Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Interview with Security Expert and Author Ira Winkler: Advanced Persistent Security, Threat Intelligence, Social Engineering and more - Brittany Day recently had a conversation with acclaimed cyber security expert Ira Winkler, author of Advanced Persistent Security: A Cyberwarfare Approach.

IBM Closes its $34 Billion Acquisition of Red Hat: A Monumental Moment for Open Source - In the tech giants largest deal ever and one of the biggest deals in US history, IBM closed its $34 billion acquisition of Red Hat on Tuesday July 9, 2019. Red Hat will now be a unit of IBMs hybrid cloud division and Red Hat CEO Jim Whitehurst will join IBMs senior management team. This event has significant meaning that extends beyond is monetary value: it is a testament to the power of Open Source and the opportunity it offers businesses of all sizes across all industries.

  Debian: DSA-4488-1: exim4 security update (Jul 25)
 

Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default (and unusual) configurations where ${sort } expansion is used for items
  Debian: DSA-4487-1: neovim security update (Jul 23)
 

User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features:
  Debian: DSA-4486-1: openjdk-11 security update (Jul 21)
 

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
  Debian: DSA-4485-1: openjdk-8 security update (Jul 21)
 

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
  Debian: DSA-4484-1: linux security update (Jul 20)
 

Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.
 
  Fedora 30: kernel FEDORA-2019-9d3fe6fd5b (Jul 25)
 

Update to v5.1.19
  Fedora 30: kernel-headers FEDORA-2019-9d3fe6fd5b (Jul 25)
 

Update to v5.1.19
  Fedora 29: java-latest-openjdk FEDORA-2019-f27e187c76 (Jul 24)
 

Update including July CPU fixes.
  Fedora 30: java-latest-openjdk FEDORA-2019-97bb9c43b9 (Jul 24)
 

Update including July CPU fixes.
  Fedora 29: slurm FEDORA-2019-4ca3a39825 (Jul 23)
 

* Release of 18.08.8 * Closes security issue (CVE-2019-12838) * Configure for UCX support on supported arches
  Fedora 30: slurm FEDORA-2019-5d0d2619df (Jul 23)
 

* Release of 18.08.8 * Closes security issue (CVE-2019-12838) * Configure for UCX support on supported arches
  Fedora 30: gvfs FEDORA-2019-6ed5523cc0 (Jul 21)
 

Update to 1.40.2
  Fedora 29: samba FEDORA-2019-8966706e33 (Jul 19)
 

Update to Samba 4.9.11 ---- Update to Samba 4.9.9 Security fixes for CVE-2019-12435
  Fedora 29: libldb FEDORA-2019-8966706e33 (Jul 19)
 

Update to Samba 4.9.11 ---- Update to Samba 4.9.9 Security fixes for CVE-2019-12435
  Fedora 29: kernel FEDORA-2019-a95015e60f (Jul 18)
 

Update to v5.1.18 ---- Update to v5.1.17
  Fedora 29: kernel-headers FEDORA-2019-a95015e60f (Jul 18)
 

Update to v5.1.18 ---- Update to v5.1.17
  Fedora 29: knot-resolver FEDORA-2019-20f95b0b39 (Jul 18)
 

- fixes security issues CVE-2019-10190 and CVE-2019-10191 -

  Fedora 30: knot-resolver FEDORA-2019-fdb50c675d (Jul 18)
 

- fixes security issues CVE-2019-10190 and CVE-2019-10191 -

  Fedora 29: freetds FEDORA-2019-14d102033e (Jul 18)
 

Upgrade to 1.1.11
  Fedora 30: freetds FEDORA-2019-f74072a45d (Jul 18)
 

Upgrade to 1.1.11
 
  RedHat: RHSA-2019-1862:01 Low: Red Hat OpenShift Enterprise one-month (Jul 26)
 

This is the one-month notification for the end of the maintenance phase for Red Hat OpenShift Enterprise 3.6 and 3.7. This notification applies only to customers with subscriptions for Red Hat OpenShift Enterprise 3.6 and 3.7. 2. Description:
  RedHat: RHSA-2019-1860:01 Important: rh-redis32-redis security update (Jul 25)
 

An update for rh-redis32-redis is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-1851:01 Moderate: OpenShift Container Platform 3.11 (Jul 24)
 

An update for atomic-openshift and jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1852:01 Moderate: OpenShift Container Platform 3.9 (Jul 24)
 

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1833:01 Low: CloudForms 4.7.7 security, (Jul 24)
 

An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2019-1839:01 Moderate: java-1.7.0-openjdk security update (Jul 23)
 

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1840:01 Moderate: java-1.7.0-openjdk security update (Jul 23)
 

