You are not authorised to post comments.

    ccommentViewComments Object ( [document] => [_name:protected] => comments [_models:protected] => Array ( ) [_basePath:protected] => /var/www/www.linuxsecurity.com-443/html/components/com_comment [_defaultModel:protected] => [_layout:protected] => default [_layoutExt:protected] => php [_layoutTemplate:protected] => _ [_path:protected] => Array ( [template] => Array ( [0] => /var/www/www.linuxsecurity.com-443/html/templates/shaperhelix_child/html/com_comment/templates/default/ [1] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/templates/default/ [2] => /var/www/www.linuxsecurity.com-443/html/templates/shaperhelix_child/html/com_content/comments/ [3] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/views/comments/tmpl/ ) [helper] => Array ( [0] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/helpers/ ) ) [_template:protected] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/templates/default/default_menu.php [_output:protected] => [_escape:protected] => htmlspecialchars [_charset:protected] => UTF-8 [_errors:protected] => Array ( ) [baseurl] => [plugin] => CcommentComponentContentPlugin Object ( [row] => stdClass Object ( [id] => 268398 [asset_id] => 103618 [title] => Linux Advisory Watch: June 7th, 2019 [alias] => linux-advisory-watch-june-7th-2019 [introtext] => Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. [fulltext] =>

    LinuxSecurity.com Feature Extras:

    Guardian Digital Celebrates 20 Years of Revolutionizing Digital Security, Securing Email with Open Source - Pioneers of business email security for the past 20 years, Guardian Digital draws on the merits of Open Source coupled with expert engineering and unparalleled customer support.

    Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats - Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.


     Debian: DSA-4457-1: evolution security update (Jun 7)
     

    Hanno Bck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the security bar with encryption and signature information above the message

     Debian: DSA-4454-2: qemu regression update (Jun 6)
     

    Vincent Tondellier reported that the qemu update issued as DSA 4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDS vulnerabilities. Updated qemu packages are now available to correct this issue.

     Debian: DSA-4456-1: exim4 security update (Jun 5)
     

    The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient address in the deliver_message() function may result in the execution of arbitrary commands.

     Debian: DSA-4455-1: heimdal security update (Jun 3)
     

    Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. CVE-2018-16860

     Debian: DSA-4454-1: qemu security update (May 30)
     

    Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure.


     Fedora 30: hostapd Security Update (Jun 6)
     

    Update to version 2.8 from upstream, Security fix for [CVE-2019-11555]

     Fedora 30: cyrus-imapd Security Update (Jun 6)
     

    Update to version 3.0.10, which fixes a security issue (a buffer overrun vulnerability in the httpd daemon, CVE-2019-11356).

     Fedora 29: kernel-headers Security Update (Jun 5)
     

    Rebase to the v5.1 kernel series

     Fedora 29: kernel Security Update (Jun 5)
     

    Rebase to the v5.1 kernel series

     Fedora 29: kernel-tools Security Update (Jun 5)
     

    Rebase to the v5.1 kernel series

     Fedora 30: deepin-api Security Update (Jun 5)
     

    Fix improper checks in deepin-api polkit actions

     Fedora 30: php Security Update (Jun 5)
     

    **PHP version 7.3.6** (30 May 2019) **cURL:** * Implemented FR php#72189 (Add missing CURL_VERSION_* constants). (Javier Spagnoletti) **EXIF:** * Fixed bug php#77988 (heap-buffer-overflow on php_jpg_get16). (CVE-2019-11040) (Stas) **FPM:** * Fixed bug php#77934 (php-fpm kill -USR2 not working). (Jakub Zelenka) * Fixed bug php#77921 (static.php.net doesn't work anymore). (Peter

     Fedora 29: kernel-headers Security Update (Jun 3)
     

    The 5.0.19 update contains a number of important fixes across the tree ---- The 5.0.18 kernel update contains a number of important fixes across the tree.

     Fedora 29: kernel-tools Security Update (Jun 3)
     

    The 5.0.19 update contains a number of important fixes across the tree ---- The 5.0.18 kernel update contains a number of important fixes across the tree.

     Fedora 29: kernel Security Update (Jun 3)
     

    The 5.0.19 update contains a number of important fixes across the tree ---- The 5.0.18 kernel update contains a number of important fixes across the tree.

     Fedora 29: sqlite Security Update (Jun 3)
     

    Security fix for CVE-2019-5827, CVE-2019-9937, CVE-2019-9936

     Fedora 29: drupal7-module_filter Security Update (Jun 2)
     

    - https://www.drupal.org/project/module_filter/releases/7.x-2.2 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-042](https://www.drupal.org/sa-contrib-2019-042)

     Fedora 29: drupal7-views Security Update (Jun 2)
     

    - https://www.drupal.org/project/views/releases/7.x-3.23 - https://www.drupal.org/project/views/releases/7.x-3.22 - https://www.drupal.org/project/views/releases/7.x-3.21 - [Less critical - Cross site scripting - SA-CONTRIB-2019-036](https://www.drupal.org/sa- contrib-2019-036) - [Moderately critical - Information disclosure - SA-

     Fedora 29: sleuthkit Security Update (Jun 2)
     

    Update to 4.6.6 Various bugfixes on the 4.6 branch

     Fedora 29: drupal7-ds Security Update (Jun 2)
     

    - https://www.drupal.org/project/ds/releases/7.x-2.16 - https://www.drupal.org/project/ds/releases/7.x-2.15 - [Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019](https://www.drupal.org/sa- contrib-2018-019)

     Fedora 29: drupal7-uuid Security Update (Jun 2)
     

    - https://www.drupal.org/project/uuid/releases/7.x-1.2 - https://www.drupal.org/project/uuid/releases/7.x-1.1 - [Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045](https://www.drupal.org/sa- contrib-2018-045)

     Fedora 29: drupal7-xmlsitemap Security Update (Jun 2)
     

    - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.6 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.5 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.4 - [Moderately critical - Information Disclosure - SA- CONTRIB-2018-053](https://www.drupal.org/sa-contrib-2018-053) -

     Fedora 29: drupal7-context Security Update (Jun 2)
     

    - https://www.drupal.org/project/context/releases/7.x-3.10 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-028](https://www.drupal.org/sa-contrib-2019-028) - https://www.drupal.org/project/context/releases/7.x-3.9 - https://www.drupal.org/project/context/releases/7.x-3.8

     Fedora 29: drupal7-path_breadcrumbs Security Update (Jun 2)
     

    - https://www.drupal.org/project/path_breadcrumbs/releases/7.x-3.4 - [Less critical - Cross site scripting - SA- CONTRIB-2019-027](https://www.drupal.org/sa-contrib-2019-027)

