Linux Advisory Watch: January 10th, 2020

It was discovered that a hook script of ldm, the display manager for the Linux Terminal Server Project incorrectly parsed responses from an SSH server which could result in local root privilege escalation.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and

Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this

It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers.

Update to latest upstream version.

Update to latest upstream version.

Security fix for CVE-2019-19722: null pointer dereference in push notification driver

Update to NetHack 3.6.4 - fixes security issue with privilege escalation: http://nethack.org/security/index.html

Upgrade to upstream 3.5.2, still using golang-1.11 on epel8 ---- Upgrade to upstream 3.5.1, use golang-1.11 on epel8 ---- Upgrade to upstream 3.5.0

Update to latest release and include fix for CVE-2019-19630

**PHP version 7.3.13** (18 Dec 2019) **Bcmath:** * Fixed bug php#78878 (Buffer underflow in bc_shift_addsub). (**CVE-2019-11046**). (cmb) **Core:** * Fixed bug php#78862 (link() silently truncates after a null byte on Windows). (**CVE-2019-11044**). (cmb) * Fixed bug php#78863 (DirectoryIterator class silently truncates after a null byte). (**CVE-2019-11045**). (cmb) * Fixed bug

Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html

- https://www.drupal.org/project/webform/releases/7.x-4.21 - https://www.drupal.org/sa-contrib-2019-096 - https://www.drupal.org/project/webform/releases/7.x-4.20

- https://www.drupal.org/project/l10n_update/releases/7.x-2.3 - https://www.drupal.org/sa-contrib-2019-072

Update to latest release and include fix for CVE-2019-19630

Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html

- https://www.drupal.org/project/webform/releases/7.x-4.21 - https://www.drupal.org/sa-contrib-2019-096 - https://www.drupal.org/project/webform/releases/7.x-4.20

- https://www.drupal.org/project/l10n_update/releases/7.x-2.3 - https://www.drupal.org/sa-contrib-2019-072

Security fix for CVE-2019-13767.

Update to NetHack 3.6.4 - fixes security issue with privilege escalation: http://nethack.org/security/index.html

**PHP version 7.3.13** (18 Dec 2019) **Bcmath:** * Fixed bug php#78878 (Buffer underflow in bc_shift_addsub). (**CVE-2019-11046**). (cmb) **Core:** * Fixed bug php#78862 (link() silently truncates after a null byte on Windows). (**CVE-2019-11044**). (cmb) * Fixed bug php#78863 (DirectoryIterator class silently truncates after a null byte). (**CVE-2019-11045**). (cmb) * Fixed bug

denial of service in find_next_bit() [XSA-307, CVE-2019-19581, CVE-2019-19582] (#1782211) denial of service in HVM/PVH guest userspace code [XSA-308, CVE-2019-19583] (#1782206) privilege escalation due to malicious PV guest [XSA-309, CVE-2019-19578] (#1782210) Further issues with restartable PV type change operations [XSA-310, CVE-2019-19580] (#1782207) vulnerability in dynamic

Update to version 0.9.3 to address CVE-2019-14889

Update to Samba 4.10.11, Security fixes for CVE-2019-14861 and CVE-2019-14870

An update for rh-java-common-apache-commons-beanutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-git218-git is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.

New kernel packages are available for Slackware 14.2 to fix security issues.

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 9 vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes 11 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 13 vulnerabilities is now available.

An update that solves 9 vulnerabilities and has two fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes 11 vulnerabilities is now available.

An update that solves one vulnerability and has 5 fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 17 vulnerabilities is now available.

An update that fixes 16 vulnerabilities is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes four vulnerabilities is now available.

An update that fixes four vulnerabilities is now available.

An update that fixes 16 vulnerabilities is now available.

An update that solves one vulnerability and has three fixes is now available.

SHA1 has been marked as untrusted in GnuTLS.

NSS could be made to execute arbitrary code if it received a specially crafted input.

Several security issues were fixed in GraphicsMagick.

ClamAV could be made to crash if it opened a specially crafted file.

Several security issues were fixed in the kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

It was found that certain cryptographic primitives in nss, the Network Security Service libraries, did not check the length of the input text. This could result in a potential heap-based buffer overflow.

It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language: * CVE-2019-19911: Prevent a denial-of-service vulnerability caused

The package firefox before version 72.0-1 is vulnerable to multiple issues including arbitrary code execution, insufficient validation, access restriction bypass and denial of service.

An update that fixes four vulnerabilities is now available.

An update that fixes four vulnerabilities is now available.

An update that fixes 8 vulnerabilities is now available.

An update that contains security fixes can now be installed.

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration (CVE-2019-17016).

Updated opensc packages fix security vulnerabilities: sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv (CVE-2019-6502).

Updated varnish packages fix security vulnerability: A bug has been discovered in Varnish Cache where we fail to clear a pointer between the handling of one client requests and the next on the same connection. This can under specific circumstances lead to

Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have

Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536,

Updated dia package fixes security vulnerability: An endless loop on filenames with invalid encoding (CVE-2019-19451). References:

Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1

The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)

The updated packages fix security vulnerabilities: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered,

Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly

Updated libdwarf packages fix security vulnerability: dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump

Updated memcached packages fix security vulnerability: memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. (CVE-2019-15026)

Updated libextractor packages fix security vulnerability: GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c (CVE-2019-15531).

Updated jhead package fixes security vulnerabilities: jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file

Updated igraph packages fix security vulnerability: The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object (CVE-2018-20349).

The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed

Updated cyrus-sasl packages fix security vulnerability: Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take

Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks (CVE-2019-19783).

The updated packages fix security vulnerabilities: A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

Updated advancecomp package fixes security vulnerability: An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of

Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a

Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality (CVE-2019-5163).

Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes (CVE-2019-16239).

Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id (CVE-2019-14806).

Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking.

Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service

pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the