Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Essential tools for hardening and securing Unix based Environments - System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  Fedora 25: SDL2_image Security Update (Oct 19)
 

Fix CVE-2017-2887
  Fedora 26: SDL2_image Security Update (Oct 19)
 

Fix CVE-2017-2887
  Fedora 25: upx Security Update (Oct 18)
 

3.94 and patch for CVE-2017-15056
  Fedora 26: upx Security Update (Oct 18)
 

3.94 and patch for CVE-2017-15056
  Fedora 26: rubygem-rmagick Security Update (Oct 18)
 

6.9.9-19
  Fedora 26: ImageMagick Security Update (Oct 18)
 

6.9.9-19
  Fedora 26: selinux-policy Security Update (Oct 17)
 

More info:

  Fedora 25: wpa_supplicant Security Update (Oct 17)
 

Fix the for the Key Reinstallation Attacks in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078,
  Fedora 25: weechat Security Update (Oct 17)
 

New upstream version
  Fedora 27: xorg-x11-server Security Update (Oct 17)
 

xserver 1.19.5 ---- Update to xserver 1.19.4, multiple stability fixes.
  Fedora 27: wpa_supplicant Security Update (Oct 17)
 

Fix the for the Key Reinstallation Attacks in FT handshake (CVE-2017-13082) - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases (CVE-2017-13078,
  Fedora 27: procmail Security Update (Oct 17)
 

This is security update fixing possible buffer overflow in loadbuf function.
  Fedora 27: libXfont Security Update (Oct 17)
 

Security fix for CVE-2017-13720 and CVE-2017-13722
  Fedora 27: rubygem-rmagick Security Update (Oct 17)
 

6.9.9-19
  Fedora 27: ImageMagick Security Update (Oct 17)
 

6.9.9-19
  Fedora 27: tnef Security Update (Oct 17)
 

Update to 1.4.15. Fixes CVE-2017-8911
  Fedora 27: openvswitch Security Update (Oct 17)
 

Update to Open vSwitch 2.8.1 Includes security fix for CVE-2017-14970
  Fedora 27: weechat Security Update (Oct 17)
 

New upstream version
  Fedora 26: openvswitch Security Update (Oct 16)
 

Add a symlink of the OCF script in the OCF resources folder ---- Updated to Open vSwitch 2.7.3 and DPDK 16.11.3 for CVE-2017-14970 ---- Security fix for CVE-2017-9263, CVE-2017-9265 ---- Updated to Open vSwitch 2.7.1 and DPDK 16.11.2 (#1468234)
  Fedora 26: curl Security Update (Oct 16)
 

- fix out of bounds read in FTP PWD response parser (CVE-2017-1000254)
  Fedora 26: weechat Security Update (Oct 16)
 

New upstream version
  Fedora 27: SDL2_image Security Update (Oct 15)
 

Fix CVE-2017-2887
  Fedora 27: upx Security Update (Oct 14)
 

3.94 and patch for CVE-2017-15056
  Fedora 25: recode Security Update (Oct 13)
 

Security fix for buffer overflow due to long input filenames [see Bug 1422550 and 1422545]
  Fedora 26: recode Security Update (Oct 13)
 

Security fix for buffer overflow due to long input filenames [see Bug 1422550 and 1422545]
  Fedora 26: tor Security Update (Oct 13)
 

update to upstream release 0.3.1.7 ---- update to upstream release 0.2.9.12 (SECURITY) (#1494860)
  Fedora 25: mingw-poppler Security Update (Oct 12)
 

This update fixes CVE-2017-14520.
  Fedora 26: chromium Security Update (Oct 12)
 

Update to 61.0.3163.100. Security fix for CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122
  Fedora 26: mingw-poppler Security Update (Oct 12)
 

This update fixes CVE-2017-14520.
  Fedora 27: mingw-poppler Security Update (Oct 12)
 

This update fixes CVE-2017-14520.
 
