This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features: rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615

  Fedora 27: krb5 Security Update (Nov 11)
 

Fix CVE-2017-15088 (Buffer overflow in get_matching_data()) ---- Remove build dependency on python-pyrad. It is only used on the test suite, and we gracefully skip the tests if it is not present.

  Fedora 27: java-1.8.0-openjdk Security Update (Nov 11)
 

updated to aarch64-jdk8u151-b12 (from aarch64-port/jdk8u)

  Fedora 27: lame Security Update (Nov 11)
 

Update to 3.100 (#1470202, #1505107)

  Fedora 27: curl Security Update (Nov 11)
 

- fix buffer overflow while processing IMAP FETCH response (CVE-2017-1000257)

  Fedora 27: modulemd Security Update (Nov 11)
 

This update fixes CVE-2017-1002157 -- possible arbitrary code execution when loading multiple documents with `load_all` / `loads_all`.

  Fedora 27: glusterfs Security Update (Nov 11)
 

3.12.2, bz #1504256

  Fedora 27: libextractor Security Update (Nov 11)
 

1.6, multiple security fixes.

  Fedora 27: seamonkey Security Update (Nov 11)
 

Update to 2.49.1 Based on the Firefox/Thunderbird ESR (extension support release) code version 52.4.0 Fixes various security issues, see https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ and https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ for more info. Since the version of 2.48, SeaMonkey uses another disk cache

  Fedora 27: qemu Security Update (Nov 11)
 

* Fix ppc64 KVM failure (bz #1501936) * CVE-2017-15038: 9p: information disclosure when reading extended attributes (bz #1499111) * CVE-2017-15268: potential memory exhaustion via websock connection to VNC (bz #1496882) ---- qemu-pr-helper didn't work due to a change in the libmultipath/libmpathpersist APIs exposed by device-mapper-multipath-devel. This has been fixed now. Other

  Fedora 27: cacti Security Update (Nov 11)
 

- Update to 1.1.26 - CVE-2017-15194 Release notes:

  Fedora 27: lucene Security Update (Nov 11)
 

Security fix for CVE-2017-12629

  Fedora 27: thunderbird Security Update (Nov 11)
 

For changes see: https://www.mozilla.org/en-US/thunderbird/52.4.0/releasenotes/

  Fedora 27: nodejs-forwarded Security Update (Nov 11)
 

Update to upstream 0.1.2 release for security issue

  Fedora 27: poppler Security Update (Nov 11)
 

Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928. ---- Security fix for CVE-2017-14617 ---- Security fix for CVE-2017-14517, CVE-2017-14518, CVE-2017-14519 and CVE-2017-14929.

  Fedora 27: libXfont2 Security Update (Nov 11)
 

libXfont 2.0.2

  Fedora 27: xen Security Update (Nov 11)
 

xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in linear pagetable de-typing [XSA-240] Stale TLB entry due to page type release race [XSA-241] page type reference leak on x86 [XSA-242] x86: Incorrect handling of self-linear shadow

  Fedora 27: curl Security Update (Nov 11)
 

- fix out of bounds read in FTP PWD response parser (CVE-2017-1000254)

  Fedora 27: mingw-taglib Security Update (Nov 11)
 

Security fix for CVE-2017-12678

  Fedora 27: qemu Security Update (Nov 11)
 

* Fix ppc64 KVM failure (bz #1501936) * CVE-2017-15038: 9p: information disclosure when reading extended attributes (bz #1499111) * CVE-2017-15268: potential memory exhaustion via websock connection to VNC (bz #1496882) ---- qemu-pr-helper didn't work due to a change in the libmultipath/libmpathpersist APIs exposed by device-mapper-multipath-devel. This has been fixed now. Other

  Fedora 27: libextractor Security Update (Nov 11)
 

1.6, multiple security fixes.

  Fedora 27: cacti Security Update (Nov 11)
 

- Update to 1.1.26 - CVE-2017-15194 Release notes:

  Fedora 27: lucene Security Update (Nov 11)
 

Security fix for CVE-2017-12629

  Fedora 27: xen Security Update (Nov 11)
 

xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in linear pagetable de-typing [XSA-240] Stale TLB entry due to page type release race [XSA-241] page type reference leak on x86 [XSA-242] x86: Incorrect handling of self-linear shadow

  Fedora 27: thunderbird Security Update (Nov 11)
 

For changes see: https://www.mozilla.org/en-US/thunderbird/52.4.0/releasenotes/

  Fedora 27: nodejs-forwarded Security Update (Nov 11)
 

Update to upstream 0.1.2 release for security issue

  Fedora 27: poppler Security Update (Nov 11)
 

Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928. ---- Security fix for CVE-2017-14617 ---- Security fix for CVE-2017-14517, CVE-2017-14518, CVE-2017-14519 and CVE-2017-14929.

