Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Linux Kernel Security in a Nutshell: How to Secure Your Linux System - The Linux kernel is the core component of the Linux operating system, maintaining complete control over everything in the system. It is the interface between applications and data processing at the hardware level, connecting the system hardware to the application software. The kernel manages input/output requests from software, memory, processes, peripherals and security, among other hefty responsibilities. Needless to say, the Linux kernel is pretty important.

Servers Running Linux May Get Riskier for Enterprises Next Year - The LinuxSecurity team thanksHoracio Zambrano for contributing this article. Enterprises using Linux for their cloud or data center servers may be faced with a larger threat from advanced security attackers in the near future. Based on the Linux Foundations estimates back in 2014, 75% of enterprises reported using Linux for the cloud and 79% for application deployments.

  Debian: DSA-4578-1: libvpx security update (Nov 28)
 

Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.
  Debian: DSA-4577-1: haproxy security update (Nov 28)
 

Tim Dsterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
  Debian: DSA-4576-1: php-imagick security update (Nov 25)
 

An out-of-bounds write vulnerability was discovered in php-imagick, a PHP extension to create and modify images using the ImageMagick API, which could result in denial of service, or potentially the execution of arbitrary code.
  Debian: DSA-4575-1: chromium security update (Nov 24)
 

Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-13723
  Debian: DSA-4571-2: enigmail update (Nov 24)
 

DSA 4571-1 updated Thunderbird to the 68.x series, which is incompatible with the Enigmail release shipped in Debian Buster. For the stable distribution (buster), this problem has been fixed in
 
  Fedora 31: grub2 FEDORA-2019-e99ebf23c8 (Nov 28)
 

Fix a grub hidden-menu regression and a bug in blscfg variable expansion ---- Security fix for CVE-2019-14865
  Fedora 31: nss FEDORA-2019-3f6ab3b846 (Nov 28)
 

Updates the nss package to upstream NSS 3.47.1. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes -

  Fedora 30: mod_auth_mellon FEDORA-2019-e8d74ece30 (Nov 27)
 

Fixes a CVE: CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft
  Fedora 30: xen FEDORA-2019-cbb732f760 (Nov 27)
 

add missing XSA-299 patches x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135] ---- VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] Issues with restartable PV type change operations [XSA-299,
  Fedora 31: mod_auth_mellon FEDORA-2019-1444823e77 (Nov 27)
 

Fixes a CVE: CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft
  Fedora 31: kernel FEDORA-2019-34a75d7e61 (Nov 26)
 

The 5.3.12 update contains a number of important fixes across the tree
  Fedora 31: imapfilter FEDORA-2019-a6c5d70bde (Nov 26)
 

New upstream release: fixes CVE-2016-10937
  Fedora 31: mingw-freeimage FEDORA-2019-655994894e (Nov 26)
 

Backport fixes for CVE-2019-12211 and 2019-12213
  Fedora 31: freeimage FEDORA-2019-655994894e (Nov 26)
 

Backport fixes for CVE-2019-12211 and 2019-12213
  Fedora 30: kernel FEDORA-2019-021c968423 (Nov 26)
 

The 5.3.12 update contains a number of important fixes across the tree
  Fedora 30: imapfilter FEDORA-2019-90925dd5aa (Nov 26)
 

New upstream release: fixes CVE-2016-10937
  Fedora 30: mingw-freeimage FEDORA-2019-76f546b7b8 (Nov 26)
 

Backport fixes for CVE-2019-12211 and 2019-12213
  Fedora 30: freeimage FEDORA-2019-76f546b7b8 (Nov 26)
 

Backport fixes for CVE-2019-12211 and 2019-12213
  Fedora 30: thunderbird FEDORA-2019-6dcf885e38 (Nov 26)
 

Update to latest upstream version. ---- Update to latest upstream version.
  Fedora 31: mingw-libidn2 FEDORA-2019-1ebb5c928e (Nov 24)
 

Libidn 2.3.0 (released 2019-11-14) has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 (commit 241e8f48) * Update the data tables from Unicode 6.3.0 to Unicode 11.0 * Turn `_idn2_punycode_encode`, `_idn2_punycode_decode` into compat symbols (Fixes #74)
  Fedora 29: ghostscript FEDORA-2019-7debdd1807 (Nov 23)
 

Security fix for CVE-2019-14869
  Fedora 30: rsyslog FEDORA-2019-1fb95ae48d (Nov 23)
 

rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available: * ClickHouse output * generic REST API http output * docker API input * misc. external program input (takes output of specified binary as log source)
  Fedora 31: mingw-gdal FEDORA-2019-f511b38b1f (Nov 22)
 

This update fixes CVE-2019-17545.
  Fedora 31: mingw-cfitsio FEDORA-2019-f511b38b1f (Nov 22)
 