  RedHat: RHSA-2017-2998:01 Critical: java-1.8.0-openjdk security update (Oct 20)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2997:01 Important: chromium-browser security update (Oct 20)
 

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2017-2972:01 Moderate: httpd security update (Oct 19)
 

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2017-2966:01 Moderate: ansible security, bug fix, (Oct 19)
 

An update for ansible is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2931:01 Important: kernel-rt security and bug fix update (Oct 19)
 

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-2930:01 Important: kernel security and bug fix update (Oct 19)
 

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-2918:01 Important: kernel-rt security and bug fix update (Oct 19)
 

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-2913:01 Moderate: rh-nodejs6-nodejs-tough-cookie security (Oct 18)
 

An update for rh-nodejs6-nodejs-tough-cookie is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2912:01 Moderate: rh-nodejs4-nodejs-tough-cookie security (Oct 18)
 

An update for rh-nodejs4-nodejs-tough-cookie is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2911:01 Important: wpa_supplicant security update (Oct 18)
 

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2017-2908:01 Moderate: rh-nodejs6-nodejs security update (Oct 18)
 

An update for rh-nodejs6-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2907:01 Important: wpa_supplicant security update (Oct 17)
 

An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2017-2905:01 Moderate: rh-sso7-keycloak security update (Oct 17)
 

An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 7.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2904:01 Moderate: rh-sso7-keycloak security update (Oct 17)
 

An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 7.1 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2906:01 Moderate: Red Hat Single Sign-On security update (Oct 17)
 

Red Hat Single Sign-On 7.1.3 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2899:01 Critical: flash-plugin security update (Oct 17)
 

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2017-2889:01 Important: Red Hat JBoss BPM Suite 6.4.6 security (Oct 12)
 

An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-2888:01 Important: Red Hat JBoss BRMS 6.4.6 security (Oct 12)
 

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2017-2886:01 Important: rh-mysql57-mysql security and bug fix (Oct 12)
 

An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
 
  Slackware: 2017-291-02: wpa_supplicant Security Update (Oct 18)
 

New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  Slackware: 2017-291-03: xorg-server Security Update (Oct 18)
 

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  Slackware: 2017-291-01: libXres Security Update (Oct 18)
 

New libXres packages are available for Slackware 14.1, 14.2, and -current to fix a security issue.
 
  SuSE: 2017:2809-1: important: Linux Kernel Live Patch 7 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2807-1: important: Linux Kernel Live Patch 6 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2805-1: important: Linux Kernel Live Patch 3 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2806-1: important: Linux Kernel Live Patch 11 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2804-1: important: Linux Kernel Live Patch 9 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2802-1: important: Linux Kernel Live Patch 1 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2803-1: important: Linux Kernel Live Patch 2 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2801-1: important: Linux Kernel Live Patch 0 for SLE 12 SP2 (Oct 20)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
  SuSE: 2017:2800-1: important: Linux Kernel Live Patch 10 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2798-1: important: Linux Kernel Live Patch 5 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2799-1: important: Linux Kernel Live Patch 8 for SLE 12 SP2 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2796-1: important: Linux Kernel Live Patch 20 for SLE 12 SP1 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2797-1: important: Linux Kernel Live Patch 18 for SLE 12 SP1 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2794-1: important: Linux Kernel Live Patch 1 for SLE 12 SP3 (Oct 20)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2792-1: important: Linux Kernel Live Patch 19 for SLE 12 SP1 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2793-1: important: Linux Kernel Live Patch 17 for SLE 12 SP1 (Oct 20)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2791-1: important: Linux Kernel Live Patch 21 for SLE 12 SP1 (Oct 20)
 