  Fedora 27: libXfont2 Security Update (Nov 11)
 

libXfont 2.0.2

  Fedora 27: curl Security Update (Nov 11)
 

- fix out of bounds read in FTP PWD response parser (CVE-2017-1000254)

  Fedora 27: mingw-taglib Security Update (Nov 11)
 

Security fix for CVE-2017-12678

  Fedora 26: tomcat Security Update (Nov 10)
 

This update includes a rebase from 8.0.46 up to 8.0.47 which resolves a single CVE along with various other bugs/features: rhbz#1497682 CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615

 
  RedHat: RHSA-2017-3244:01 Important: Red Hat JBoss Data Grid 7.1.1 security (Nov 16)
 

Red Hat JBoss Data Grid 7.1.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2017-3240:01 Important: Red Hat JBoss Enterprise Application (Nov 16)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact

  RedHat: RHSA-2017-3239:01 Important: Red Hat JBoss Enterprise Application (Nov 16)
 

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2017-3227:01 Moderate: openstack-aodh security update (Nov 16)
 

An update for openstack-aodh is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3226:01 Low: redis security update (Nov 15)
 

An update for redis is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3222:01 Critical: flash-plugin security update (Nov 15)
 

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3200:01 Important: kernel security and bug fix update (Nov 15)
 

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

  RedHat: RHSA-2017-3221:01 Moderate: php security update (Nov 15)
 

An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

  RedHat: RHSA-2017-3216:01 Moderate: Red Hat JBoss Enterprise Application (Nov 14)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3220:01 Moderate: Red Hat JBoss Enterprise Application (Nov 14)
 

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3217:01 Moderate: Red Hat JBoss Enterprise Application (Nov 14)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3219:01 Moderate: jboss-ec2-eap security, bug fix, (Nov 14)
 

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3218:01 Moderate: Red Hat JBoss Enterprise Application (Nov 14)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

  RedHat: RHSA-2017-3194:01 Important: httpd security update (Nov 13)
 

An update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2017-3195:01 Important: httpd security update (Nov 13)
 

An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2017-3193:01 Important: httpd security update (Nov 13)
 

An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2017-3190:01 Important: rh-eclipse46-jackson-databind security (Nov 13)
 

An update for rh-eclipse46-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

  RedHat: RHSA-2017-3189:01 Important: rh-eclipse47-jackson-databind security (Nov 13)
 

An update for rh-eclipse47-jackson-databind is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

 
  Slackware: 2017-320-01: libplist Security Update (Nov 17)
 

New libplist packages are available for Slackware 14.2 and -current to fix security issues.

  Slackware: 2017-320-02: mozilla-firefox Security Update (Nov 17)
 

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

 
  openSUSE: 2017:3027-1: important: MozillaFirefox (Nov 17)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.

  SuSE: 2017:2871-2: important: wget (Nov 16)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.

  SuSE: 2017:2327-2: important: xen (Nov 16)
 

An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is now available. now available.

  openSUSE: 2017:3016-1: important: snack (Nov 15)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

  SuSE: 2017:2872-2: important: MozillaFirefox, mozilla-nss (Nov 13)
 

An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available.

  SuSE: 2017:3000-1: important: storm, storm-kit (Nov 13)
 

An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.

  openSUSE: 2017:2998-1: important: java-1_8_0-openjdk (Nov 12)
 

An update that fixes 19 vulnerabilities is now available. An update that fixes 19 vulnerabilities is now available. An update that fixes 19 vulnerabilities is now available.

  SuSE: 2017:2996-1: important: mysql (Nov 11)
 

An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now available. errata is now available.

  openSUSE: 2017:2993-1: important: krb5 (Nov 10)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

  openSUSE: 2017:2991-1: important: webkit2gtk3 (Nov 10)
 

An update that fixes 40 vulnerabilities is now available. An update that fixes 40 vulnerabilities is now available. An update that fixes 40 vulnerabilities is now available.

  SuSE: 2017:2989-1: important: java-1_8_0-openjdk (Nov 10)
 

An update that fixes 19 vulnerabilities is now available. An update that fixes 19 vulnerabilities is now available. An update that fixes 19 vulnerabilities is now available.

  SuSE: 2017:2981-1: important: openssl (Nov 10)
 

An update that solves one vulnerability and has 5 fixes is An update that solves one vulnerability and has 5 fixes is An update that solves one vulnerability and has 5 fixes is now available. now available.

  SuSE: 2017:2969-1: important: qemu (Nov 10)
 

An update that solves 29 vulnerabilities and has two fixes An update that solves 29 vulnerabilities and has two fixes An update that solves 29 vulnerabilities and has two fixes is now available. is now available.