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1823:01 Important: Red Hat Process Automation Manager (Jul 22)
 

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-1822:01 Important: Red Hat Decision Manager 7.4.0 (Jul 22)
 

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-1821:01 Important: rh-nodejs8-nodejs security update (Jul 22)
 

An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-1820:01 Important: rh-maven35-jackson-databind security (Jul 22)
 

An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-1819:01 Important: rh-redis5-redis security update (Jul 22)
 

An update for rh-redis5-redis is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-1815:01 Moderate: java-1.8.0-openjdk security update (Jul 22)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1817:01 Moderate: java-11-openjdk security update (Jul 22)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1810:01 Moderate: java-11-openjdk security update (Jul 22)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1811:01 Moderate: java-1.8.0-openjdk security update (Jul 22)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-1816:01 Moderate: java-1.8.0-openjdk security update (Jul 22)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
 
  Slackware: 2019-202-01: Slackware 14.2 kernel Security Update (Jul 22)
 

New kernel packages are available for Slackware 14.2 to fix security issues.
 
  SUSE: 2019:1973-1 important: rmt-server (Jul 25)
 

An update that solves two vulnerabilities and has 10 fixes is now available.
  SUSE: 2019:1972-1 moderate: libsolv, libzypp, zypper (Jul 25)
 

An update that solves three vulnerabilities and has 9 fixes is now available.
  SUSE: 2019:1971-1 moderate: libgcrypt (Jul 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:14134-1 moderate: OpenEXR (Jul 24)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:1960-1 important: MozillaThunderbird (Jul 24)
 

An update that fixes 10 vulnerabilities is now available.
  SUSE: 2019:1961-1 important: spamassassin (Jul 24)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:1962-1 moderate: openexr (Jul 24)
 

An update that fixes 5 vulnerabilities is now available.
  SUSE: 2019:1963-1 moderate: openexr (Jul 24)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2019:1958-1 moderate: glibc (Jul 23)
 

An update that solves two vulnerabilities and has one errata is now available.
  SUSE: 2019:1948-1 important: the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Jul 23)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2019:14133-1 important: microcode_ctl (Jul 23)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:1924-1 important: the Linux Kernel (Live Patch 31 for SLE 12 SP1) (Jul 23)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:1935-1 important: the Linux Kernel (Live Patch 34 for SLE 12 SP1) (Jul 23)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:1954-1 important: ucode-intel (Jul 23)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:1955-1 important: bzip2 (Jul 23)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:1910-1 important: ucode-intel (Jul 19)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:1909-1 important: ucode-intel (Jul 19)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:1895-1 moderate: tomcat (Jul 18)
 

An update that solves two vulnerabilities and has one errata is now available.
  SUSE: 2019:1896-1 moderate: libxml2 (Jul 18)
 

An update that solves one vulnerability and has two fixes is now available.
  SUSE: 2019:14127-1 important: the Linux Kernel (Jul 18)
 

An update that solves 7 vulnerabilities and has four fixes is now available.
  SUSE: 2019:1894-1 moderate: LibreOffice (Jul 18)
 

An update that solves one vulnerability and has 11 fixes is now available.
  SUSE: 2019:1888-1 important: the Linux Kernel (Live Patch 2 for SLE 15 SP1) (Jul 18)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:1882-1 important: the Linux Kernel (Live Patch 9 for SLE 15) (Jul 18)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2019:1889-1 important: the Linux Kernel (Live Patch 0 for SLE 15 SP1) (Jul 18)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:1877-1 moderate: glibc (Jul 18)
 

An update that solves two vulnerabilities and has three fixes is now available.
 
  Ubuntu 4076-1: Linux kernel vulnerabilities (Jul 25)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4054-2: Firefox regressions (Jul 25)
 

USN-4054-1 caused some minor regressions in Firefox.
  Ubuntu 4075-1: Exim vulnerability (Jul 25)
 

Exim could be made to run programs as an administrator if it received specially crafted network traffic.
  Ubuntu 4074-1: VLC vulnerabilities (Jul 25)
 

Several security issues were fixed in VLC.
  Ubuntu 4073-1: libEBML vulnerability (Jul 25)
 

libEBML could be made to crash if it opened a specially crafted file.
  Ubuntu 4072-1: Ansible vulnerabilities (Jul 24)
 

Several security issues were fixed in Ansible.
  Ubuntu 4071-2: Patch vulnerabilities (Jul 24)
 

Several security issues were fixed in Patch.
  Ubuntu 4071-1: Patch vulnerabilities (Jul 24)
 

Several security issues were fixed in Patch.
  Ubuntu 4070-1: MySQL vulnerabilities (Jul 24)
 

