Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
| |
(Jun 24) |
| |
Security Report Summary
|
| |
(Jun 23) |
| |
Security Report Summary
|
| |
(Jun 20) |
| |
Security Report Summary
|
| |
(Jun 19) |
| |
Security Report Summary
|
| |
(Jun 18) |
| |
Security Report Summary
|
| |
(Jun 18) |
| |
Security Report Summary
|
|
|
| |
(Jun 24) |
| |
Heap overflow in QEMU PCNET controller, allowing guest->host escape[XSA-135, CVE-2015-3209] (#1230537)GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163]vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164]Potential unintended writes to host MSI message data field via qemu[XSA-128, CVE-2015-4103],PCI MSI mask bits inadvertently exposed to guests [XSA-129,CVE-2015-4104],Guest triggerable qemu MSI-X pass-through error messages [XSA-130,CVE-2015-4105],Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]
|
| |
(Jun 24) |
| |
Heap overflow in QEMU PCNET controller, allowing guest->host escape[XSA-135, CVE-2015-3209].GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163].vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].
|
| |
(Jun 24) |
| |
CVE-2015-0848 heap overflow when decoding BMP imagesCVE-2015-0848 heap overflow when decoding BMP images
|
| |
(Jun 24) |
| |
stubs-32.h is back, so revert to previous behaviour.Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209].GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163].vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164].
|
| |
(Jun 24) |
| |
- implement public key pinning for NSS backend (#1195771)- fix lingering HTTP credentials in connection re-use (CVE-2015-3236)- prevent SMB from sending off unrelated memory contents (CVE-2015-3237)- curl-config --libs now works on x86_64 without libcurl-devel.x86_64 (#1228363)
|
| |
(Jun 24) |
| |
Multiple moderate and low impact security issues fixed.
|
| |
(Jun 20) |
| |
This update fixed 2 security flaws.
|
| |
(Jun 20) |
| |
Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
|
| |
(Jun 20) |
| |
Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
|
| |
(Jun 20) |
| |
Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
|
| |
(Jun 20) |
| |
Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:- Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories- Stop reading hs_error.log from /tmp- Don not save the system logs by default- Don not save dmesg if kernel.dmesg_restrict=1libreport:- Harden the code against directory traversal, symbolic and hard link attacks- Fix a bug causing that the first value of AlwaysExcludedElements was ignored- Fix missing icon for the "Stop" button icon name- Improve development documentation- Translations updatesgnome-abrt:- Enabled the Details also for the System problems- Do not crash in the testing of availabitlity of XServer- Fix 'Open problem's data directory'- Quit Application on Ctrl+Q- Translation updatessatyr:- New kernel taint flags- More secure core stacktraces from core hook
|
| |
(Jun 20) |
| |
Update to latest upstream stable release, Linux v4.0.5. Wide variety of fixes across the tree.
|
| |
(Jun 20) |
| |
Security fix for CVE-2015-2694Security fix for CVE-2014-5353(this was fixed in an older build but the announcement was lost)
|
| |
(Jun 20) |
| |
- Release 3.11 is a security fix release- Upstream changelog is at https://www.drupal.org/node/2480259
|
| |
(Jun 20) |
| |
- Release 3.11 is a security fix release- Upstream changelog is at https://www.drupal.org/node/2480259
|
| |
(Jun 20) |
| |
New upstream bug-fix release.
|
| |
(Jun 20) |
| |
- Release 3.11 is a security fix release- Upstream changelog is at https://www.drupal.org/node/2480259
|
| |
(Jun 20) |
| |
Multiple moderate and low impact security issues fixed.