     Fedora 30: drupal7-ds Security Update (Jun 1)
     

    - https://www.drupal.org/project/ds/releases/7.x-2.16 - https://www.drupal.org/project/ds/releases/7.x-2.15 - [Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019](https://www.drupal.org/sa- contrib-2018-019)

     Fedora 30: drupal7-uuid Security Update (Jun 1)
     

    - https://www.drupal.org/project/uuid/releases/7.x-1.2 - https://www.drupal.org/project/uuid/releases/7.x-1.1 - [Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045](https://www.drupal.org/sa- contrib-2018-045)

     Fedora 30: drupal7-xmlsitemap Security Update (Jun 1)
     

    - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.6 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.5 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.4 - [Moderately critical - Information Disclosure - SA- CONTRIB-2018-053](https://www.drupal.org/sa-contrib-2018-053) -

     Fedora 30: drupal7-context Security Update (Jun 1)
     

    - https://www.drupal.org/project/context/releases/7.x-3.10 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-028](https://www.drupal.org/sa-contrib-2019-028) - https://www.drupal.org/project/context/releases/7.x-3.9 - https://www.drupal.org/project/context/releases/7.x-3.8

     Fedora 30: drupal7-path_breadcrumbs Security Update (Jun 1)
     

    - https://www.drupal.org/project/path_breadcrumbs/releases/7.x-3.4 - [Less critical - Cross site scripting - SA- CONTRIB-2019-027](https://www.drupal.org/sa-contrib-2019-027)

     Fedora 30: drupal7-module_filter Security Update (Jun 1)
     

    - https://www.drupal.org/project/module_filter/releases/7.x-2.2 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-042](https://www.drupal.org/sa-contrib-2019-042)

     Fedora 30: drupal7-views Security Update (Jun 1)
     

    - https://www.drupal.org/project/views/releases/7.x-3.23 - https://www.drupal.org/project/views/releases/7.x-3.22 - https://www.drupal.org/project/views/releases/7.x-3.21 - [Less critical - Cross site scripting - SA-CONTRIB-2019-036](https://www.drupal.org/sa- contrib-2019-036) - [Moderately critical - Information disclosure - SA-

     Fedora 30: sleuthkit Security Update (Jun 1)
     

    Update to 4.6.6 Various bugfixes on the 4.6 branch

     Fedora 30: cryptopp Security Update (May 31)
     

    Update to 8.2.0.

     Fedora 29: xen Security Update (May 30)
     

    Microarchitectural Data Sampling speculative side channel [XSA-297, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091] additional patches so above applies cleanly work around grub2 issues in dom0

     Fedora 29: drupal7-entity Security Update (May 30)
     

    - https://www.drupal.org/project/entity/releases/7.x-1.9 - https://www.drupal.org/sa-contrib-2018-013

     Fedora 30: drupal7-entity Security Update (May 30)
     

    - https://www.drupal.org/project/entity/releases/7.x-1.9 - https://www.drupal.org/sa-contrib-2018-013


     Gentoo: GLSA-201906-01: Exim: Remote command execution (Jun 6)
     

    A vulnerability in Exim could allow a remote attacker to execute arbitrary commands.


     RedHat: RHSA-2019-1399:01 Moderate: qpid-proton security update (Jun 6)
     

    An update for qpid-proton is now available for Red Hat OpenStack Platform 14 (Rocky). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1400:01 Moderate: qpid-proton security update (Jun 6)
     

    An update for qpid-proton is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1398:01 Moderate: qpid-proton security update (Jun 6)
     

    An update for qpid-proton is now available for Red Hat OpenStack Platform 14 (Rocky). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1352:01 Moderate: etcd security, bug fix, (Jun 4)
     

    An update for etcd is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

     RedHat: RHSA-2019-1350:01 Low: kernel-alt security and bug fix update (Jun 4)
     

    An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

     RedHat: RHSA-2019-1329:01 Important: rh-python36-python-jinja2 security (Jun 4)
     

    An update for rh-python36-python-jinja2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2019-1326:01 Important: Red Hat JBoss Fuse/A-MQ 6.3 R12 (Jun 4)
     

    An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2019-1322:01 Important: systemd security and bug fix update (Jun 4)
     

    An update for systemd is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2019-1325:01 Important: java-1.8.0-ibm security update (Jun 4)
     

    An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1309:01 Important: thunderbird security update (Jun 3)
     

    An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1308:01 Important: thunderbird security update (Jun 3)
     

    An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1310:01 Important: thunderbird security update (Jun 3)
     

    An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1301:01 Low: Red Hat Enterprise Linux 7.2 E4S and TUS (May 30)
     

    This is the 6 month notification for the retirement of Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions (E4S) and Telecommunications Update Service (TUS). This notification applies only to those customers subscribed to the Update Services for SAP Solutions (E4S) and

     RedHat: RHSA-2019-1300:01 Moderate: go-toolset-1.11-golang security update (May 30)
     

    An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1297:01 Important: Red Hat JBoss Core Services Apache (May 30)
     

    An update is now available for JBoss Core Services on RHEL 6 and RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1296:01 Important: Red Hat JBoss Core Services Apache (May 30)
     

    Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 2 zip release for RHEL 6 and RHEL 7 is available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,


     SUSE: 2019:14074-1 important: bind (Jun 6)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2019:1441-1 important: Recommended mariadb, mariadb-connector-c (Jun 6)
     

    An update that solves 24 vulnerabilities and has two fixes is now available.

     SUSE: 2019:1440-1 moderate: rubygem-rack (Jun 6)
     

    An update that solves one vulnerability and has one errata is now available.

     SUSE: 2019:1439-1 important: python (Jun 6)
     

    An update that fixes two vulnerabilities is now available.

     SUSE: 2019:1438-1 important: libvirt (Jun 6)
     

    An update that fixes 5 vulnerabilities is now available.

     SUSE: 2019:1437-1 important: the Linux Kernel (Live Patch 1 for SLE 15) (Jun 6)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1425-1 important: the Linux Kernel (Live Patch 33 for SLE 12 SP1) (Jun 5)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1423-1 important: libvirt (Jun 5)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2019:1422-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP1) (Jun 5)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1407-1 important: bind (Jun 3)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2019:1405-1 important: MozillaFirefox (Jun 3)
     

    An update that fixes 13 vulnerabilities is now available.

     SUSE: 2018:3963-2 important: apache2-mod_jk (May 31)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1398-1 libpng16 (May 31)
     

    An update that solves two vulnerabilities and has one errata is now available.

     SUSE: 2019:1388-1 important: MozillaFirefox (May 31)
     

    An update that fixes 13 vulnerabilities is now available.

