Linux Advisory Watch: August 21st, 2020

Several vulnerabilities were discovered in net-snmp, a suite of Simple Network Management Protocol applications, which could lead to privilege escalation.

- fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231)

This update includes the latest stable release of `mod_http2`, fixing various bugs. Two security vulnerabilities are addressed in this update: * **CVE-2020-11993**: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 * **CVE-2020-9490**:

Rebased to version 3.33.0

Update to v0.3.4 release

A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue.

**RELEASE 1.4.8** - **Security**: Fix potential XSS issue in HTML editor of the identity signature input (#7507) - Managesieve: Fix too-small input field in Elastic when using custom headers (#7498) - Fix support for an error as a string in message_before_send hook (#7475) - Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500) - Elastic: Fix deleted and replied+forwarded

Update to v0.3.4 release

Update to 2.9.12 upstream bugfix and security update

**RELEASE 1.4.8** - **Security**: Fix potential XSS issue in HTML editor of the identity signature input (#7507) - Managesieve: Fix too-small input field in Elastic when using custom headers (#7498) - Fix support for an error as a string in message_before_send hook (#7475) - Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500) - Elastic: Fix deleted and replied+forwarded

A security flaw was found on ruby kramdown which may lead to unintended code execution. THis vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue.

Patched null ptr dereference

Fix CVE-2020-15503

A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue.

**PHP version 7.3.21** (06 Aug 2020) **Apache:** * Fixed bug php#79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec). (Herbert256) **Core:** * Fixed bug php#79877 (getimagesize function silently truncates after a null byte) (cmb) * Fixed bug php#79778 (Assertion failure if dumping closure with unresolved static variable). (Nikita) * Fixed bug php#79792

A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue.

**PHP version 7.4.9** (06 Aug 2020) **Apache:** * Fixed bug php#79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec). (Herbert256) **Core:** * Fixed bug php#79740 (serialize() and unserialize() methods can not be called statically). (Nikita) * Fixed bug php#79783 (Segfault in php_str_replace_common). (Nikita) * Fixed bug php#79778 (Assertion failure if

The 5.7.15 stable kernel release contains a number of important fixes across the tree. ---- The 5.7.14 stable kernel update contains a number of important fixes across the tree. ---- The 5.7.12 stable kernel update contains a number of important fixes across the tree.

new version ---- fix error in changelog

new version ---- fix error in changelog

Fix CVE-2020-15503

- VA-API under Wayland should work as expected now, added fix for mozbz#1656436. ---- - Fixed VA-API video playback (https://bugzilla.mozilla.org/show_bug.cgi?id=1645671) ---- - New upstream update - 79.0

Updates the nss package to upstream NSS 3.55. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -

Security fix for CVE-2020-17507

Update to latest upstream stable version.

Patch for CVE-2020-17353

Security fix for CVE-2019-20907, CVE-2020-14422. Provide a versioned pathfix3.7.py command.

Patch for CVE-2020-17353

NSS has multiple information disclosure vulnerabilities when handling secret key material.

An update is now available for Red Hat Quay 3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Updated packages that fixes one security issue and multiple bugs are now available for Red Hat Ceph Storage 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat Ceph Storage 3.3 on Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.4.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.4.2 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.4.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for bind is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for bash is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for bind is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.

An update for bind is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for jenkins-2-plugins and python-rsa is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for libvncserver is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

An update that solves two vulnerabilities and has 6 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes 46 vulnerabilities is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes 10 vulnerabilities is now available.

An update that solves one vulnerability and has 11 fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that contains security fixes can now be installed.

An update that fixes two vulnerabilities is now available.

An update that contains security fixes can now be installed.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has three fixes is now available.

An update that solves two vulnerabilities and has 6 fixes is now available.

An update that fixes 5 vulnerabilities is now available.

An update that fixes 6 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

curl could be made to expose sensitive information over the network.

Several security issues were fixed in QEMU.

curl could be made to expose sensitive information over the network.

Several security issues were fixed in the Linux kernel.

The system could be made to expose sensitive information.

