Linux Advisory Watch: December 27th, 2019

Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.

- Update to 1.2.8 Release notes:

- Update to 1.2.8 Release notes:

- Update to 1.2.8 Release notes:

- Update to 1.2.8 Release notes:

Security fix for CVE-2019-18397

An update for fribidi is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libyang is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the openshift-enterprise-builder container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update is now available for Red Hat Ceph Storage 3.3 that runs on Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat Ceph Storage 3.3 that runs on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for fribidi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New tigervnc packages are available for Slackware 14.2 and -current to fix security issues.

New openssl packages are available for Slackware 14.2 and -current to fix a security issue.

New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

An update that solves one vulnerability and has three fixes is now available.

An update that fixes one vulnerability is now available.

An update that solves 26 vulnerabilities and has 14 fixes is now available.

An update that fixes 8 vulnerabilities is now available.

An update that fixes 7 vulnerabilities is now available.

An update that solves 24 vulnerabilities and has 58 fixes is now available.

An update that solves 24 vulnerabilities and has 58 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 8 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that solves two vulnerabilities and has one errata is now available.

An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute.

An issue has been found in cups, the Common UNIX Printing System(tm). An incorrect bounds check could lead to a possible out-of-bounds read and

A change introduced in libssh 0.6.3-4+deb8u4 (which got released as DLA 2038-1) has broken x2goclient's way of scp'ing session setup files from client to server, resulting in an error message shown in a GUI error dialog box during session startup (and session resuming).

Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix.

There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one error

While preparing a fix for CVE-2017-6314 an unknown symbol g_uint_checked_mul() was introduced.

Several issues in gdk-pixbuf, a library to handle pixbuf, have been found. CVE-2016-6352 fix for denial of service (out-of-bounds write and crash) via

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4107

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4148

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4240

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4326

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4190

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4190

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4190

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4256

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4254

Upstream details at : https://access.redhat.com/errata/RHSA-2019:4205

fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib /fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397) SL7 x86_64 fribidi-debuginfo-1.0.2-1.el7_7.1.i686.rpm fribidi-debuginfo-1.0.2-1.el7_7.1.x86_64.rpm fribidi-1.0.2-1.el7_7.1.i686.rpm fribidi-1.0.2-1.el7_7.1.x86_64.rpm fribidi-devel-1.0.2-1.el7_7.1.i686.rpm [More...]

An update that fixes two vulnerabilities is now available.

An update that fixes 7 vulnerabilities is now available.

This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel.

Updated php packages fix security vulnerabilities: DirectoryIterator class silently truncates after a null byte (CVE-2019-11045).

he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make

The updated package fixes a security vulnerability: A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. (CVE-2019-14857)

Updated libofx packages fix security vulnerability: There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump (CVE-2019-9656).

Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access (CVE-2019-15845).

The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they

The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA

This updates ghostpcl from 9.05 (which dates from 2012 February 8) to be at the same version as ghostscript, ie. 9.27 with fixes for known CVEs as like the ones fixed in MGASA-2017-0355, MGASA-2017-0430, MGASA-2018-0142, MGASA-2018-0219, MGASA-2018-0378, MGASA-2018-0408, MGASA-2018-0466, MGASA-2019-0056, MGASA-2019-0130, MGASA-2019-0188, MGASA-2019-0236,

Updated libmirage packages fix security vulnerabilities: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user (CVE-2019-15540).

Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang (CVE-2019-19630).

Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition (CVE-2019-14889).

Updated freerdp packages fix security vulnerabilities: Multiple memory leaks in libfreerdp/codec/region.c (CVE-2019-17177). Memory leak in HuffmanTree_makeFromFrequencies (CVE-2019-17178).

Updated rsyslog packages fix security vulnerabilities: Heap overflow in the parser for AIX log messages (CVE-2019-17041). Heap overflow in the parser for Cisco log messages (CVE-2019-17042).

Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We,

pdated fence-agents package fixes security vulnerability: Denial of service via guest VM comments (CVE-2019-10153). References:

Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code (CVE-2019-10218).

The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to

The updated packages fix a security vulnerability: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login

The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885)