     SUSE: 2019:1390-1 moderate: gnome-shell (May 31)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1391-1 moderate: evolution (May 31)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1392-1 moderate: java-1_7_0-openjdk (May 31)
     

    An update that fixes 6 vulnerabilities is now available.

     SUSE: 2019:1389-1 cronie (May 31)
     

    An update that solves two vulnerabilities and has two fixes is now available.

     SUSE: 2019:14068-1 important: mailman (May 31)
     

    An update that solves one vulnerability and has one errata is now available.

     SUSE: 2019:14069-1 jpeg (May 31)
     

    An update that fixes two vulnerabilities is now available.

     SUSE: 2019:1382-1 moderate: axis (May 30)
     

    An update that fixes two vulnerabilities is now available.

     SUSE: 2019:1381-1 important: rmt-server (May 30)
     

    An update that solves two vulnerabilities and has 10 fixes is now available.


     Debian LTS: DLA-1815-1: poppler security update (Jun 6)
     

    Several vulnerabilities have been found in the poppler PDF rendering library, which could result in denial of service or possibly other unspecified impact when processing malformed or maliciously crafted files.

     Debian LTS: DLA-1814-1: python-django security update (Jun 5)
     

    It was discovered that there was a cross-site scripting (XSS) vulnerability in the Django web development framework. For Debian 8 "Jessie", this issue has been fixed in python-django version

     Debian LTS: DLA-1812-1: doxygen security update (May 31)
     

    Insufficient sanitization of the query parameter in search_opensearch.php could lead to reflected cross-site scripting or iframe injection.

     Debian LTS: DLA-1811-1: miniupnpd security update (May 30)
     

    Ben Barnea and colleagues from VDOO discovered several vulnerabilities in miniupnpd, a small daemon that provides UPnP Internet Gateway Device and Port Mapping Protocol services.

     Debian LTS: DLA-1810-1: tomcat7 security update (May 30)
     

    Nightwatch Cybersecurity Research team identified a XSS vulnerability in tomcat7. The SSI printenv command echoes user provided data without escaping. SSI is disabled by default. The printenv command is intended


     ArchLinux: 201906-3: binutils: multiple issues (Jun 5)
     

    The package binutils before version 2.32-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

     ArchLinux: 201906-2: python-django: cross-site scripting (Jun 4)
     

    The package python-django before version 2.2.2-1 is vulnerable to cross-site scripting.

     ArchLinux: 201906-1: python2-django: cross-site scripting (Jun 4)
     

    The package python2-django before version 1.11.21-1 is vulnerable to cross-site scripting.

     ArchLinux: 201905-17: live-media: multiple issues (May 31)
     

    The package live-media before version 2019.05.12-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

     ArchLinux: 201905-15: lib32-curl: arbitrary code execution (May 31)
     

    The package lib32-curl before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-16: curl: arbitrary code execution (May 31)
     

    The package curl before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-14: lib32-libcurl-compat: arbitrary code execution (May 31)
     

    The package lib32-libcurl-compat before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-12: libcurl-gnutls: arbitrary code execution (May 31)
     

    The package libcurl-gnutls before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-13: lib32-libcurl-gnutls: arbitrary code execution (May 31)
     

    The package lib32-libcurl-gnutls before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-11: libcurl-compat: arbitrary code execution (May 31)
     

    The package libcurl-compat before version 7.65.0-1 is vulnerable to arbitrary code execution.


     SciLinux: Important: thunderbird on SL6.x i386/x86_64 (Jun 4)
     

    Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-a [More...]

     SciLinux: Important: thunderbird on SL7.x x86_64 (Jun 4)
     

    Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-a [More...]


     openSUSE: 2019:1524-1: important: Security update exim (Jun 7)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1520-1: cronie (Jun 5)
     

    An update that solves two vulnerabilities and has two fixes is now available.

     openSUSE: 2019:1510-1: moderate: libtasn1 (Jun 5)
     

    An update that fixes two vulnerabilities is now available.

     openSUSE: 2019:1508-1: important: curl (Jun 4)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1507-1: moderate: Recommended GraphicsMagick (Jun 4)
     

    An update that contains security fixes can now be installed.

     openSUSE: 2019:1506-1: important: containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (Jun 3)
     

    An update that solves 5 vulnerabilities and has 6 fixes is now available.

     openSUSE: 2019:1505-1: important: libvirt (Jun 3)
     

    An update that fixes four vulnerabilities is now available.

     openSUSE: 2019:1500-1: moderate: java-1_7_0-openjdk (Jun 3)
     

    An update that fixes 6 vulnerabilities is now available.

     openSUSE: 2019:1503-1: moderate: php5 (Jun 3)
     

    An update that fixes 8 vulnerabilities is now available.

     openSUSE: 2019:1499-1: important: containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (Jun 3)
     

    An update that solves 5 vulnerabilities and has 6 fixes is now available.

     openSUSE: 2019:1501-1: moderate: php7 (Jun 3)
     

    An update that fixes three vulnerabilities is now available.

     openSUSE: 2019:1498-1: moderate: libtasn1 (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1492-1: important: curl (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1497-1: moderate: axis (Jun 3)
     

    An update that fixes two vulnerabilities is now available.

     openSUSE: 2019:1491-1: moderate: Recommended GraphicsMagick (Jun 3)
     

    An update that contains security fixes can now be installed.

     openSUSE: 2019:1494-1: moderate: NetworkManager (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1495-1: important: Recommended sles12sp3-docker-image, sles12sp4-image, system-user-root (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1488-1: important: chromium (Jun 2)
     

    An update that fixes two vulnerabilities is now available.

     openSUSE: 2019:1484-1: important: MozillaThunderbird (Jun 2)
     

    An update that fixes 16 vulnerabilities is now available.

     openSUSE: 2019:1485-1: moderate: screen (Jun 2)
     

    An update that solves one vulnerability and has one errata is now available.

     openSUSE: 2019:1486-1: moderate: doxygen (Jun 2)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1481-1: important: lxc, lxcfs (May 31)
     

    An update that fixes 6 vulnerabilities is now available.

     openSUSE: 2019:1475-1: libu2f-host (May 30)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1476-1: moderate: bluez (May 30)
     

    An update that fixes four vulnerabilities is now available.

     openSUSE: 2019:1477-1: important: gnutls (May 30)
     

    An update that solves one vulnerability and has one errata is now available.


