Linux Advisory Watch: May 8th, 2020

The update for salt for the oldstable distribution (stretch) released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt packages are now available to correct this issue. For reference, the original advisory text follows.

The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-3885

Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector (disabled by default in Debian) or a man-in-the-middle attack against the JMX interface.

A vulnerability was found in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope (trust/oauth/application credential) could create an EC2 credential with an escalated permission, such as obtaining "admin" while

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create files on the server, disclose private information, create open

Several vulnerabilities were discovered in salt, a powerful remote execution manager, which could result in retrieve of user tokens from the salt master, execution of arbitrary commands on salt minions, arbitrary directory access to authenticated users or arbitrary code

Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in information disclosure, denial of service or the execution of arbitrary code if malformed image files are processed.

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be

Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector (disabled by default in Debian).

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling attacks.

Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets.

- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html

- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

0.7.5

https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html

Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).

Update to Samba 4.11.8

Update to Samba 4.11.8

ceph-14.2.9 GA Security fix for CVE-2020-1760 ceph: header-splitting in RGW GetObject has a possible XSS Security fix for CVE-2020-1759 ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions

Update to Samba 4.10.15

Update to Samba 4.10.15

- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

- New Firefox upstream release (76.0) - New nss release needed for Firefox (3.51.1) - More info at https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

Update to OpenJDK 8u252 (April Critical Patch Update) - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8227542: Manifest improved jar headers -

Upstream security/bugfix release

Update to upstream's security update, Critical Patch Update April 2020. See: https://bitly.com/oj1107

Update to Samba 4.12.2

Update to Samba 4.12.2

A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.

Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated

Another day, another chromium update. This one fixes: CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 ---- Fix dependency issue introduced when switching from a "shared" build to a "static" build. ---- A new major version of Chromium without any security bugs! Just kidding. Here's the CVE list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456

A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.

- Update to GIT 20200421 - Added patch against race condition in setting permissions on output file (#1182024) - Added patch to revert environment redirect allowing `export XZ_OPT="-9"` or similar

The 5.6.8 stable kernel update contains a number of important fixes across the tree.

The 5.6.8 stable kernel update contains a number of important fixes across the tree.

The 5.6.8 stable kernel update contains a number of important fixes across the tree.

Update to upstream's security update, Critical Patch Update April 2020. See: https://bitly.com/oj1107

OpenJDK 14 April CPU update

Security fix for CVE-2020-5260 and CVE-2020-11008 CVE-2020-5260 - From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt): > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The

Update to 2.9.10 * Fix CVE-2019-19956, CVE-2019-20388 and CVE-2020-7595

Fix CVE-2020-12050 (use mktemp(1) for temp. file name creation)

- Update to GIT 20200421 - Added patch against race condition in setting permissions on output file (#1182024) - Added patch to revert environment redirect allowing `export XZ_OPT="-9"` or similar

multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741] (#1823912, #1823914) Missing memory barriers in read-write unlock paths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742] (#1823943)

**horde 5.2.22** * [jan] SECURITY: Protect image processing service from rendering active SVG content within the browser. * [jan] SECURITY: Fix XSS vulnerabilities in administration interface. * [jan] Support Redis Sentinel configuration (Michael Menge <This email address is being protected from spambots. You need JavaScript enabled to view it.>, Request #14998). * [jan] Use file hashing for detecting outdated configuration files.

Multiple vulnerabilities have been found in Django, the worst of which could result in privilege escalation.

Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code.

Multiple vulnerabilities have been found in libu2f-host, the worst of which could result in the execution of code.

Multiple vulnerabilities have been found in FontForge, the worst of which could result in the arbitrary execution of code.

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update for sqlite is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for presto-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for hadoop-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for ose-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for ose-cluster-policy-controller-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for cri-o is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for haproxy is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for git is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for git is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes three vulnerabilities is now available.

An update that contains security fixes can now be installed.

An update that solves two vulnerabilities and has 8 fixes is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves 5 vulnerabilities and has 10 fixes is now available.

An update that solves one vulnerability and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that solves one vulnerability and has four fixes is now available.

An update that fixes one vulnerability is now available.

An update that contains security fixes can now be installed.

An update that solves one vulnerability and has three fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that fixes three vulnerabilities is now available.

An update that solves three vulnerabilities and has one errata is now available.

An update that fixes three vulnerabilities is now available.

An update that solves 28 vulnerabilities and has 20 fixes is now available.

An update that fixes 6 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

Firefox could be made to crash or run programs as your login if it opened a malicious website.

OpenLDAP could be made to crash if it received specially crafted network traffic.

