Linux Advisory Watch: March 27th, 2020

It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause

Andre Bargull discovered an integer overflow in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code.

Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-20503

A denial of service vulnerability (by triggering high CPU consumption) was found in Tor, a connection-based low-latency anonymous communication system.

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when strip=False and 'math' or 'svg' tags and one or more of the RCDATA tags were whitelisted.

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed

The 5.5.11 stable kernel update contains a number of important fixes across the tree.

* New upstream release 5.3.1 (rhbz#1814882) * Fixes CVE-2020-1747 (rhbz#1807367,1809011)

Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio

* New upstream release 5.3.1 (rhbz#1814882) * Fixes CVE-2020-1747 (rhbz#1807367,1809011)

Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio

**PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big

Security and performance fixes.

**PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big

**PHP version 7.4.4** (19 Mar 2020) **Core:** * Fixed bug php#79329 (get_headers() silently truncates after a null byte) (**CVE-2020-7066**) (cmb) * Fixed bug php#79244 (php crashes during parsing INI file). (Laruence) * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **CURL:** * Fixed bug php#79019 (Copied cURL handles upload

Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing

Update Fedora 32 to the final release version of 8u242 (http://bitly.com/oj8u242) bringing in the last security updates, in line with packages already in Fedora 30 & 31 This also resolves RHBZ#1813550 which was seen with the previous attempt at this update.

Security fix for CVE-2020-9359

Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio

Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default except on NVIDIA. List of CVEs fixed (since last update): * CVE-2019-20446 * CVE-2020-6381 * CVE-2020-6382 * CVE-2020-6383 * CVE-2020-6384 * CVE-2020-6385 * CVE-2020-6386 * CVE-2020-6387 * CVE-2020-6388 * CVE-2020-6389 * CVE-2020-6390 * CVE-2020-6391 * CVE-2020-6392 *

Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing

Automatic update for libarchive-3.4.2-1.fc32.

A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in QtCore, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in libvpx, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in UnZip, the worst of which could result in the execution of arbitrary code.

Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands.

Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation.

A vulnerability in Zsh might allow an attacker to escalate privileges.

Multiple vulnerabilities have been found in Pure-FTPd, the worst of which could allow remote attackers to cause a Denial of Service condition. [More...]

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. [More...]

Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution.

Multiple vulnerabilities have been found in WeeChat, the worst of which could allow remote attackers to cause a Denial of Service condition.

Multiple vulnerabilities were found in Tor, the worst of which could allow remote attackers to cause a Denial of Service condition.

A vulnerability in BlueZ might allow remote attackers to bypass security restrictions.

Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files.

A vulnerability in Exim could allow a remote attacker to execute arbitrary code.

Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition.

A flaw in PyYAML might allow attackers to execute arbitrary code.

A heap-based buffer overflow in Binary diff might allow remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to arbitrary code execution.

Multiple vulnerabilities have been found in libgit2, the worst of which could result in the arbitrary execution of code.

A heap-based buffer overflow in GNU FriBidi might allow remote attackers to execute arbitrary code.

Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code.

An SQL injection vulnerability in phpMyAdmin may allow attackers to execute arbitrary SQL statements.

A vulnerability in Imagick PHP extension might allow an attacker to execute arbitrary code.

An update for ipmitool is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

A minor version update (from 7.5 to 7.6) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact

An update for ipmitool is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for ipmitool is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for openshift-enterprise-mediawiki-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for openshift-istio-kiali-rhel7-operator-container is now available for Openshift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for Jaeger and Kiali is now available for Openshift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openshift-enterprise-template-service-broker-operator-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact

An update for openshift-enterprise-builder-container, openshift-enterprise-cli-container, and ose-cli-artifacts-container is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact

An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.3.7 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.3.7 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New Red Hat Single Sign-On 7.3.7 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

Red Hat AMQ Streams 1.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for devtoolset-8-gcc is now available for Red Hat Developer Toolset 8 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libvncserver is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libvncserver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for libvncserver is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat AMQ Broker 7.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for openshift-enterprise-postgresql-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openshift-enterprise-mariadb-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openshift-enterprise-mediawiki-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for jenkins-slave-base-rhel7-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openshift-enterprise-mysql-apb is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openshift-enterprise-mediawiki-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openshift-enterprise-apb-base-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat OpenShift Container Platform release 3.11.188 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for icu is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for icu is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New kernel packages are available for Slackware 14.2 to fix security issues.

New gd packages are available for Slackware 14.2 and -current to fix security issues.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that solves one vulnerability and has 6 fixes is now available.

An update that solves one vulnerability and has 6 fixes is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes 7 vulnerabilities is now available.

IBus could allow local users to capture key strokes of other locally logged in users.

Several security issues were fixed in Vim.

Several security issues were fixed in Twisted.

Several security issues were fixed in the kernel.

Two security issues have been identified and fixed in php5, a server-side, HTML-embedded scripting language.

Mickael Karatekin from Sysdream Labs discovered that the Okular document viewer allows code execution via an action link in a PDF document.

An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on

Several issues have been found in weechat, a fast, light and extensible chat client. All issues are about crafted messages, that could result in

An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the

Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle

The following packages CVE(s) were reported against phpmyadmin. CVE-2020-10802

The following CVE(s) were reported against jackson-databind. CVE-2020-10672

A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that allows allows an attacker to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers.

It was discovered that there were was a regression introduced in DLA-2145-1 due to the incorrect application of the upstream patch for CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework

The package bluez before version 5.54-1 is vulnerable to access restriction bypass.

The package chromium before version 80.0.3987.149-1 is vulnerable to multiple issues including access restriction bypass, arbitrary code execution and information disclosure.

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0898

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0892

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0896

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0912

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0816

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0914

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0815

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0905

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0897

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0913

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0851

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0855

Upstream details at : https://access.redhat.com/errata/RHSA-2020:0853

Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addre [More...]

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) SL6 noarch tomcat6-6.0.24-114.el6_10.noarch.rpm tomcat6-admin-webapps-6.0.24-114.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-114.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-114.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-114.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-114.el6_10.noarch.rpm [More...]

libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow (CVE-2019-15690) SL7 x86_64 libvncserver-0.9.9-14.el7_7.i686.rpm libvncserver-0.9.9-14.el7_7.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm libvncserver-devel-0.9.9-14.el7_7.i686.rpm libvncserver-devel-0.9.9-14.el7_7.x [More...]

Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addre [More...]

An update that solves four vulnerabilities and has 37 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has one errata is now available.

An update that solves one vulnerability and has one errata is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes can now be installed.

An update that fixes 7 vulnerabilities is now available.

An update that fixes 9 vulnerabilities is now available.

An update that fixes 59 vulnerabilities is now available.