     Mageia 2019-0185: kernel security update (May 30)
     

    This kernel update provides the upstream 4.14.121. It adds additional fixes to the the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities. It also fixes the following security issues:

    [state] => 1 [catid] => 157 [created] => 2019-06-07 07:18:21 [created_by] => 62 [created_by_alias] => LinuxSecurity.com Team [modified] => 2019-06-07 12:52:47 [modified_by] => 84437 [checked_out] => 0 [checked_out_time] => 0000-00-00 00:00:00 [publish_up] => 2019-06-07 07:18:21 [publish_down] => 0000-00-00 00:00:00 [images] => {"image_intro":"images\/HomepageBannerImages\/LS-hmepg-337x500_14.jpg","float_intro":"","image_intro_alt":"","image_intro_caption":"","image_fulltext":"images\/HomepageBannerImages\/LS-hmepg-337x500_14.jpg","float_fulltext":"","image_fulltext_alt":"","image_fulltext_caption":""} [urls] => {"urla":false,"urlatext":"","targeta":"","urlb":false,"urlbtext":"","targetb":"","urlc":false,"urlctext":"","targetc":""} [attribs] => {"article_layout":"","show_title":"","link_titles":"","show_tags":"","show_intro":"","info_block_position":"","info_block_show_title":"","show_category":"","link_category":"","show_parent_category":"","link_parent_category":"","show_associations":"","show_author":"","link_author":"","show_create_date":"","show_modify_date":"","show_publish_date":"","show_item_navigation":"","show_icons":"","show_print_icon":"","show_email_icon":"","show_vote":"","show_hits":"","show_noauth":"","urls_position":"","alternative_readmore":"","article_page_title":"","show_publishing_options":"","show_article_options":"","show_urls_images_backend":"","show_urls_images_frontend":"","spfeatured_image":"","spfeatured_image_alt":"","post_format":"standard","gallery":"","audio":"","video":"","link_title":"","link_url":"","quote_text":"","quote_author":"","post_status":""} [version] => 4 [ordering] => 1 [metakey] => linux, advisory, watch, june, 7th, 2019 [metadesc] => Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers o [access] => 1 [hits] => 68 [metadata] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [robots] => [author] => [rights] => [xreference] => ) [initialized:protected] => 1 [separator] => . ) [featured] => 1 [language] => * [xreference] => [category_title] => Linux Advisory Watch [category_alias] => linux-advisory-watch [category_access] => 1 [author] => LinuxSecurity Advisories [parent_title] => Newsletters [parent_id] => 183 [parent_route] => newsletters [parent_alias] => newsletters [rating] => [rating_count] => [params] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [article_layout] => _:default [show_title] => 1 [link_titles] => 1 [show_intro] => 1 [info_block_position] => 0 [info_block_show_title] => 1 [show_category] => 1 [link_category] => 1 [show_parent_category] => 0 [link_parent_category] => 0 [show_associations] => 0 [flags] => 1 [show_author] => 1 [link_author] => 0 [show_create_date] => 0 [show_modify_date] => 0 [show_publish_date] => 1 [show_item_navigation] => 1 [show_vote] => 0 [show_readmore] => 1 [show_readmore_title] => 1 [readmore_limit] => 100 [show_tags] => 1 [show_icons] => 1 [show_print_icon] => 1 [show_email_icon] => 0 [show_hits] => 1 [show_noauth] => 0 [urls_position] => 0 [captcha] => [show_publishing_options] => 1 [show_article_options] => 1 [save_history] => 1 [history_limit] => 10 [show_urls_images_frontend] => 0 [show_urls_images_backend] => 1 [targeta] => 0 [targetb] => 0 [targetc] => 0 [float_intro] => left [float_fulltext] => left [category_layout] => _:blog [show_category_heading_title_text] => 1 [show_category_title] => 0 [show_description] => 0 [show_description_image] => 0 [maxLevel] => 1 [show_empty_categories] => 0 [show_no_articles] => 1 [show_subcat_desc] => 1 [show_cat_num_articles] => 0 [show_cat_tags] => 1 [show_base_description] => 1 [maxLevelcat] => -1 [show_empty_categories_cat] => 0 [show_subcat_desc_cat] => 1 [show_cat_num_articles_cat] => 1 [num_leading_articles] => 0 [num_intro_articles] => 5 [num_columns] => 1 [num_links] => 4 [multi_column_order] => 0 [show_subcategory_content] => 0 [show_pagination_limit] => 1 [filter_field] => hide [show_headings] => 1 [list_show_date] => 0 [date_format] => [list_show_hits] => 1 [list_show_author] => 1 [orderby_pri] => alpha [orderby_sec] => rdate [order_date] => created [show_pagination] => 2 [show_pagination_results] => 1 [show_featured] => show [show_feed_link] => 1 [feed_summary] => 0 [feed_show_readmore] => 0 [sef_advanced] => 1 [sef_ids] => 1 [custom_fields_enable] => 0 [show_page_heading] => 0 [layout_type] => blog [menu_text] => 1 [menu_show] => 1 [secure] => 0 [menulayout] => {"width":600,"menuItem":1,"menuAlign":"right","layout":[{"type":"row","attr":[{"type":"column","colGrid":12,"menuParentId":"112","moduleId":""}]}]} [megamenu] => 0 [showmenutitle] => 1 [enable_page_title] => 0 [page_title] => Newsletters [page_description] => LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals. [page_rights] => [robots] => [post_format] => standard [access-view] => 1 ) [initialized:protected] => 1 [separator] => . ) [tagLayout] => Joomla\CMS\Layout\FileLayout Object ( [layoutId:protected] => joomla.content.tags [basePath:protected] => [fullPath:protected] => [includePaths:protected] => Array ( ) [options:protected] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [component] => com_content [client] => 0 ) [initialized:protected] => [separator] => . ) [data:protected] => Array ( ) [debugMessages:protected] => Array ( ) ) [slug] => 268398:linux-advisory-watch-june-7th-2019 [catslug] => 157:linux-advisory-watch [parent_slug] => 183:newsletters [readmore_link] => /newsletters/linux-advisory-watch/linux-advisory-watch-june-7th-2019 [text] => Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

    LinuxSecurity.com Feature Extras:

    Guardian Digital Celebrates 20 Years of Revolutionizing Digital Security, Securing Email with Open Source - Pioneers of business email security for the past 20 years, Guardian Digital draws on the merits of Open Source coupled with expert engineering and unparalleled customer support.

    Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats - Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.


     Debian: DSA-4457-1: evolution security update (Jun 7)
     

    Hanno Bck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the security bar with encryption and signature information above the message

     Debian: DSA-4454-2: qemu regression update (Jun 6)
     

    Vincent Tondellier reported that the qemu update issued as DSA 4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDS vulnerabilities. Updated qemu packages are now available to correct this issue.