This update fixes CVE-2019-17545.
  Fedora 30: mingw-gdal FEDORA-2019-a6960910d8 (Nov 22)
 

This update fixes CVE-2019-17545.
  Fedora 30: chromium FEDORA-2019-31b73b3e50 (Nov 22)
 

Update to latest stable (78.0.3904.97). This build contains a number of bug fixes and security updates. Changes can be viewed here: https://chromium.googlesource.com/chromium/src/+log/78.0.3904.86..78.0.3904.92?n=10000
  Fedora 30: mingw-djvulibre FEDORA-2019-f923712bab (Nov 21)
 

This update backports fixes for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145, CVE-2019-18804
  Fedora 30: mingw-hunspell FEDORA-2019-746b0b02f7 (Nov 21)
 

This update fixes CVE-2019-16707.
  Fedora 30: mingw-OpenEXR FEDORA-2019-ce3385517b (Nov 21)
 

This update backports fixes for CVE-2018-18443 and CVE-2018-18444.
  Fedora 30: php-symfony FEDORA-2019-9c2ad3b018 (Nov 21)
 

**Version 2.8.52** (2019-11-13) * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)
  Fedora 31: rsyslog FEDORA-2019-ea7d5876a4 (Nov 21)
 

rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available: * ClickHouse output * generic REST API http output * docker API input * misc. external program input (takes output of specified binary as log source)
  Fedora 31: mingw-hunspell FEDORA-2019-074bf7d2d3 (Nov 21)
 

This update fixes CVE-2019-16707.
  Fedora 31: mingw-djvulibre FEDORA-2019-6bc8be9d84 (Nov 21)
 

This update backports fixes for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144, CVE-2019-15145, CVE-2019-18804
  Fedora 31: mingw-OpenEXR FEDORA-2019-5b062c4a3b (Nov 21)
 

This update backports fixes for CVE-2018-18443 and CVE-2018-18444.
  Fedora 31: mingw-ilmbase FEDORA-2019-5b062c4a3b (Nov 21)
 

This update backports fixes for CVE-2018-18443 and CVE-2018-18444.
  Fedora 31: dpdk FEDORA-2019-019df9a459 (Nov 21)
 

Security fix for [PUT CVEs HERE]
  Fedora 31: php-symfony3 FEDORA-2019-8b0ba02338 (Nov 21)
 

**Version 3.4.35** (2019-11-13) * bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas) * security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas) * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) * security #cve-2019-18887 [HttpKernel] Use
  Fedora 31: php-symfony FEDORA-2019-5ae4fd9203 (Nov 21)
 

**Version 2.8.52** (2019-11-13) * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)
 
  Gentoo: GLSA-201911-08: Expat: Multiple vulnerabilities (Nov 24)
 

Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition.
  Gentoo: GLSA-201911-07: Mozilla Firefox: Multiple vulnerabilities (Nov 24)
 

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.
  Gentoo: GLSA-201911-06: Chromium, Google Chrome: Multiple vulnerabilities (Nov 24)
 

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
  Gentoo: GLSA-201911-05: Adobe Flash Player: Multiple vulnerabilities (Nov 24)
 

Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in the arbitrary execution of code.
 
  RedHat: RHSA-2019-4019:01 Important: Red Hat JBoss Enterprise Application (Nov 26)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-4018:01 Important: Red Hat JBoss Enterprise Application (Nov 26)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-4021:01 Important: Red Hat JBoss Enterprise Application (Nov 26)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-4020:01 Important: Red Hat JBoss Enterprise Application (Nov 26)
 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-3981:01 Important: 389-ds-base security and bug fix update (Nov 26)
 

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-3978:01 Important: kernel-rt security and bug fix update (Nov 26)
 

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-3968:01 Important: qemu-kvm-ma security update (Nov 26)
 

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-3976:01 Low: tcpdump security update (Nov 26)
 

An update for tcpdump is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2019-3979:01 Important: kernel security and bug fix update (Nov 26)
 

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-3967:01 Important: kernel security and bug fix update (Nov 26)
 

An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-3964:01 Important: python-jinja2 security update (Nov 26)
 

An update for python-jinja2 is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-3958:01 Critical: Red Hat Ansible Tower 3.6.1-1 - EL7 (Nov 25)
 

Red Hat Ansible Tower 3.6.1-1 - EL7 Container 2. Description: Ansible Tower Version 3.6.1 - -----------------------------
  RedHat: RHSA-2019-3955:01 Important: chromium-browser security update (Nov 25)
 

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-3950:01 Important: SDL security update (Nov 25)
 

An update for SDL is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-3951:01 Important: SDL security update (Nov 25)
 

An update for SDL is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2019-3948:01 Moderate: python27-python security, bug fix, (Nov 25)
 