OpenLDAP could be made to crash if it received specially crafted network traffic.

The system could be made to expose sensitive information.

Several security issues were fixed in PHP.

Several security issues were fixed in MySQL.

Several security issues were fixed in edk2.

Several security issues were fixed in Python.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

It was discovered that there was an arbitrary content injection vulnerability in the Mailman mailing list manager. For Debian 8 "Jessie", this issue has been fixed in mailman version

It was discovered that there was a denial of service attack in the SQLite database, often embedded into other programs and servers. In the event of a semantic error in an aggregate query, SQLite did

Several vulnerabilities were discovered in Ansible, a configuration management, deployment, and task execution system.

A Denial of Service (DoS) vulnerability was discovered in the network time protocol server/client, ntp. ntp allowed an "off-path" attacker to block unauthenticated

A regression has been found in the patch for CVE-2016-10711 of pound, a reverse proxy, load balancer and HTTPS front-end for Web servers. Without the fix pound can be tricked to use 100% CPU.

A vulnerability was discovered in mailman. GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against

A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service (slapd daemon

Several vulnerabilities have been discovered in otrs2 (Open source Ticket Request System)

It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack.

An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers, that may allow

Two issues have been found in w3m, WWW browsable pager with excellent tables/frames support.

An issue has been found in yodl, a pre-document language. Hanno Bock discovered that there was a buffer over-read vulnerability.

The package salt before version 2019.2.4-1 is vulnerable to multiple issues including arbitrary command execution and arbitrary filesystem access.

The package libmicrodns before version 0.1.2-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure.

The package webkit2gtk before version 2.28.2-1 is vulnerable to arbitrary code execution.

The package chromium before version 81.0.4044.129-1 is vulnerable to arbitrary code execution.

The package git before version 2.26.2-1 is vulnerable to information disclosure.

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1962

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1489

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1561

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1511

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1507

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1512

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1509

Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) SL6 x86_64 firefox-68.8.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.8.0-1.el6_10. [More...]

squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) SL7 x86_64 squid-3.5.20-15.el7_8.1.x86_64.rpm s [More...]

Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) SL7 x86_64 firefox-68.8.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.8.0-1.el7_8.x8 [More...]

An update that fixes 5 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes four vulnerabilities is now available.

An update that fixes 5 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that solves one vulnerability and has two fixes is now available.

An update that solves 5 vulnerabilities and has 7 fixes is now available.

An update that contains security fixes can now be installed.

An update that fixes two vulnerabilities is now available.

An update that solves 15 vulnerabilities and has 8 fixes is now available.

An update that fixes three vulnerabilities is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes one vulnerability is now available.

An update that fixes 11 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

Updated libvncserver packages fix security vulnerability: libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value (CVE-2019-20788).

Updated roundcubemail packages fix security vulnerabilities: - Cross-Site Scripting (XSS) via malicious HTML content (CVE-2020-12625) - CSRF attack can cause an authenticated user to be logged out

Updated samba packages fix security vulnerabilities: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server (CVE-2020-10700).

Updated qt4 packages fix security vulnerabilities: A double-free or corruption during parsing of a specially crafted illegal XML document (CVE-2018-15518).

Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets (CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080).

Updated matio packages fix a security vulnerability: Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c (CVE-2019-13107).

This update is based on the upstream 5.6.8 kernel and fixes atleast the following security issue: usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a

Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation

Updated fortune-mod fixes integer and buffer overflows that might have security implications. References: - https://bugs.mageia.org/show_bug.cgi?id=26567

Chromium-browser 81.0.4044.129 fixes security issues: Multiple flaws were found in the way Chromium 81.0.4044.122 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive

Updated libsndfile packages fix security vulnerabilities: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service (CVE-2018-19661).

The updated packages fix a security vulnerability: A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.

Updated openvpn packages fix security vulnerability: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the

Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file (CVE-2019-15767).

Updated dolphin-emu package fixes security vulnerabilities Dolphin Emulator includes a modified copy of the SoundTouch library at version 1.9.2. That version is subject to the following security issues:

Updated qtbase5 packages fix security vulnerability: An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to

Updated teeworlds packages fix security vulnerabilities Teeworlds before 0.7.4 is subject to an integer overflow when computing a tilemap size (CVE-2019-20787).

Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring (CVE-2020-11722).

The updated packages fix security vulnerabilities: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. (CVE-2020-11758)

Updated webkit2 packages fix security vulnerability: A memory consumption issue was addressed with improved memory handling. A remote attacker may be able to cause arbitrary code execution (CVE-2020-3899).

Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a

Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system (CVE-2020-10663).