     Debian: DSA-4456-1: exim4 security update (Jun 5)
     

    The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient address in the deliver_message() function may result in the execution of arbitrary commands.

     Debian: DSA-4455-1: heimdal security update (Jun 3)
     

    Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. CVE-2018-16860

     Debian: DSA-4454-1: qemu security update (May 30)
     

    Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure.


     Fedora 30: hostapd Security Update (Jun 6)
     

    Update to version 2.8 from upstream, Security fix for [CVE-2019-11555]

     Fedora 30: cyrus-imapd Security Update (Jun 6)
     

    Update to version 3.0.10, which fixes a security issue (a buffer overrun vulnerability in the httpd daemon, CVE-2019-11356).

     Fedora 29: kernel-headers Security Update (Jun 5)
     

    Rebase to the v5.1 kernel series

     Fedora 29: kernel Security Update (Jun 5)
     

    Rebase to the v5.1 kernel series

     Fedora 29: kernel-tools Security Update (Jun 5)
     

    Rebase to the v5.1 kernel series

     Fedora 30: deepin-api Security Update (Jun 5)
     

    Fix improper checks in deepin-api polkit actions

     Fedora 30: php Security Update (Jun 5)
     

    **PHP version 7.3.6** (30 May 2019) **cURL:** * Implemented FR php#72189 (Add missing CURL_VERSION_* constants). (Javier Spagnoletti) **EXIF:** * Fixed bug php#77988 (heap-buffer-overflow on php_jpg_get16). (CVE-2019-11040) (Stas) **FPM:** * Fixed bug php#77934 (php-fpm kill -USR2 not working). (Jakub Zelenka) * Fixed bug php#77921 (static.php.net doesn't work anymore). (Peter

     Fedora 29: kernel-headers Security Update (Jun 3)
     

    The 5.0.19 update contains a number of important fixes across the tree ---- The 5.0.18 kernel update contains a number of important fixes across the tree.

     Fedora 29: kernel-tools Security Update (Jun 3)
     

    The 5.0.19 update contains a number of important fixes across the tree ---- The 5.0.18 kernel update contains a number of important fixes across the tree.

     Fedora 29: kernel Security Update (Jun 3)
     

    The 5.0.19 update contains a number of important fixes across the tree ---- The 5.0.18 kernel update contains a number of important fixes across the tree.

     Fedora 29: sqlite Security Update (Jun 3)
     

    Security fix for CVE-2019-5827, CVE-2019-9937, CVE-2019-9936

     Fedora 29: drupal7-module_filter Security Update (Jun 2)
     

    - https://www.drupal.org/project/module_filter/releases/7.x-2.2 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-042](https://www.drupal.org/sa-contrib-2019-042)

     Fedora 29: drupal7-views Security Update (Jun 2)
     

    - https://www.drupal.org/project/views/releases/7.x-3.23 - https://www.drupal.org/project/views/releases/7.x-3.22 - https://www.drupal.org/project/views/releases/7.x-3.21 - [Less critical - Cross site scripting - SA-CONTRIB-2019-036](https://www.drupal.org/sa- contrib-2019-036) - [Moderately critical - Information disclosure - SA-

     Fedora 29: sleuthkit Security Update (Jun 2)
     

    Update to 4.6.6 Various bugfixes on the 4.6 branch

     Fedora 29: drupal7-ds Security Update (Jun 2)
     

    - https://www.drupal.org/project/ds/releases/7.x-2.16 - https://www.drupal.org/project/ds/releases/7.x-2.15 - [Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019](https://www.drupal.org/sa- contrib-2018-019)

     Fedora 29: drupal7-uuid Security Update (Jun 2)
     

    - https://www.drupal.org/project/uuid/releases/7.x-1.2 - https://www.drupal.org/project/uuid/releases/7.x-1.1 - [Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045](https://www.drupal.org/sa- contrib-2018-045)

     Fedora 29: drupal7-xmlsitemap Security Update (Jun 2)
     

    - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.6 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.5 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.4 - [Moderately critical - Information Disclosure - SA- CONTRIB-2018-053](https://www.drupal.org/sa-contrib-2018-053) -

     Fedora 29: drupal7-context Security Update (Jun 2)
     

    - https://www.drupal.org/project/context/releases/7.x-3.10 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-028](https://www.drupal.org/sa-contrib-2019-028) - https://www.drupal.org/project/context/releases/7.x-3.9 - https://www.drupal.org/project/context/releases/7.x-3.8

     Fedora 29: drupal7-path_breadcrumbs Security Update (Jun 2)
     

    - https://www.drupal.org/project/path_breadcrumbs/releases/7.x-3.4 - [Less critical - Cross site scripting - SA- CONTRIB-2019-027](https://www.drupal.org/sa-contrib-2019-027)

     Fedora 30: drupal7-ds Security Update (Jun 1)
     

    - https://www.drupal.org/project/ds/releases/7.x-2.16 - https://www.drupal.org/project/ds/releases/7.x-2.15 - [Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019](https://www.drupal.org/sa- contrib-2018-019)

     Fedora 30: drupal7-uuid Security Update (Jun 1)
     

    - https://www.drupal.org/project/uuid/releases/7.x-1.2 - https://www.drupal.org/project/uuid/releases/7.x-1.1 - [Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045](https://www.drupal.org/sa- contrib-2018-045)

     Fedora 30: drupal7-xmlsitemap Security Update (Jun 1)
     

    - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.6 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.5 - https://www.drupal.org/project/xmlsitemap/releases/7.x-2.4 - [Moderately critical - Information Disclosure - SA- CONTRIB-2018-053](https://www.drupal.org/sa-contrib-2018-053) -

     Fedora 30: drupal7-context Security Update (Jun 1)
     

    - https://www.drupal.org/project/context/releases/7.x-3.10 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-028](https://www.drupal.org/sa-contrib-2019-028) - https://www.drupal.org/project/context/releases/7.x-3.9 - https://www.drupal.org/project/context/releases/7.x-3.8

     Fedora 30: drupal7-path_breadcrumbs Security Update (Jun 1)
     

    - https://www.drupal.org/project/path_breadcrumbs/releases/7.x-3.4 - [Less critical - Cross site scripting - SA- CONTRIB-2019-027](https://www.drupal.org/sa-contrib-2019-027)

     Fedora 30: drupal7-module_filter Security Update (Jun 1)
     

    - https://www.drupal.org/project/module_filter/releases/7.x-2.2 - [Moderately critical - Cross site scripting - SA- CONTRIB-2019-042](https://www.drupal.org/sa-contrib-2019-042)

     Fedora 30: drupal7-views Security Update (Jun 1)
     

    - https://www.drupal.org/project/views/releases/7.x-3.23 - https://www.drupal.org/project/views/releases/7.x-3.22 - https://www.drupal.org/project/views/releases/7.x-3.21 - [Less critical - Cross site scripting - SA-CONTRIB-2019-036](https://www.drupal.org/sa- contrib-2019-036) - [Moderately critical - Information disclosure - SA-

     Fedora 30: sleuthkit Security Update (Jun 1)
     

    Update to 4.6.6 Various bugfixes on the 4.6 branch

     Fedora 30: cryptopp Security Update (May 31)
     

    Update to 8.2.0.

