Linux Advisory Watch: January 31st, 2020

Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2019-8835

Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

* Fix issues while trying to play a video on NextCloud. * Make sure the GL video sink uses a valid WebKit shared GL context. * Fix vertical alignment of text containing arabic diacritics. * Fix build with icu 65.1. * Fix page loading errors with websites using HSTS. * Fix web process crash when displaying a KaTeX formula. * Fix several crashes and rendering issues. [WebKitGTK Security

Update to 79.0.3945.130. Fixes the following security issues: * CVE-2020-6378 * CVE-2020-6379 * CVE-2020-6380

This is January 2020 OpenJDK security update for java-latest-openjdk packages. The sources are updated to the 13.0.2+8 tag.

Update to bugfix release 2.9.3. See https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst

Update to a new version. Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains .

Update to 6.2.2, fixes CVE-2020-5313, CVE-2020-5312, CVE-2020-5311, CVE-2020-5310.

This update fixes CVE-2020-6851.

This update fixes CVE-2020-6851.

This is January 2020 OpenJDK security update for java-latest-openjdk packages. The sources are updated to the 13.0.2+8 tag.

arm: a CPU may speculate past the ERET instruction [XSA-312]

Update to latest upstream version

Updates the nss package to upstream NSS 3.49. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -

This update fixes CVE-2019-20093.

This update fixes CVE-2019-20093.

This update fixes CVE-2019-20093.

This update fixes CVE-2019-20093.

- Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 (rhbz#1787040) - Add patch fixing CVE-2019-19797 (rhbz#1786726)

- Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 (rhbz#1787040) - Add patch fixing CVE-2019-19797 (rhbz#1786726)

** MySQL 8.0.19 ** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-19.html

Security fix for CVE-2020-5395:out-of-bounds write in sfd.c

Security fix for CVE-2019-3993, CVE-2019-3994, CVE-2019-3995, CVE-2019-3992, CVE-2019-3996

- Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 (rhbz#1787040) - Add patch fixing CVE-2019-19797 (rhbz#1786726)

** MySQL 8.0.19 ** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-19.html

Security fix for CVE-2019-3993, CVE-2019-3994, CVE-2019-3995, CVE-2019-3992, CVE-2019-3996

Update to 1.8.2. Fixes several security vulnerabilities: CVE-2019-9232, CVE 2019-9433, CVE-2019-9325, CVE-2019-9371, CVE-2019-2126

update to enigmail 2.1.5 Includes a security fix for "Unsigned MIME parts displayed as signed"

Update to 12.14.1 Add new subpackage `nodejs-full-i18n` to provide non-English locale and Unicode support.

Update to 12.14.1 Add new subpackage `nodejs-full-i18n` to provide non-English locale and Unicode support.

New upstream release with security fixes for CVE-2019-15945, CVE-2019-15946, CVE-2019-19479, CVE-2019-19480, CVE-2019-19481

An update for rh-java-common-xmlrpc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for SDL is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for fribidi is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for openjpeg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libarchive is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for openjpeg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

An update for libarchive is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for nss is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for sqlite is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for sqlite is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for git is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for python-reportlab is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ghostscript is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for ansible is now available for Ansible Engine 2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for ansible is now available for Ansible Engine 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

An update that solves one vulnerability and has three fixes is now available.

An update that fixes four vulnerabilities is now available.

An update that solves 5 vulnerabilities and has three fixes is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that solves one vulnerability and has three fixes is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 37 vulnerabilities and has 50 fixes is now available.

An update that fixes 7 vulnerabilities is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that solves three vulnerabilities and has one errata is now available.

OpenStack Keystone could be made to expose sensitive information over the network.

Several security issues were fixed in WebKitGTK+.

Apache Solr could be made to run programs if it received specially crafted network traffic.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

he Linux kernel could be made to expose sensitive information.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in OpenJDK.

Libgcrypt could be made to expose sensitive information.

Cyrus SASL could be made to crash or execute arbitrary code if it received a specially crafted LDAP packet.

Several security issues were fixed in the Linux kernel.

Several security issues were fixed in the Linux kernel.

The Linux kernel could be made to expose sensitive information.

Several security issues were fixed in tcpdump.

Several security issues were fixed in tcpdump.

Several security issues were fixed in Tomcat.

Several security issues were fixed in MySQL.

ClamAV could be made to crash if it opened a specially crafted file.

USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround.

Several security issues were fixed in python-apt.

e2fsprogs could be made to execute arbitrary code if it was running in a crafted ext4 partition.

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanag es memory, as demonstrated by IRC DCC commands in EMU_IRC.

opj_t1_clbl_decode_processor in openjp2/t1.c of OpenJPEG had a heap-based buffer overflow in the qmfbid==1 case, a similar but different issue than CVE-2020-6851.

repodata_schema2id in repodata.c in libsolv, a dependency solver library, had a heap-based buffer over-read via a last schema whose length could be less than the length of the input schema.

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code.

Two vulnerabilities have recently been discovered in the stream-tcp code of the intrusion detection and prevention tool Suricata.

An issue has been found in wget, a tool to retrieve files from the web. A race condition might occur as files rejected by an access list are kept on the disk for the duration of a HTTP connection.

Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointer arithmetic.

Three issues have been found in graphicsmagick, a collection of image processing tools. They are basically a heap-based buffer over-read, heap-based buffer

Several vulnerabilities have been discovered in the otrs2 package that may lead to unauthorized access, remote code execution and spoofing.

It was discovered that there were a large number of NULL pointer dereferences due to unchecked return values from malloc and friends in hiredis, a minimalistic C client library.

An issue has been found in unzip, a de-archiver for .zip files. While processing a password protected archive, a heap-based buffer overflow could happen, that allows an attacker to perform a denial of

OpenJPEG had a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.

Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418

An issue has been found in iperf3, an Internet Protocol bandwidth measuring tool. Bad handling of UTF8/16 strings in an embedded library could cause a

An issue has been found in slirp, a SLIP/PPP emulator using a dial up shell account. Due to bad memory handling in slirp a heap-based buffer overflow or other

An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '>' at EOF a cross-site scripting (XSS) vulnerability could appear.

Several issues have been found in python-apt, a python interface to libapt-pkg. CVE-2019-15795

Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0194

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0196

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0227

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0203

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0195

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0262

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0197

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0199

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0157

openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor() (CVE-2020-6851) SL7 x86_64 openjpeg2-2.3.1-2.el7_7.i686.rpm openjpeg2-2.3.1-2.el7_7.x86_64.rpm openjpeg2-debuginfo-2.3.1-2.el7_7.i686.rpm openjpeg2-debuginfo-2.3.1-2.el7_7.x86_64.rpm openjpeg2-devel-2.3.1-2.el7_7.i686.rpm openjpeg2-devel-2.3.1-2.el7_7.x86_64.rpm openjpeg2-tools-2.3.1-2.el7_7. [More...]

sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734) SL7 x86_64 sqlite-3.7.17-8.el7_7.1.i686.rpm sqlite-3.7.17-8.el7_7.1.x86_64.rpm sqlite-debuginfo-3.7.17-8.el7_7.1.i686.rpm sqlite-debuginfo-3.7.17-8.el7_7.1.x86_64.rpm lemon-3.7.17-8.el7_7.1.x86_64.rpm sqlite-devel-3.7.17-8.el7_7.1.i686.rpm sqlite-devel-3.7.17-8.el7_7.1.x86_64.rpm sqlite- [More...]

An update that fixes two vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that solves 9 vulnerabilities and has two fixes is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes 5 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized

Updated openjpeg2 packages fix security vulnerability: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so (CVE-2020-6851).

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw (CVE-2019-13734), insufficient data validation flaw (CVE-2019-13750), uninitialized use flaw (CVE-2019-13751), and out of bounds read flaws (CVE-2019-13752, CVE-2019-13753) in SQLite before 3.31.0.

The updated packages fix security vulnerabilities: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)

Updated gdal packages fix security vulnerability: Double free vulnerability in OGRExpatRealloc (CVE-2019-17545). Also, the gdalinfo command, which had been built incorrectly,

Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8835, CVE-2019-8844, CVE-2019-8846).

Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found (CVE-2020-7059, CVE-2020-7060).

This update provides the upstream 6.0.16 and fixes the following security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to

Updated sysstat package fixes security vulnerability: Double free in check_file_actlst in sa_common.c (CVE-2019-19725). References:

Updated python-pip packages fix security vulnerabilities: The python-pip package bundles a copy of python-urllib3, which was affected by security issues. The bundled copy was updated to fix these issues (CVE-2019-11324, CVE-2019-11236).

Updated libmp4v2 packages fix security vulnerabilities: The libmp4v2 library through version 2.1.0 is vulnerable to an integer underflow when parsing an MP4Atom in mp4atom.cpp. An attacker could exploit this to cause a denial of service via crafted MP4 file (CVE-2018-14325).

It was discovered that libbsd incorrectly handled certain strings, due to an out-of-bounds read during a comparison for a symbol name from the string table (strtab) in nlist.c. An attacker could possibly use this issue to access sensitive information (CVE-2019-20367).

A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the

A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution (CVE-2019-17626).

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers (CVE-2019-14902). When processing untrusted string input Samba can read past the end of

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c (CVE-2020-5395) FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c (CVE-2020-5496)

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in gThumb and Pix allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file (CVE-2019-20326).

The python3 package has been updated to version 3.7.6, which fixes security issues and other bugs. See the upstream changelog for details. References: - https://bugs.mageia.org/show_bug.cgi?id=26081

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The

This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security vulnerabilities, among which: The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the

The glpi package has been updated to version 9.4.5, fixing several bugs and security issues. See the upstream announcements for details. References: - https://bugs.mageia.org/show_bug.cgi?id=25931

An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 (CVE-2018-20433). c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory (CVE-2019-16884).

Use-after-free vulnerability in sass_context.cpp:handle_error (CVE-2018-11499). Null pointer dereference in Sass::Selector_List::populate_extends (CVE-2018-19797).

Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files (CVE-2019-12779). References: - https://bugs.mageia.org/show_bug.cgi?id=25751

Out-of-bounds read in function MediaInfoLib:File__Tags_Helper:Synched_Test (CVE-2019-11372). Out-of-bounds read in function File__Analyze:Get_L8 (CVE-2019-11373).