Linux Advisory Watch: December 20th, 2019

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.

It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.

It was discovered that python-ecdsa, a cryptographic signature library for Python, incorrectly handled certain signatures. A remote attacker could use this issue to cause python-ecdsa to either not warn about incorrect signatures, or generate exceptions resulting in a

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code.

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code.

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed

Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805

This update ships updated CPU microcode for CFL-S (Coffe Lake Desktop) models of Intel CPUs which were not yet included in the Intel microcode update released as DSA 4565-1. For details please refer to https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/IPU-2019.2-microcode-update-guidance-v1.01.pdf

A vulnerability was discovered in the SPIP publishing system, which could result in unauthorised writes to the database by authors. The oldstable distribution (stretch) is not affected.

Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For the oldstable distribution (stretch), these problems have been fixed

- Update to 1.2.8 Release notes:

- Update to 1.2.8 Release notes:

Security fix for CVE-2019-18397

bugfix release for CVE-2019-19118

Security fix for CVE-2019-5544

Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is: CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743

Update to version 0.9.3 to address CVE-2019-14889

Security fix for CVE-2019-18397

Security fix for CVE-2019-5544

The 5.3.16 update contains a number of important fixes across the tree

This is a security release fixing the following issues: * CVE-2019-1348: the fast-import stream command "feature export-marks=path" allows writing to arbitrary file paths. As libgit2 does not offer any interface for fast-import, it is not susceptible to this vulnerability. * CVE-2019-1349: by using NTFS 8.3 short names, backslashes or alternate filesystreams, it is possible to cause

- update to upstream version 4.3.0 - fixes CVE-2019-19331 - root.keys is moved to /var/lib/knot-resolver - knot-resolver no longer requires write permission to /etc/knot-resolver/

Device quarantine for alternate pci assignment methods [XSA-306]

- update to upstream version 4.3.0 - fixes CVE-2019-19331 - root.keys is moved to /var/lib/knot-resolver - knot-resolver no longer requires write permission to /etc/knot-resolver/

An update for the openshift-enterprise-builder container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update is now available for Red Hat Ceph Storage 3.3 that runs on Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for Red Hat Ceph Storage 3.3 that runs on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for fribidi is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for rh-maven35-apache-commons-beanutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for freetype is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for the container-tools:1.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for openshift-enterprise-cli-container, openshift-enterprise-hyperkube-container, openshift-enterprise-hypershift-container, openshift-enterprise-node-container, and ose-cli-artifacts-container is now

An update for ose-cluster-kube-controller-manager-operator-container and ose-cluster-kube-scheduler-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact

An update for ose-cluster-openshift-apiserver-operator-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

An update for openshift-external-storage is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for openshift is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container 2. Description: * Added a command to generate a new SECRET_KEY and rekey the database * Removed the guest user from the optionally-configured RabbitMQ admin

Red Hat Ansible Tower 3.5.4-1 - RHEL7 Container 2. Description: * Added a command to generate a new SECRET_KEY and rekey the database * Removed the guest user from the optionally-configured RabbitMQ admin

An update for openshift-enterprise-console-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openshift-external-storage is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

An update for openslp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

An update that fixes 7 vulnerabilities is now available.

An update that solves 24 vulnerabilities and has 58 fixes is now available.

An update that solves 24 vulnerabilities and has 58 fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes 8 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that solves two vulnerabilities and has one errata is now available.

An update that fixes 8 vulnerabilities is now available.

An update that solves 7 vulnerabilities and has two fixes is now available.

An update that fixes 8 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that solves one vulnerability and has three fixes is now available.

An update that fixes one vulnerability is now available.

An update that fixes 7 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 9 vulnerabilities is now available.

An update that fixes 10 vulnerabilities is now available.

An update that solves 9 vulnerabilities and has one errata is now available.

An update that solves 16 vulnerabilities and has 124 fixes is now available.

An update that fixes 6 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 15 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes one vulnerability is now available.

Django accounts could be hijacked through password reset requests.

Several security issues were fixed in OpenJDK.

Several security issues were fixed in GraphicsMagick.

While preparing a fix for CVE-2017-6314 an unknown symbol g_uint_checked_mul() was introduced.

Several issues in gdk-pixbuf, a library to handle pixbuf, have been found. CVE-2016-6352 fix for denial of service (out-of-bounds write and crash) via

It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework.

It was discovered that debian-edu-config, the package containing the configuration files and scripts for Debian Edu (Skolelinux), contained an insecure configuration for kadmin, the Kerberos administration server. The

An issue has been found in harfbuzz, an OpenType text shaping engine. Due to a buffer over-read, remote attackers are able to cause a denial of

Two issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec.

It was found that libssh, a tiny C SSH library, does not sufficiently sanitize path parameters provided to the server, allowing an attacker with only SCP file access to execute arbitrary commands on the server.

Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version

An issue has been found in libpgf, a library to handle Progressive Graphics File (PGF).

Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server.

A vulnerability has been found in php-horde, the Horde Application Framework, which may result in information disclosure via cross-site scripting.

The package git before version 2.24.1-1 is vulnerable to arbitrary code execution.

The package libgit2 before version 1:0.28.4-1 is vulnerable to arbitrary code execution.

The package shadow before version 4.8-1 is vulnerable to privilege escalation.

fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib /fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397) SL7 x86_64 fribidi-debuginfo-1.0.2-1.el7_7.1.i686.rpm fribidi-debuginfo-1.0.2-1.el7_7.1.x86_64.rpm fribidi-1.0.2-1.el7_7.1.i686.rpm fribidi-1.0.2-1.el7_7.1.x86_64.rpm fribidi-devel-1.0.2-1.el7_7.1.i686.rpm [More...]

Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) Bug Fix(es): * KEYS: prevent creating a different user's keyrings SL-6.10 * BUG: unable to handle kernel NULL pointer dereference at (null) * long I/O stalls with bnx2fc from not masking off scope bits of retry delay value SL6 x86_64 kernel-2.6.32-754.25.1.el6.x86_64.rpm kernel-debug-2.6.32-754.25.1.el6.x86_64. [More...]

freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure (CVE-2015-9381) * freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read (CVE-2015-9382) SL6 x86_64 freetype-2.3.11-19.el6_10.i686.rpm freetype-2.3.11-19.el6_10.x86_64.rpm freet [More...]

openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) SL7 x86_64 openslp-2.0.0-8.el7_7.i686.rpm openslp-2.0.0-8.el7_7.x86_64.rpm openslp-debuginfo-2.0.0-8.el7_7.i686.rpm openslp-debuginfo-2.0.0-8.el7_7.x86_64.rpm openslp-server-2.0.0-8.el7_7.x86_64.rpm openslp-devel-2.0.0-8.el7_7.i686.rpm opensl [More...]

An update that fixes 37 vulnerabilities is now available.

An update that fixes two vulnerabilities is now available.

An update that fixes 37 vulnerabilities is now available.

An update that fixes one vulnerability is now available.

An update that fixes 37 vulnerabilities is now available.

An update that fixes 17 vulnerabilities is now available.

An update that contains security fixes can now be installed.

Updated htmldoc packages fix security vulnerability: In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang (CVE-2019-19630).

Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition (CVE-2019-14889).

Updated freerdp packages fix security vulnerabilities: Multiple memory leaks in libfreerdp/codec/region.c (CVE-2019-17177). Memory leak in HuffmanTree_makeFromFrequencies (CVE-2019-17178).

Updated rsyslog packages fix security vulnerabilities: Heap overflow in the parser for AIX log messages (CVE-2019-17041). Heap overflow in the parser for Cisco log messages (CVE-2019-17042).

Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We,

pdated fence-agents package fixes security vulnerability: Denial of service via guest VM comments (CVE-2019-10153). References:

Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code (CVE-2019-10218).

The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to

The updated packages fix a security vulnerability: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login

The updated packages fix security vulnerabilities: A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. (CVE-2019-3885)

The updated packages fix security vulnerabilities: The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. (CVE-2019-1348)

A vulnerability was found in dnsmsq through version 2.90, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. (CVE-2019-14834)

libgit2 has been updated to version 0.28.4 to fix several security issues: * A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service.

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode (CVE-2019-3886).

Updated libcroco packages fix security vulnerabilities: Heap overflow (input: check end of input before reading a byte) (CVE-2017-7960).

This update provides an update to 5.4 series kernels, currently based on upstream 5.4.2, adding support for new hardware and features, and fixing atleast the following security issue: KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID

Updated ncurses packages fix security vulnerabilities: Heap-based buffer over-read in the _nc_find_entry function (CVE-2019-17594).

Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID (CVE-2019-11627).

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server

Version 3.0.7 fixes the following security vulnerability: CMS dissector crash (CVE-2019-19553). This update also brings the Mageia package from version 3.0.4 to 3.0.7.

Update to security-release 1.8.5, adresses: * OPENAFS-SA-2019-001: Skip server OUT args on error * OPENAFS-SA-2019-002: Zero all server RPC args * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref

Potential remote code execution during URN processing (CVE-2019-12526). Multiple improper validations in URI processing (CVE-2019-12523, CVE-2019-18676).

Heap based overflow in jas_icctxtdesc_input (CVE-2018-19540). Heap based overread in jas_image_depalettize (CVE-2018-19541). References:

NULL ptr dereference (crash) in the moodbar pipeline (CVE-2019-14332). References: - https://bugs.mageia.org/show_bug.cgi?id=25753 -

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed (CVE-2019-13640).

kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction (CVE-2019-14744). References: - https://bugs.mageia.org/show_bug.cgi?id=25403