     Fedora 29: xen Security Update (May 30)
     

    Microarchitectural Data Sampling speculative side channel [XSA-297, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091] additional patches so above applies cleanly work around grub2 issues in dom0

     Fedora 29: drupal7-entity Security Update (May 30)
     

    - https://www.drupal.org/project/entity/releases/7.x-1.9 - https://www.drupal.org/sa-contrib-2018-013

     Fedora 30: drupal7-entity Security Update (May 30)
     

    - https://www.drupal.org/project/entity/releases/7.x-1.9 - https://www.drupal.org/sa-contrib-2018-013


     Gentoo: GLSA-201906-01: Exim: Remote command execution (Jun 6)
     

    A vulnerability in Exim could allow a remote attacker to execute arbitrary commands.


     RedHat: RHSA-2019-1399:01 Moderate: qpid-proton security update (Jun 6)
     

    An update for qpid-proton is now available for Red Hat OpenStack Platform 14 (Rocky). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1400:01 Moderate: qpid-proton security update (Jun 6)
     

    An update for qpid-proton is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1398:01 Moderate: qpid-proton security update (Jun 6)
     

    An update for qpid-proton is now available for Red Hat OpenStack Platform 14 (Rocky). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1352:01 Moderate: etcd security, bug fix, (Jun 4)
     

    An update for etcd is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

     RedHat: RHSA-2019-1350:01 Low: kernel-alt security and bug fix update (Jun 4)
     

    An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

     RedHat: RHSA-2019-1329:01 Important: rh-python36-python-jinja2 security (Jun 4)
     

    An update for rh-python36-python-jinja2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2019-1326:01 Important: Red Hat JBoss Fuse/A-MQ 6.3 R12 (Jun 4)
     

    An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2019-1322:01 Important: systemd security and bug fix update (Jun 4)
     

    An update for systemd is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

     RedHat: RHSA-2019-1325:01 Important: java-1.8.0-ibm security update (Jun 4)
     

    An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1309:01 Important: thunderbird security update (Jun 3)
     

    An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1308:01 Important: thunderbird security update (Jun 3)
     

    An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1310:01 Important: thunderbird security update (Jun 3)
     

    An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1301:01 Low: Red Hat Enterprise Linux 7.2 E4S and TUS (May 30)
     

    This is the 6 month notification for the retirement of Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions (E4S) and Telecommunications Update Service (TUS). This notification applies only to those customers subscribed to the Update Services for SAP Solutions (E4S) and

     RedHat: RHSA-2019-1300:01 Moderate: go-toolset-1.11-golang security update (May 30)
     

    An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

     RedHat: RHSA-2019-1297:01 Important: Red Hat JBoss Core Services Apache (May 30)
     

    An update is now available for JBoss Core Services on RHEL 6 and RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

     RedHat: RHSA-2019-1296:01 Important: Red Hat JBoss Core Services Apache (May 30)
     

    Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 2 zip release for RHEL 6 and RHEL 7 is available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,


     SUSE: 2019:14074-1 important: bind (Jun 6)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2019:1441-1 important: Recommended mariadb, mariadb-connector-c (Jun 6)
     

    An update that solves 24 vulnerabilities and has two fixes is now available.

     SUSE: 2019:1440-1 moderate: rubygem-rack (Jun 6)
     

    An update that solves one vulnerability and has one errata is now available.

     SUSE: 2019:1439-1 important: python (Jun 6)
     

    An update that fixes two vulnerabilities is now available.

     SUSE: 2019:1438-1 important: libvirt (Jun 6)
     

    An update that fixes 5 vulnerabilities is now available.

     SUSE: 2019:1437-1 important: the Linux Kernel (Live Patch 1 for SLE 15) (Jun 6)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1425-1 important: the Linux Kernel (Live Patch 33 for SLE 12 SP1) (Jun 5)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1423-1 important: libvirt (Jun 5)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2019:1422-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP1) (Jun 5)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1407-1 important: bind (Jun 3)
     

    An update that fixes four vulnerabilities is now available.

     SUSE: 2019:1405-1 important: MozillaFirefox (Jun 3)
     

    An update that fixes 13 vulnerabilities is now available.

     SUSE: 2018:3963-2 important: apache2-mod_jk (May 31)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1398-1 libpng16 (May 31)
     

    An update that solves two vulnerabilities and has one errata is now available.

     SUSE: 2019:1388-1 important: MozillaFirefox (May 31)
     

    An update that fixes 13 vulnerabilities is now available.

     SUSE: 2019:1390-1 moderate: gnome-shell (May 31)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1391-1 moderate: evolution (May 31)
     

    An update that fixes one vulnerability is now available.

     SUSE: 2019:1392-1 moderate: java-1_7_0-openjdk (May 31)
     

    An update that fixes 6 vulnerabilities is now available.

     SUSE: 2019:1389-1 cronie (May 31)
     

    An update that solves two vulnerabilities and has two fixes is now available.

     SUSE: 2019:14068-1 important: mailman (May 31)
     

    An update that solves one vulnerability and has one errata is now available.

     SUSE: 2019:14069-1 jpeg (May 31)
     

    An update that fixes two vulnerabilities is now available.

     SUSE: 2019:1382-1 moderate: axis (May 30)
     

    An update that fixes two vulnerabilities is now available.

     SUSE: 2019:1381-1 important: rmt-server (May 30)
     

    An update that solves two vulnerabilities and has 10 fixes is now available.


     Debian LTS: DLA-1815-1: poppler security update (Jun 6)
     

    Several vulnerabilities have been found in the poppler PDF rendering library, which could result in denial of service or possibly other unspecified impact when processing malformed or maliciously crafted files.

     Debian LTS: DLA-1814-1: python-django security update (Jun 5)
     

    It was discovered that there was a cross-site scripting (XSS) vulnerability in the Django web development framework. For Debian 8 "Jessie", this issue has been fixed in python-django version

     Debian LTS: DLA-1812-1: doxygen security update (May 31)
     

    Insufficient sanitization of the query parameter in search_opensearch.php could lead to reflected cross-site scripting or iframe injection.