Several security issues were fixed in MySQL.
  Ubuntu 4069-1: Linux kernel vulnerabilities (Jul 23)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4068-2: Linux kernel (HWE) vulnerabilities (Jul 23)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4068-1: Linux kernel vulnerabilities (Jul 22)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 4067-1: Evince vulnerability (Jul 22)
 

Evince could be made to crash or run arbitrary code if it received a specially crafted PDF file.
  Ubuntu 4065-2: Squid vulnerabilities (Jul 22)
 

Several security issues were fixed in Squid.
  Ubuntu 4066-2: ClamAV vulnerability (Jul 22)
 

ClamAV could be made to expose sensitive information if it received a specially crafted CHM file.
  Ubuntu: Ubuntu 18.10 (Cosmic Cuttlefish) End of Life reached on July 18 2019 (Jul 18)
   
  Ubuntu 4066-1: libmspack vulnerability (Jul 18)
 

libmspack could be made to expose sensitive information if it received a specially crafted CHM file.
  Ubuntu 4065-1: Squid vulnerabilities (Jul 18)
 

Several security issues were fixed in Squid.
 
  Debian LTS: DLA-1864-1: patch security update (Jul 25)
 

An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed.
  Debian LTS: DLA-1730-3: libssh2 regression update (Jul 25)
 

Various security problems have been additionally fixed in libssh2, an SSH client implementation written in C++.
  Debian LTS: DLA-1863-1: linux-4.9 security update (Jul 23)
 

Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.
  Debian LTS: DLA-1862-1: linux security update (Jul 23)
 

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
  Debian LTS: DLA-1861-1: libsdl2-image security update (Jul 22)
 

The following issues have been found in libsdl2-image, the image file loading library.
  Debian LTS: DLA-1860-1: libxslt security update (Jul 22)
 

Several vulnerabilities were found in libxslt the XSLT 1.0 processing library. CVE-2016-4610
  Debian LTS: DLA-1859-1: bind9 security update (Jul 21)
 

A vulnerability was found in the Bind DNS Server. Limits on simultaneous tcp connections have not been enforced correctly and could
  Debian LTS: DLA-1858-1: squid3 security update (Jul 20)
 

Squid, a high-performance proxy caching server for web clients, has been found vulnerable to denial of service attacks associated with HTTP authentication header processing.
  Debian LTS: DLA-1857-1: nss security update (Jul 20)
 

Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.
  Debian LTS: DLA-1856-1: patch security update (Jul 19)
 

Handling of symlinks in patch, a tool to apply a diff file to an original, was wrong in certain cases.
  Debian LTS: DLA-1855-1: exiv2 security update (Jul 19)
 

It was discovered that there was an integer overflow vulnerability in exiv2, a tool to manipulate images containing (eg.) EXIF metadata. This could have resulted in a denial of service via a specially-
  Debian LTS: DLA-1833-2: bzip2 regression update (Jul 18)
 

The original fix for CVE-2019-12900 in bzip2, a high-quality block-sorting file compressor, introduces regressions when extracting
 
  CentOS: CESA-2019-1815: Moderate CentOS 7 java-1.8.0-openjdk (Jul 24)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1815
  CentOS: CESA-2019-1839: Moderate CentOS 7 java-1.7.0-openjdk (Jul 24)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1839
  CentOS: CESA-2019-1810: Moderate CentOS 7 java-11-openjdk (Jul 24)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1810
  CentOS: CESA-2019-1840: Moderate CentOS 6 java-1.7.0-openjdk (Jul 24)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1840
  CentOS: CESA-2019-1811: Moderate CentOS 6 java-1.8.0-openjdk (Jul 24)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2019:1811
 
  SciLinux: SLSA-2019-1839-1 Moderate: java-1.7.0-openjdk on SL7.x x86_64 (Jul 24)
 

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]
  SciLinux: SLSA-2019-1840-1 Moderate: java-1.7.0-openjdk on SL6.x i386/x86_64 (Jul 23)
 

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]
  SciLinux: SLSA-2019-1811-1 Moderate: java-1.8.0-openjdk on SL6.x i386/x86_64 (Jul 22)
 

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]
  SciLinux: SLSA-2019-1815-1 Moderate: java-1.8.0-openjdk on SL7.x x86_64 (Jul 22)
 

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]
  SciLinux: SLSA-2019-1810-1 Moderate: java-11-openjdk on SL7.x x86_64 (Jul 22)
 

OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 822151 [More...]
 
  openSUSE: 2019:1808-1: moderate: tomcat (Jul 25)
 

An update that solves two vulnerabilities and has one errata is now available.
  openSUSE: 2019:1805-1: important: ucode-intel (Jul 24)
 