Several security issues were fixed in the Linux kernel.

The system could be made to crash under certain conditions.

Ark could be made to write files as your login if it opened a specially crafted file.

Several security issues were fixed in Oniguruma.

Software Properties could be made to manipulate the display.

Several security issues were fixed in Dovecot.

Several security issues were fixed in Salt.

Several security issues were fixed in Apache HTTP Server.

Multiple vulnerabilities were found in ghostscript, an interpreter for the PostScript language and for PDF, allowing an attacker to escalate privileges and cause denial of service via crafted PS/EPS/PDF files.

Several security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code

Kevin Backhouse discovered multiple vulnerabilies in the epson2 and epsonds backends of SANE, a library for scanners. A malicious remote device could exploit these to trigger information disclosure, denial of service and possibly remote code execution.

Andres Freund found an issue in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain `CREATE EXTENSION' statements.

Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742

In libEtPan, a mail library, a STARTTLS response injection was discovered that affects IMAP, SMTP, and POP3. For Debian 9 stretch, this problem has been fixed in version

A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data

Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-12100

In HtmlUnit, a GUI-Less browser for Java programs, malicious JavaScript code was able to execute arbitrary Java code on the application. For Debian 9 stretch, this problem has been fixed in version

The update of squid3 released as DLA-2278-1 contained an incomplete fix for CVE-2019-12523 that prevented services which rely on the icap or ecap protocol to function properly. Updated squid3 packages are now available to correct this issue.

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, bypass of access/sandbox restrictions or information disclosure.

An update that solves 7 vulnerabilities and has 109 fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has two fixes is now available.

An update that solves 7 vulnerabilities and has two fixes is now available.

An update that solves two vulnerabilities and has 6 fixes is now available.

An update that fixes 14 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 14 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes four vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes can now be installed.

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. (CVE-2020-14148) References:

Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145] Fix cross-site scripting (XSS) via HTML messages with malicious math content References:

Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy) (CVE-2020-15103).

The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image (CVE-2017-6851). Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used and thus permissions are not preserved upon editing. An adversary with prior access to /etc/target/saveconfig.json could access a later version, resulting in a loss of integrity depending on their permission settings

Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients. When the X server runs with elevated privileges. This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client (CVE-2020-14347).

The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method (CVE-2020-14344).

This provides an update to kernel 5.7 series, currently based on upstream 5.7.14 adding support for new hardware and features, and fixes at least the following security issues: An issue was discovered in the Linux kernel through 5.3.9. There is a

Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates. This attack is limited to Squid built with OpenSSL features and opening peer or server connections for HTTPS traffic and SSL-Bump server handshakes (CVE-2020-14058).

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive (CVE-2020-11996).

CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory (CVE-2020-15121).

It was reported that firejail does not respect the end-of-options separator ("--"), allowing an attacker with control over the command line options of the sandboxed application, to write data to a specified file (CVE-2020-17367). It was reported that firejail when redirecting output via --output or

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers (CVE-2020-9490).

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality (CVE-2020-13867).

Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected (CVE-2020-15586). Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service (CVE-2020-16135).

A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction (CVE-2020-16116). References: - https://bugs.mageia.org/show_bug.cgi?id=27023

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled (CVE-2020-15917). References: - https://bugs.mageia.org/show_bug.cgi?id=27040

Potential leak of redirect targets when loading scripts in a worker. (CVE-2020-15652) WebRTC data channel leaks internal address to peer. (CVE-2020-6514)

XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692). References: - https://bugs.mageia.org/show_bug.cgi?id=27017 - https://access.redhat.com/errata/RHSA-2020:3176

WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR (CVE-2020-6514). Crafted media files could lead to a race in texture caches, resulting in a

Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs.

The znc package has been updated to version 1.8.1, containing several bugfixes and enhancements. See the upstream change logs for details. References: - https://bugs.mageia.org/show_bug.cgi?id=26886

Updated mumble package fixes security vulnerability: OCB2 is known to be broken under certain conditions: https://eprint.iacr.org/2019/311

The updated packages fix a security vulnerability: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected