Linux Advisory Watch: October 6th, 2017

Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9375

Klaus-Peter Junghann discovered that insufficient validation of RTCP packets in Asterisk may result in an information leak. Please see the upstream advisory at http://downloads.asterisk.org/pub/security/AST-2017-008.html for

Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information

An integer overflow vulnerability was discovered in decode_digit() in libidn2-0, the GNU library for Internationalized Domain Names (IDNs), allowing a remote attacker to cause a denial of service against an application using the library (application crash).

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed.

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5111

Security fix for CVE-2017-12150 CVE-2017-12151 CVE-2017-12163

CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496

Fix command logging

Fix command logging

20170912: YADIFA 2.2.6 --- Fixes an issue where a maliciously crafted message may block the server.

Rebase to the 4.13 series of kernels

The 4.12.14 stable kernel update contains a number of important fixes across the tree.

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166](https://community.openvpn.net/openvpn/wiki/CVE-2017-12166)). From this update of, OpenVPN will use the lz4 compression library from Fedora

6.9.9-15

6.9.9-15

- Related: CVE-2017-6362 remove problematic function

6.9.9-15

6.9.9-15

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166](https://community.openvpn.net/openvpn/wiki/CVE-2017-12166)). From this update of, OpenVPN will use the lz4 compression library from Fedora

- Related: CVE-2017-6362 remove problematic function

Update to version 0.18.5, see for details.

Update perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <;)

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166](https://community.openvpn.net/openvpn/wiki/CVE-2017-12166)). From this update of, OpenVPN will use the lz4 compression library from Fedora

- Updated to latest upstream (56.0)

Update perl(:MODULE_COMPAT_*) ---- Security fix for CVE-2017-12837 CVE-2017-12883 (see <;)

https://github.com/nodejs/node/blob/v8.6.0/doc/changelogs/CHANGELOG_V8.md https://groups.google.com/forum/#!topic/nodejs-sec/EatXB-MujW0

Update to the Ruby 2.4.2.

xen: various flaws (#1490884) Missing NUMA node parameter verification [XSA-231, CVE-2017-14316] Missing check for grant table [XSA-232, CVE-2017-14318] cxenstored: Race in domain cleanup [XSA-233, CVE-2017-14317] insufficient grant unmapping checks for x86 PV guests [XSA-234, CVE-2017-14319]

# Security fixes - fix crash in edge case where a .pc file has misquoting in a fragment list. # Other bug fixes: - fix logic edge case when comparing relocated paths

Patches for CVE-2017-12156, CVE-2017-12157.

**passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.

**wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments.

**nag 4.2.17** * [jan] SECURITY: Fix unauthorized access to task exports. * [jan] Fix regression when exporting single tags to iCalendar CATEGORIES. * [jan] Officially support PHP 7.

Fixes CVE-2017-13704

These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to

Fix command logging

- CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd

Update to version 0.18.5, see for details.

Update to 61.0.3163.100. Security fix for CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122

This is a release fixing a security fix applied upstream, known as "optionsbleed" in popular parlance. It is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).

Security fix for CVE-2017-12150 CVE-2017-12151 CVE-2017-12163

Fix for possible buffer overrun in kodak_65000 decoder Fix for possible heap overrun in Canon makernotes parser Fix for CVE-2017-13735 CVE-2017-14265: Additional check for X-Trans CFA pattern data

**passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.

**wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments.

# Security fixes - fix crash in edge case where a .pc file has misquoting in a fragment list. # Other bug fixes: - fix logic edge case when comparing relocated paths

Security fix for CVE-2017-6419 and CVE-2017-11423

**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.

Rebuilt against new ImageMagick ---- rhbz#1490649 - emacs-25.3 is available rhbz#1490410 - unsafe enriched mode translations (security)

ImageMagick 6.9.9-13

ImageMagick 6.9.9-13

Upgrade to 1.5.3 and also note that 1.5.1 fixed CVE-2017-11424.

Update to upstream release 1.25.6

This is an update fixing loading the configuration file.

Patch for CVE-2017-14348 ---- Fix for possible heap overrun in Canon makernotes parser Fix for CVE-2017-13735 CVE-2017-14265: Additional check for X-Trans CFA pattern data ---- LibRaw 0.18.3 Fix for CVE-2017-13735 Additional checks for X-Trans CFA pattern data ---- Patch for CVE-2017-13735.

Rebase to the latest upstream version 2.0.14. This update contains security fix for CVS -2017-1000050.

This release fixes a crash whwhen parsing an empty code string of a codewscope type. It also make functions for checking library version available for C++ programs.

new upstream release ---- * heap overflow in libwpd

Update to version 0.18.4, see https://github.com/LibRaw/LibRaw/blob/0.18-stable/Changelog.txt for details. ---- Update to version 0.18.3, see for details.

Security fix for CVE-2017-1000250 ---- - This update adds support for cable pairing for PlayStation 3 and 4 controllers. - Add scripts to automatically btattach serial-port / uart connected Broadcom HCIs found on some Atom based x86 hardware

xen: various flaws (#1490884) Missing NUMA node parameter verification [XSA-231, CVE-2017-14316] Missing check for grant table [XSA-232, CVE-2017-14318] cxenstored: Race in domain cleanup [XSA-233, CVE-2017-14317] insufficient grant unmapping checks for x86 PV guests [XSA-234, CVE-2017-14319]

Security fix for CVE-2017-13735

* [7.x-3.18](https://www.drupal.org/project/views/releases/7.x-3.18) * [7.x-3.17](https://www.drupal.org/project/views/releases/7.x-3.17) * [Moderately Critical - Access Bypass - DRUPAL-SA- CONTRIB-2017-068](https://www.drupal.org/node/2902604)

Update to the latest upstream version.

This update fixes CVE-2017-12982, CVE-2017-14040, CVE-2017-14041 and two other security vulnerabilities.

Update to version 1.3.0, see https://libzip.org/news/ for details. ---- This update backports security fix for CVE-2017-14107.

- fix a possible stack based buffer overflow (CVE-2017-1000249)

This update fixes a Cisco Talos CVE: "A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability."

This update fixes a security bug in the FGLogger subsystem, to prevent it from overwriting arbitrary files the user has write access to (CVE-2017-13709)

Update to latest upstream version 3.0.4. This fixes a handful bugs, including one security issue (CVE-2017-14230).

Minor security update

Update to RubyGems 2.6.13.

- Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname.

- lightdm-1.24.0 - Disable guest login as system default preset (CVE-2017-8900) - Modernize spec-file

**Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing.

MIMEDefang 2.81 Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out.

**nag 4.2.17** * [jan] SECURITY: Fix unauthorized access to task exports. * [jan] Fix regression when exporting single tags to iCalendar CATEGORIES. * [jan] Officially support PHP 7.

**wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments.

**passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects.

**Version 2.2.5** - 2017-08-30 * **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** * **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386:

Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora

Security fix for CVE-2017-1000115, CVE-2017-1000116

**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.

**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections.

Patches for CVE-2017-12156, CVE-2017-12157.

- CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd

These releases are about hardening `git shell` that is used on servers against an unsafe user input, which `git cvsserver` copes with poorly. From the release notes: * "git cvsserver" no longer is invoked by "git shell" by default, as it is old and largely unmaintained. * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to

This is an update fixing loading the configuration file.

New openjpeg packages are available for Slackware 14.2 and -current to fix security issues.

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

New gegl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available. An update that fixes 6 vulnerabilities is now available.

An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available.

An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available.

An update that solves 8 vulnerabilities and has three fixes An update that solves 8 vulnerabilities and has three fixes An update that solves 8 vulnerabilities and has three fixes is now available. is now available.

An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available.

An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is now available. is now available.

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.

An update that fixes 16 vulnerabilities is now available. An update that fixes 16 vulnerabilities is now available. An update that fixes 16 vulnerabilities is now available.

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Ruby. Software Description: - ruby1.9.1: Object-oriented scripting language Details: It was discovered that Ruby incorrectly handled certain inputs. [More...]

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Dnsmasq. Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update [More...]

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: poppler could be made to crash if opened a specially crafted file. Software Description: - poppler: PDF rendering library Details: It was discovered that Poppler incorrectly handled certain files. [More...]