An update that fixes four vulnerabilities is now available.
  openSUSE: 2019:1806-1: important: ucode-intel (Jul 24)
 

An update that fixes four vulnerabilities is now available.
  openSUSE: 2019:1800-1: moderate: libsass (Jul 24)
 

An update that fixes 12 vulnerabilities is now available.
  openSUSE: 2019:1796-1: important: neovim (Jul 23)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1792-1: moderate: libgcrypt (Jul 23)
 

An update that solves one vulnerability and has two fixes is now available.
  openSUSE: 2019:1794-1: moderate: mumble (Jul 23)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1791-1: moderate: libsass (Jul 23)
 

An update that fixes 12 vulnerabilities is now available.
  openSUSE: 2019:1794-1: moderate: mumble (Jul 23)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1797-1: moderate: live555 (Jul 23)
 

An update that solves two vulnerabilities and has one errata is now available.
  openSUSE: 2019:1795-1: moderate: ImageMagick (Jul 23)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:1785-1: moderate: python-Twisted (Jul 21)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1782-1: important: MozillaFirefox (Jul 21)
 

An update that fixes 10 vulnerabilities is now available.
  openSUSE: 2019:1781-1: important: bzip2 (Jul 21)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1777-1: moderate: expat (Jul 21)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1780-1: moderate: clementine (Jul 21)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1775-1: important: znc (Jul 21)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:1771-1: important: ruby-bundled-gems-rpmhelper, ruby2.5 (Jul 21)
 

An update that solves 21 vulnerabilities and has two fixes is now available.
  openSUSE: 2019:1773-1: moderate: postgresql10 (Jul 21)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:1759-1: important: neovim (Jul 21)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1767-1: important: zeromq (Jul 21)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:1770-1: moderate: kernel-firmware (Jul 21)
 

An update that solves one vulnerability and has two fixes is now available.
  openSUSE: 2019:1779-1: moderate: ledger (Jul 21)
 

An update that fixes four vulnerabilities is now available.
  openSUSE: 2019:1760-1: moderate: python-Twisted (Jul 21)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1778-1: moderate: php7 (Jul 21)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:1766-1: important: webkit2gtk3 (Jul 21)
 

An update that fixes 20 vulnerabilities is now available.
  openSUSE: 2019:1752-1: moderate: libqb (Jul 20)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1750-1: important: dbus-1 (Jul 20)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1754-1: moderate: python-requests (Jul 20)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1755-1: important: samba (Jul 20)
 

An update that solves one vulnerability and has four fixes is now available.
  openSUSE: 2019:1749-1: moderate: glib2 (Jul 20)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1758-1: important: MozillaFirefox (Jul 20)
 

An update that fixes four vulnerabilities is now available.
  openSUSE: 2019:1751-1: fence-agents (Jul 20)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:1753-1: important: libvirt (Jul 20)
 

An update that fixes four vulnerabilities is now available.
  openSUSE: 2019:1725-1: moderate: libu2f-host, pam_u2f (Jul 19)
 

An update that fixes three vulnerabilities is now available.
  openSUSE: 2019:1718-1: moderate: libqb (Jul 19)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1719-1: fence-agents (Jul 19)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:1721-1: important: bubblewrap (Jul 19)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1723-1: moderate: tomcat (Jul 19)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:1708-1: moderate: libu2f-host, pam_u2f (Jul 19)
 

An update that fixes three vulnerabilities is now available.
 
  Mageia 2019-0215: vlc security update (Jul 25)
 

VLC 3.0.7 has been released on June 6 including security fixes References: - https://bugs.mageia.org/show_bug.cgi?id=24940 - https://jbkempf.com/blog/post/2019/VLC-3.0.7-and-security/
  Mageia 2019-0214: gvfs security update (Jul 21)
 

Updated gvfs package fixes security vulnerabilities: * daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used (CVE-2019-12447). * daemon/gvfsbackendadmin.c has race conditions because the admin backend
  Mageia 2019-0213: firefox security update (Jul 21)
 

Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308
  Mageia 2019-0212: thunderbird security update (Jul 21)
 

Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308
  Mageia 2019-0211: firefox security update (Jul 21)
 

Sandbox escape via installation of malicious language pack. (CVE-2019-9811) Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308
  Mageia 2019-0210: libreswan security update (Jul 21)
 

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29 (CVE-2019-10155).
  Mageia 2019-0209: rdesktop security update (Jul 21)
 

This is a security release to address various buffer overflow and overrun issues in the rdesktop protocol handling identified by Kaspersky Lab and National Cyber Security Centre. rdesktop will now detect any attempts to access invalid areas and refuse