  SuSE: 2017:2968-1: important: openssl1 (Nov 10)
 

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.

  SuSE: 2017:2963-1: important: kvm (Nov 10)
 

An update that solves 23 vulnerabilities and has 6 fixes is An update that solves 23 vulnerabilities and has 6 fixes is An update that solves 23 vulnerabilities and has 6 fixes is now available. now available.

 
  Debian LTS: DLA-1172-1: firefox-esr security update (Nov 16)
 

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.

  Debian LTS: DLA-1171-1: libxml-libxml-perl security update (Nov 14)
 

The XML::LibXML perl module is affected by a "use-after-free" vulnerability which allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild() call.

  Debian LTS: DLA-1170-1: graphicsmagick security update (Nov 14)
 

Security vulnerabilities have been identified in graphicsmagick, a collection of image processing utilities and libraries.

  Debian LTS: DLA-1151-2: wordpress regression update (Nov 12)
 

The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed as too intrusive and thus the initial patch

  Debian LTS: DLA-1169-1: postgresql-common security update (Nov 11)
 

A security vulnerability has been found in postgresql-common, Debian's PostgreSQL database cluster management tools. CVE-2017-8806

  Debian LTS: DLA-1168-1: graphicsmagick security update (Nov 10)
 

A remote denial of service vulnerability has been discovered in graphicsmagick, a collection of image processing tools and associated libraries.

  Debian LTS: DLA-1166-2: tomcat7 regression update (Nov 10)
 

The update for tomcat7 issued as DLA-1166-1 caused a regressions whereby every request, including for the root document (/), returned HTTP status 404. Updated packages are now available to address this problem. For reference, the original

  (Nov 9)
 

A security vulnerability was discovered in OpenSSL, the Secure Sockets Layer toolkit. CVE-2017-3735

 
  ArchLinux: 201711-24: couchdb: multiple issues (Nov 16)
 

The package couchdb before version 2.1.1-1 is vulnerable to multiple issues including privilege escalation and arbitrary command execution.

  ArchLinux: 201711-23: firefox: multiple issues (Nov 16)
 

The package firefox before version 57.0-1 is vulnerable to multiple issues including arbitrary code execution, same-origin policy bypass, access restriction bypass, content spoofing, information disclosure, privilege escalation and cross-site scripting.

  ArchLinux: 201711-22: lib32-flashplugin: arbitrary code execution (Nov 15)
 

The package lib32-flashplugin before version 27.0.0.187-1 is vulnerable to arbitrary code execution.

  ArchLinux: 201711-21: flashplugin: arbitrary code execution (Nov 15)
 

The package flashplugin before version 27.0.0.187-1 is vulnerable to arbitrary code execution.

  ArchLinux: 201711-20: mediawiki: multiple issues (Nov 15)
 

The package mediawiki before version 1.29.2-1 is vulnerable to multiple issues including cross-site scripting, information disclosure, url request injection and insufficient validation.

  ArchLinux: 201711-19: konversation: denial of service (Nov 14)
 

The package konversation before version 1.7.3-1 is vulnerable to denial of service.

  ArchLinux: 201711-18: postgresql-old-upgrade: multiple issues (Nov 10)
 

The package postgresql-old-upgrade before version 9.6.6-1 is vulnerable to multiple issues including access restriction bypass and information disclosure.

  ArchLinux: 201711-17: postgresql: multiple issues (Nov 10)
 

The package postgresql before version 10.1-1 is vulnerable to multiple issues including access restriction bypass and information disclosure.

  ArchLinux: 201711-16: libextractor: denial of service (Nov 10)
 

The package libextractor before version 1.6-1 is vulnerable to denial of service.

  ArchLinux: 201711-15: lib32-openssl: multiple issues (Nov 10)
 

The package lib32-openssl before version 1:1.1.0.g-1 is vulnerable to multiple issues including information disclosure and denial of service.

 
  (Nov 15)
 

When running a script that raised the tx ring count to its maximum valuesupported by the Solarflare Network Interface Controller (NIC) driver, theEF10 family NICs allowed the settings exceeding the hardware's capability.Consequently, the Solarflare hardware became unusable with Scientific Linux 6. This update fixes the sfc driver, so that the tx ringcan have maximum 2048 entries for all EF10 NICs. As a result, theSolarflare hardware no longer becomes unusable.

  (Nov 15)
 

An integer overflow flaw, leading to a heap-based buffer overflow wasfound in the way libgd read some specially-crafted gd2 files. A remoteattacker could use this flaw to crash an application compiled with libgdor in certain cases execute arbitrary code with the privileges of the userrunning that application. (CVE-2016-10168)