An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-3942:01 Low: OpenShift Container Platform 4.1.24 (Nov 21)
 

An update for openshift is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2019-3941:01 Important: OpenShift Container Platform 4.1.24 (Nov 21)
 

Red Hat OpenShift Container Platform release 4.1.24 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2019-3940:01 Moderate: OpenShift Container Platform 4.1.24 (Nov 21)
 

An update for runc is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
 
  SUSE: 2019:3092-1 moderate: libarchive (Nov 28)
 

An update that fixes 10 vulnerabilities is now available.
  SUSE: 2019:3095-1 moderate: libtomcrypt (Nov 28)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3094-1 moderate: ncurses (Nov 28)
 

An update that solves three vulnerabilities and has one errata is now available.
  SUSE: 2019:3090-1 important: ucode-intel (Nov 28)
 

An update that contains security fixes can now be installed.
  SUSE: 2019:3091-1 important: ucode-intel (Nov 28)
 

An update that solves two vulnerabilities and has two fixes is now available.
  SUSE: 2019:3097-1 moderate: cloud-init (Nov 28)
 

An update that solves one vulnerability and has 6 fixes is now available.
  SUSE: 2019:3089-1 important: ucode-intel (Nov 28)
 

An update that contains security fixes can now be installed.
  SUSE: 2019:3086-1 moderate: libidn2 (Nov 28)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3085-1 libxml2 (Nov 28)
 

An update that contains security fixes can now be installed.
  SUSE: 2019:3087-1 libxml2 (Nov 28)
 

An update that contains security fixes can now be installed.
  SUSE: 2019:14233-1 moderate: bsdtar (Nov 27)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:3083-1 important: java-11-openjdk (Nov 27)
 

An update that fixes 18 vulnerabilities is now available.
  SUSE: 2019:3084-1 important: java-1_7_0-openjdk (Nov 27)
 

An update that fixes 16 vulnerabilities is now available.
  SUSE: 2019:3079-1 moderate: freerdp (Nov 26)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3076-1 important: mailman (Nov 26)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3080-1 moderate: slurm (Nov 26)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3078-1 moderate: freerdp (Nov 26)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3077-1 moderate: freerdp (Nov 26)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3067-1 important: squid (Nov 26)
 

An update that fixes 7 vulnerabilities is now available.
  SUSE: 2019:14231-1 moderate: clamav (Nov 26)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3066-1 moderate: clamav (Nov 26)
 

An update that solves two vulnerabilities and has one errata is now available.
  SUSE: 2019:3064-1 moderate: cpio (Nov 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3058-1 moderate: tiff (Nov 25)
 

An update that fixes 5 vulnerabilities is now available.
  SUSE: 2019:14229-1 important: cups (Nov 25)
 

An update that solves two vulnerabilities and has one errata is now available.
  SUSE: 2019:14228-1 important: sqlite3 (Nov 25)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3059-1 moderate: cpio (Nov 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3056-1 important: strongswan (Nov 25)
 

An update that fixes 5 vulnerabilities is now available.
  SUSE: 2019:3061-1 moderate: gcc9 (Nov 25)
 

An update that solves two vulnerabilities and has 5 fixes is now available.
  SUSE: 2019:3057-1 important: cups (Nov 25)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3060-1 moderate: libpng16 (Nov 25)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3053-1 moderate: clamav (Nov 25)
 

An update that solves two vulnerabilities and has one errata is now available.
  SUSE: 2019:3050-1 important: sqlite3 (Nov 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:14227-1 important: sqlite3 (Nov 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:14230-1 important: mailman (Nov 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3046-1 moderate: bluez (Nov 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3044-1 important: webkit2gtk3 (Nov 25)
 

An update that fixes 42 vulnerabilities is now available.
  SUSE: 2019:14226-1 moderate: libssh2_org (Nov 25)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3032-1 moderate: dpdk (Nov 21)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3033-1 moderate: djvulibre (Nov 21)
 

An update that solves one vulnerability and has one errata is now available.
  SUSE: 2019:3034-1 moderate: aspell (Nov 21)
 

An update that fixes one vulnerability is now available.
  SUSE: 2019:3030-1 important: cups (Nov 21)
 

An update that fixes two vulnerabilities is now available.
  SUSE: 2019:3024-1 moderate: python-ecdsa (Nov 21)
 

An update that fixes two vulnerabilities is now available.
 