An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now available. errata is now available.
  SuSE: 2017:2790-1: important: Linux Kernel Live Patch 14 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2787-1: important: Linux Kernel Live Patch 15 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2788-1: important: Linux Kernel Live Patch 16 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2786-1: important: Linux Kernel Live Patch 11 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2784-1: important: Linux Kernel Live Patch 18 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2785-1: important: Linux Kernel Live Patch 8 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2783-1: important: Linux Kernel Live Patch 12 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2781-1: important: Linux Kernel Live Patch 24 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2782-1: important: Linux Kernel Live Patch 13 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2779-1: important: Linux Kernel Live Patch 10 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2780-1: important: Linux Kernel Live Patch 21 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2778-1: important: Linux Kernel Live Patch 9 for SLE 12 SP1 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2776-1: important: Linux Kernel Live Patch 16 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2777-1: important: Linux Kernel Live Patch 17 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2775-1: important: Linux Kernel Live Patch 27 for SLE 12 (Oct 19)
 

An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now available. errata is now available.
  SuSE: 2017:2774-1: important: Linux Kernel Live Patch 25 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2773-1: important: Linux Kernel Live Patch 26 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2771-1: important: Linux Kernel Live Patch 19 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2772-1: important: Linux Kernel Live Patch 22 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2770-1: important: Linux Kernel Live Patch 23 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  SuSE: 2017:2769-1: important: Linux Kernel Live Patch 20 for SLE 12 (Oct 19)
 

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.
  openSUSE: 2017:2757-1: important: git (Oct 19)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  openSUSE: 2017:2755-1: important: wpa_supplicant (Oct 18)
 

An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.
  SuSE: 2017:2752-1: important: wpa_supplicant (Oct 17)
 

An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.
  SuSE: 2017:2751-1: important: xen (Oct 17)
 

An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is now available. now available.
  SuSE: 2017:2747-1: important: git (Oct 17)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2745-1: important: wpa_supplicant (Oct 17)
 

An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.
  openSUSE: 2017:2741-1: important: the Linux Kernel (Oct 17)
 

An update that solves four vulnerabilities and has 33 fixes An update that solves four vulnerabilities and has 33 fixes An update that solves four vulnerabilities and has 33 fixes is now available. is now available.
  openSUSE: 2017:2739-1: important: the Linux Kernel (Oct 17)
 

An update that solves four vulnerabilities and has 15 fixes An update that solves four vulnerabilities and has 15 fixes An update that solves four vulnerabilities and has 15 fixes is now available. is now available.
  SuSE: 2017:2725-1: important: the Linux Kernel (Oct 14)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2723-1: important: the Linux Kernel (Oct 13)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2717-1: important: git (Oct 12)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  openSUSE: 2017:2710-1: important: MozillaThunderbird (Oct 12)
 

An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available.
  openSUSE: 2017:2707-1: important: MozillaThunderbird (Oct 12)
 

An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available. An update that fixes 9 vulnerabilities is now available.
 
  Debian LTS: DLA-1141-1: mysql-5.5 security update (Oct 19)
 

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible
  Debian LTS: DLA-1140-1: graphicsmagick security update (Oct 19)
 

Immediately after the previous update to graphicsmagick, two more security issues were identified. These updates are included here.
  Debian LTS: DLA-1139-1: imagemagick security update (Oct 19)
 

This update fixes two vulnerabilities in ImageMagick: CVE-2017-15277
  Debian LTS: DLA-1138-1: nss security update (Oct 19)
 

Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss
  Debian LTS: DLA-1137-1: db4.7 security update (Oct 18)
 

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.
  Debian LTS: DLA-1136-1: db4.8 security update (Oct 18)
 

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.
  Debian LTS: DLA-1135-1: db security update (Oct 18)
 

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.
  Debian LTS: DLA-1134-1: sdl-image1.2 security update (Oct 16)
 

It was discovered that there was a buffer overflow vulnerability in sdl-image1.2, an image loading library. A specially crafted .xcf file could cause a stack-based buffer overflow
 
  ArchLinux: 201710-27: chromium: multiple issues (Oct 19)
 