     Debian LTS: DLA-1811-1: miniupnpd security update (May 30)
     

    Ben Barnea and colleagues from VDOO discovered several vulnerabilities in miniupnpd, a small daemon that provides UPnP Internet Gateway Device and Port Mapping Protocol services.

     Debian LTS: DLA-1810-1: tomcat7 security update (May 30)
     

    Nightwatch Cybersecurity Research team identified a XSS vulnerability in tomcat7. The SSI printenv command echoes user provided data without escaping. SSI is disabled by default. The printenv command is intended


     ArchLinux: 201906-3: binutils: multiple issues (Jun 5)
     

    The package binutils before version 2.32-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

     ArchLinux: 201906-2: python-django: cross-site scripting (Jun 4)
     

    The package python-django before version 2.2.2-1 is vulnerable to cross-site scripting.

     ArchLinux: 201906-1: python2-django: cross-site scripting (Jun 4)
     

    The package python2-django before version 1.11.21-1 is vulnerable to cross-site scripting.

     ArchLinux: 201905-17: live-media: multiple issues (May 31)
     

    The package live-media before version 2019.05.12-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.

     ArchLinux: 201905-15: lib32-curl: arbitrary code execution (May 31)
     

    The package lib32-curl before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-16: curl: arbitrary code execution (May 31)
     

    The package curl before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-14: lib32-libcurl-compat: arbitrary code execution (May 31)
     

    The package lib32-libcurl-compat before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-12: libcurl-gnutls: arbitrary code execution (May 31)
     

    The package libcurl-gnutls before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-13: lib32-libcurl-gnutls: arbitrary code execution (May 31)
     

    The package lib32-libcurl-gnutls before version 7.65.0-1 is vulnerable to arbitrary code execution.

     ArchLinux: 201905-11: libcurl-compat: arbitrary code execution (May 31)
     

    The package libcurl-compat before version 7.65.0-1 is vulnerable to arbitrary code execution.


     SciLinux: Important: thunderbird on SL6.x i386/x86_64 (Jun 4)
     

    Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-a [More...]

     SciLinux: Important: thunderbird on SL7.x x86_64 (Jun 4)
     

    Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-a [More...]


     openSUSE: 2019:1524-1: important: Security update exim (Jun 7)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1520-1: cronie (Jun 5)
     

    An update that solves two vulnerabilities and has two fixes is now available.

     openSUSE: 2019:1510-1: moderate: libtasn1 (Jun 5)
     

    An update that fixes two vulnerabilities is now available.

     openSUSE: 2019:1508-1: important: curl (Jun 4)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1507-1: moderate: Recommended GraphicsMagick (Jun 4)
     

    An update that contains security fixes can now be installed.

     openSUSE: 2019:1506-1: important: containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (Jun 3)
     

    An update that solves 5 vulnerabilities and has 6 fixes is now available.

     openSUSE: 2019:1505-1: important: libvirt (Jun 3)
     

    An update that fixes four vulnerabilities is now available.

     openSUSE: 2019:1500-1: moderate: java-1_7_0-openjdk (Jun 3)
     

    An update that fixes 6 vulnerabilities is now available.

     openSUSE: 2019:1503-1: moderate: php5 (Jun 3)
     

    An update that fixes 8 vulnerabilities is now available.

     openSUSE: 2019:1499-1: important: containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (Jun 3)
     

    An update that solves 5 vulnerabilities and has 6 fixes is now available.

     openSUSE: 2019:1501-1: moderate: php7 (Jun 3)
     

    An update that fixes three vulnerabilities is now available.

     openSUSE: 2019:1498-1: moderate: libtasn1 (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1492-1: important: curl (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1497-1: moderate: axis (Jun 3)
     

    An update that fixes two vulnerabilities is now available.

     openSUSE: 2019:1491-1: moderate: Recommended GraphicsMagick (Jun 3)
     

    An update that contains security fixes can now be installed.

     openSUSE: 2019:1494-1: moderate: NetworkManager (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1495-1: important: Recommended sles12sp3-docker-image, sles12sp4-image, system-user-root (Jun 3)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1488-1: important: chromium (Jun 2)
     

    An update that fixes two vulnerabilities is now available.

     openSUSE: 2019:1484-1: important: MozillaThunderbird (Jun 2)
     

    An update that fixes 16 vulnerabilities is now available.

     openSUSE: 2019:1485-1: moderate: screen (Jun 2)
     

    An update that solves one vulnerability and has one errata is now available.

     openSUSE: 2019:1486-1: moderate: doxygen (Jun 2)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1481-1: important: lxc, lxcfs (May 31)
     

    An update that fixes 6 vulnerabilities is now available.

     openSUSE: 2019:1475-1: libu2f-host (May 30)
     

    An update that fixes one vulnerability is now available.

     openSUSE: 2019:1476-1: moderate: bluez (May 30)
     

    An update that fixes four vulnerabilities is now available.

     openSUSE: 2019:1477-1: important: gnutls (May 30)
     

    An update that solves one vulnerability and has one errata is now available.


     Mageia 2019-0185: kernel security update (May 30)
     

    This kernel update provides the upstream 4.14.121. It adds additional fixes to the the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities. It also fixes the following security issues:

    [tags] => Joomla\CMS\Helper\TagsHelper Object ( [tagsChanged:protected] => [replaceTags:protected] => [typeAlias] => [itemTags] => Array ( ) ) [jcfields] => Array ( ) [event] => stdClass Object ( [afterDisplayTitle] => [beforeDisplayContent] => ) [prev] => /newsletters/linux-advisory-watch/linux-advisory-watch-june-14th-2019 [next] => /newsletters/linux-advisory-watch/linux-advisory-watch-may-31st-2019 [prev_label] => Prev [next_label] => Next [pagination] => [paginationposition] => 1 [paginationrelative] => 0 ) [params] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [article_layout] => _:default [show_title] => 1 [link_titles] => 1 [show_intro] => 1 [info_block_position] => 0 [info_block_show_title] => 1 [show_category] => 1 [link_category] => 1 [show_parent_category] => 0 [link_parent_category] => 0 [show_associations] => 0 [flags] => 1 [show_author] => 1 [link_author] => 0 [show_create_date] => 0 [show_modify_date] => 0 [show_publish_date] => 1 [show_item_navigation] => 1 [show_vote] => 0 [show_readmore] => 1 [show_readmore_title] => 1 [readmore_limit] => 100 [show_tags] => 1 [show_icons] => 1 [show_print_icon] => 1 [show_email_icon] => 0 [show_hits] => 1 [show_noauth] => 0 [urls_position] => 0 [captcha] => [show_publishing_options] => 1 [show_article_options] => 1 [save_history] => 1 [history_limit] => 10 [show_urls_images_frontend] => 0 [show_urls_images_backend] => 1 [targeta] => 0 [targetb] => 0 [targetc] => 0 [float_intro] => left [float_fulltext] => left [category_layout] => _:blog [show_category_heading_title_text] => 1 [show_category_title] => 0 [show_description] => 0 [show_description_image] => 0 [maxLevel] => 1 [show_empty_categories] => 0 [show_no_articles] => 1 [show_subcat_desc] => 1 [show_cat_num_articles] => 0 [show_cat_tags] => 1 [show_base_description] => 1 [maxLevelcat] => -1 [show_empty_categories_cat] => 0 [show_subcat_desc_cat] => 1 [show_cat_num_articles_cat] => 1 [num_leading_articles] => 0 [num_intro_articles] => 5 [num_columns] => 1 [num_links] => 4 [multi_column_order] => 0 [show_subcategory_content] => 0 [show_pagination_limit] => 1 [filter_field] => hide [show_headings] => 1 [list_show_date] => 0 [date_format] => [list_show_hits] => 1 [list_show_author] => 1 [orderby_pri] => alpha [orderby_sec] => rdate [order_date] => created [show_pagination] => 2 [show_pagination_results] => 1 [show_featured] => show [show_feed_link] => 1 [feed_summary] => 0 [feed_show_readmore] => 0 [sef_advanced] => 1 [sef_ids] => 1 [custom_fields_enable] => 0 [show_page_heading] => 0 [layout_type] => blog [menu_text] => 1 [menu_show] => 1 [secure] => 0 [menulayout] => {"width":600,"menuItem":1,"menuAlign":"right","layout":[{"type":"row","attr":[{"type":"column","colGrid":12,"menuParentId":"112","moduleId":""}]}]} [megamenu] => 0 [showmenutitle] => 1 [enable_page_title] => 0 [page_title] => Newsletters [page_description] => LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals. [page_rights] => [robots] => [post_format] => standard [access-view] => 1 ) [initialized:protected] => 1 [separator] => . ) ) [config] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [basic] => stdClass Object ( [include_categories] => 1 [categories] => Array ( [0] => 179 [1] => 171 [2] => 84 [3] => 83 [4] => 82 [5] => 81 [6] => 80 [7] => 79 [8] => 78 [9] => 77 [10] => 76 [11] => 75 [12] => 74 [13] => 73 [14] => 72 [15] => 69 [16] => 67 [17] => 178 [18] => 181 [19] => 87 [20] => 89 [21] => 91 [22] => 98 [23] => 99 [24] => 100 [25] => 172 [26] => 197 [27] => 198 [28] => 199 [29] => 200 [30] => 182 [31] => 159 [32] => 102 [33] => 183 [34] => 157 [35] => 156 [36] => 184 [37] => 107 [38] => 106 [39] => 105 [40] => 104 [41] => 103 [42] => 185 [43] => 186 [44] => 108 [45] => 187 [46] => 160 [47] => 166 [48] => 169 [49] => 161 [50] => 167 [51] => 162 [52] => 163 [53] => 188 [54] => 170 [55] => 189 [56] => 196 ) [exclude_content_items] => Array ( ) [disable_additional_comments] => Array ( ) ) [security] => stdClass Object ( [authorised_users] => Array ( [0] => 6 [1] => 7 [2] => 2 [3] => 3 [4] => 4 [5] => 5 [6] => 8 ) [auto_publish] => 1 [notify_moderators] => 0 [moderators] => Array ( [0] => 8 ) [captcha] => 1 [captcha_type] => default [maxlength_text] => 30000 ) [layout] => stdClass Object ( [tree] => 1 [sort] => 0 [comments_per_page] => 10 [support_ubb] => 1 [support_pictures] => 0 [pictures_maxwidth] => 200 [voting_visible] => 1 [date_format] => age [show_readon] => 1 [menu_readon] => 0 [intro_only] => 0 [emoticon_pack] => modern ) [template] => stdClass Object ( [template] => default ) [template_params] => stdClass Object ( [emulate_bootstrap] => 1 [minify_scripts] => 0 [notify_users] => 1 [pagination_position] => 0 [form_position] => 1 [form_avatar] => 1 [form_ubb] => 1 [required_user] => 1 [required_email] => 1 [show_rss] => 1 [show_search] => 1 [preview_visible] => 1 [preview_length] => 80 [preview_lines] => 10 ) [integrations] => stdClass Object ( [gravatar] => 1 [support_profiles] => 0 ) [global] => stdClass Object ( [censorship_word_list] => Array ( ) ) ) [initialized:protected] => 1 [separator] => . [id] => 1 [component] => com_content ) [count] => 0 [contentId] => 268398 [component] => com_content [allowedToPost] => [discussionClosed] => [emoticons] => Array ( [:angry:] => /media/com_comment/emoticons/modern/images/Angry.gif [:angry-red:] => /media/com_comment/emoticons/modern/images/Angry-Red.gif [:evil:] => /media/com_comment/emoticons/modern/images/Evil-Toothy.gif [:idea:] => /media/com_comment/emoticons/modern/images/Idea.gif [:love:] => /media/com_comment/emoticons/modern/images/Love.gif [:x] => /media/com_comment/emoticons/modern/images/Mad.gif [:no-comments:] => /media/com_comment/emoticons/modern/images/No-Comments.gif [:ooo:] => /media/com_comment/emoticons/modern/images/Oooo.gif [:pirate:] => /media/com_comment/emoticons/modern/images/Pirate.gif [:?:] => /media/com_comment/emoticons/modern/images/Question.gif [:(] => /media/com_comment/emoticons/modern/images/Sad.gif [:sleep:] => /media/com_comment/emoticons/modern/images/Sleeping.gif [:)] => /media/com_comment/emoticons/modern/images/Smile.gif [,)] => /media/com_comment/emoticons/modern/images/Wink.gif [,))] => /media/com_comment/emoticons/modern/images/Wink-2.gif [:0] => /media/com_comment/emoticons/modern/images/Wooo.gif ) [customfieldsForm] => Joomla\CMS\Form\Form Object ( [data:protected] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( ) [initialized:protected] => [separator] => . ) [errors:protected] => Array ( ) [name:protected] => customfields [options:protected] => Array ( [control] => jform ) [xml:protected] => SimpleXMLElement Object ( [fields] => SimpleXMLElement Object ( [@attributes] => Array ( [name] => customfields ) ) ) [repeat] => ) )

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"0","type":"x","order":"4","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.