  Ubuntu 4204-1: psutil vulnerability (Nov 28)
 

psutil could be made to crash or run programs.
  Ubuntu 4203-2: NSS vulnerability (Nov 27)
 

NSS could be made to crash or run programs if it received specially crafted input.
  Ubuntu 4203-1: NSS vulnerability (Nov 27)
 

NSS could be made to crash or run programs if it received specially crafted input.
  Ubuntu 4201-1: Ruby vulnerabilities (Nov 26)
 

Several security issues were fixed in Ruby.
  Ubuntu 4200-1: Redmine vulnerabilities (Nov 25)
 

Several security issues were fixed in redmine.
  Ubuntu 4199-1: libvpx vulnerabilities (Nov 25)
 

Several security issues were fixed in libvpx.
  Ubuntu 4189-2: DPDK regression (Nov 25)
 

USN-4189-1 introduced a regression in DPDK.
  Ubuntu 4198-1: DjVuLibre vulnerabilities (Nov 21)
 

Several security issues were fixed in DjVuLibre.
  Ubuntu 4197-1: Bind vulnerability (Nov 21)
 

Bind could be made to consume resources if it received specially crafted network traffic.
 
  Debian LTS: DLA-2014-1: vino security update (Nov 29)
 

Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment.
  Debian LTS: DLA-2013-1: libvorbis security update (Nov 27)
 

Several issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec.
  Debian LTS: DLA-2012-1: libvpx security update (Nov 26)
 

Several issues have been found in libvpx, a VP8 and VP9 video codec. CVE-2019-9232
  Debian LTS: DLA-2011-1: xmlrpc-epi security update (Nov 26)
 

An issue in xmlrpc-epi, an XML-RPC request serialisation/deserialisation library, has been found.
  Debian LTS: DLA-2010-1: bsdiff security update (Nov 26)
 

An issue in bsdiff, a tool to generate/apply a patch between two binary files, has been found.
  Debian LTS: DLA-2009-1: tiff security update (Nov 26)
 

Several issues have been found in tiff, a Tag Image File Format library. CVE-2019-17546
  Debian LTS: DLA-2008-1: nss security update (Nov 25)
 

A vulnerability has been discovered in nss, the Mozilla Network Security Service library. An out-of-bounds write can occur when passing an output buffer smaller than the block size to NSC_EncryptUpdate.
  Debian LTS: DLA-2007-1: ruby2.1 security update (Nov 25)
 

Several flaws have been found in ruby2.1, an interpreter of an object-oriented scripting language.
  Debian LTS: DLA-2006-1: libxdmcp security update (Nov 25)
 

It has been found, that libxdmcp, an X11 Display Manager Control Protocol library, uses weak entropy to generate keys.
  Debian LTS: DLA-2003-1: isc-dhcp security update (Nov 24)
 

An issue has been found in isc-dhcp, a server for automatic IP address assignment.
  Debian LTS: DLA-2002-1: libice security update (Nov 23)
 

It has been found, that libice, an X11 Inter-Client Exchange library, uses weak entropy to generate keys.
  Debian LTS: DLA-2001-1: libofx security update (Nov 23)
 

There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
  Debian LTS: DLA-2000-1: pam-python security update (Nov 23)
 

It was discovered that pam-python, a PAM Module that runs the Python interpreter, has an issue in regard to the default environment variable handling of Python. This issue could allow for local root escalation in certain PAM setups.
 
  openSUSE: 2019:2575-1: important: cups (Nov 27)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:2576-1: moderate: djvulibre (Nov 27)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:2574-1: moderate: djvulibre (Nov 27)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:2573-1: important: cups (Nov 27)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:2565-1: important: java-11-openjdk (Nov 25)
 

An update that fixes 18 vulnerabilities is now available.
  openSUSE: 2019:2558-1: moderate: apache2-mod_perl (Nov 24)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:2557-1: important: java-11-openjdk (Nov 24)
 

An update that fixes 18 vulnerabilities is now available.
  openSUSE: 2019:2549-1: moderate: apache2-mod_perl (Nov 23)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2019:2556-1: moderate: haproxy (Nov 23)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:2550-1: moderate: ncurses (Nov 23)
 

An update that solves two vulnerabilities and has one errata is now available.
  openSUSE: 2019:2555-1: moderate: haproxy (Nov 23)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2019:2551-1: moderate: ncurses (Nov 23)
 

An update that solves two vulnerabilities and has one errata is now available.
  openSUSE: 2019:2544-1: important: chromium (Nov 22)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:2545-1: important: chromium (Nov 22)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:2541-1: important: squid (Nov 21)
 

An update that fixes 12 vulnerabilities is now available.
  openSUSE: 2019:2538-1: important: chromium (Nov 21)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:2539-1: important: chromium (Nov 21)
 

An update that fixes two vulnerabilities is now available.
  openSUSE: 2019:2540-1: important: squid (Nov 21)
 

An update that fixes 12 vulnerabilities is now available.
  openSUSE: 2019:2537-1: important: chromium (Nov 21)
 

An update that fixes two vulnerabilities is now available.