The package chromium before version 62.0.3202.62-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, access restriction bypass, content spoofing, information disclosure and denial of service.
  ArchLinux: 201710-26: linux: privilege escalation (Oct 17)
 

The package linux before version 4.13.7-1 is vulnerable to privilege escalation.
  ArchLinux: 201710-25: linux-hardened: privilege escalation (Oct 17)
 

The package linux-hardened before version 4.13.7.a-1 is vulnerable to privilege escalation.
  ArchLinux: 201710-24: linux-zen: privilege escalation (Oct 17)
 

The package linux-zen before version 4.13.7-1 is vulnerable to privilege escalation.
  ArchLinux: 201710-20: flashplugin: arbitrary code execution (Oct 16)
 

The package flashplugin before version 27.0.0.170-1 is vulnerable to arbitrary code execution.
  ArchLinux: 201710-21: lib32-flashplugin: arbitrary code execution (Oct 16)
 

The package lib32-flashplugin before version 27.0.0.170-1 is vulnerable to arbitrary code execution.
  ArchLinux: 201710-19: thunderbird: multiple issues (Oct 13)
 

The package thunderbird before version 52.4.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass and cross-site scripting.
  ArchLinux: 201710-18: pcre2: denial of service (Oct 13)
 

The package pcre2 before version 10.30-1 is vulnerable to denial of service.
  ArchLinux: 201710-17: botan: information disclosure (Oct 13)
 

The package botan before version 2.3.0-1 is vulnerable to information disclosure.
  ArchLinux: 201710-16: go-pie: arbitrary command execution (Oct 13)
 

The package go-pie before version 2:1.9.1-1 is vulnerable to arbitrary command execution.
  ArchLinux: 201710-15: go: arbitrary command execution (Oct 13)
 

The package go before version 2:1.9.1-1 is vulnerable to arbitrary command execution.
  ArchLinux: 201710-14: wireshark-cli: denial of service (Oct 12)
 

The package wireshark-cli before version 2.4.2-1 is vulnerable to denial of service.
  ArchLinux: 201710-13: flyspray: cross-site scripting (Oct 12)
 

The package flyspray before version 1.0rc6-1 is vulnerable to cross- site scripting.
 
  (Oct 20)
 

It was discovered that multiple classes in the JAXP, Serialization,Libraries, and JAX-WS components of OpenJDK did not limit the amount ofmemory allocated when creating object instances from the serialized form.A specially-crafted input could cause a Java application to use anexcessive amount of memory when deserialized. (CVE-2017-10349,CVE-2017-10357, CVE-2017-10347, CVE-2017-10281, CVE-2017-10345,CVE-2017-10348, CVE-2017-10350)Note: If the web browser plug-in provided by the icedtea-web package wasinstalled, the issues exposed via Java applets could have been exploitedwithout user interaction if a user visited a malicious website.
  (Oct 19)
 

A divide-by-zero vulnerability was found in the __tcp_select_windowfunction in the Linux kernel. This can result in a kernel panic causing alocal denial of service. (CVE-2017-14106, Moderate)
  (Oct 19)
 

A regression was found in the Scientific Linux 6.9 version of httpd,causing comments in the "Allow" and "Deny" configuration lines to beparsed incorrectly. A web administrator could unintentionally allow anyclient to access a restricted HTTP resource. (CVE-2017-12171)
  (Oct 18)
 

attacks (KRACK) affecting WPA2 has been discovered. A remote attackerwithin Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic orpossibly inject forged Wi-Fi packets by manipulating cryptographichandshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078,CVE-2017-13080, CVE-2017-13087)
  (Oct 18)
 

A new exploitation technique called key reinstallation attacks (KRACK)affecting WPA2 has been discovered. A remote attacker within Wi-Fi rangecould exploit these attacks to decrypt Wi-Fi traffic or possibly injectforged Wi-Fi packets by manipulating cryptographic handshakes used by theWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)