|
| |
(Jun 20) |
| |
update to 9.4.4 minor release
|
| |
(Jun 20) |
| |
* User interface freezes when entering space character in Xfig (bz #1151253)* CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894)* Backport {Haswell,Broadwell}-noTSX cpu models (bz #1213053)
|
| |
(Jun 20) |
| |
Removed qpid-send and qpid-receive from qpid-cpp-client-devel.Include the qpid.tests module in python-qpidBumped the release to force a build against Proton 0.9 in F22.Added qpidtoollibs to the qpid-tools package.Fixed path to qpid-ha in the systemd service descriptor.Resolves: BZ#1186308Apply patch 10.Resolves: BZ#1184488Resolves: BZ#1181721
|
| |
(Jun 20) |
| |
Update to latest upstream stable release, Linux v4.0.5. Wide variety of fixes across the tree.
|
| |
(Jun 18) |
| |
- Update to 1.3.11This release is mainly fixing a number of outstanding issues and security fixes. Minor features have been added to enhance functionality and usability.Release notes: https://www.trustedfirmware.org/projects/mbed-tls/
|
| |
(Jun 18) |
| |
update to 1.4.20
|
| |
(Jun 18) |
| |
Inject pyOpenSSL. https://urllib3.readthedocs.io/en/latest/advanced-usage.html https://urllib3.readthedocs.io/en/latest/advanced-usage.html
|
| |
(Jun 18) |
| |
Inject pyOpenSSL. https://urllib3.readthedocs.io/en/latest/advanced-usage.html https://urllib3.readthedocs.io/en/latest/advanced-usage.html
|
| |
(Jun 18) |
| |
- Update to 1.3.11This release is mainly fixing a number of outstanding issues and security fixes. Minor features have been added to enhance functionality and usability.Release notes: https://www.trustedfirmware.org/projects/mbed-tls/
|
|
|
| |
(Jun 22) |
| |
Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution.
|
| |
(Jun 22) |
| |
Multiple vulnerabilities have been fixed in GnuTLS, the worst of which can cause Denial of Service
|
| |
(Jun 22) |
| |
Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure.
|
| |
(Jun 21) |
| |
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
|
|
|
| |
Red Hat: 2015:1189-01: kvm: Important Advisory (Jun 25) |
| |
Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1190-01: kernel: Important Advisory (Jun 25) |
| |
Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1184-01: flash-plugin: Critical Advisory (Jun 25) |
| |
An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1185-01: nss: Moderate Advisory (Jun 25) |
| |
Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. [More...]
|
| |
Red Hat: 2015:1188-01: chromium-browser: Important Advisory (Jun 25) |
| |
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1186-01: php55-php: Important Advisory (Jun 25) |
| |
Updated php55-php packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1187-01: rh-php56-php: Important Advisory (Jun 25) |
| |
Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1154-01: libreswan: Moderate Advisory (Jun 23) |
| |
Updated libreswan packages that fix one security issue, several bugs and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1139-01: kernel-rt: Important Advisory (Jun 23) |
| |
Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]
|
| |
Red Hat: 2015:1153-01: mailman: Moderate Advisory (Jun 23) |
| |
Updated mailman packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1137-01: kernel: Important Advisory (Jun 23) |
| |
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1138-01: kernel-rt: Important Advisory (Jun 23) |
| |
Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. [More...]
|
| |
Red Hat: 2015:1135-01: php: Important Advisory (Jun 23) |
| |
Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
|
| |
Ubuntu: 2653-1: Python vulnerabilities (Jun 25) |
| |
Several security issues were fixed in Python.
|
| |
Ubuntu: 2654-1: Tomcat vulnerabilities (Jun 25) |
| |
Several security issues were fixed in Tomcat.
|
| |
Ubuntu: 2655-1: Tomcat vulnerabilities (Jun 25) |
| |
Several security issues were fixed in Tomcat.
|
| |
Ubuntu: 2644-2: Linux kernel (Utopic HWE) regression (Jun 22) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu: 2646-2: Linux kernel regression (Jun 22) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu: 2640-2: Linux kernel regression (Jun 22) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu: 2641-2: Linux kernel (OMAP4) regression (Jun 22) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu: 2642-2: Linux kernel (Trusty HWE) regression (Jun 22) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu: 2643-2: Linux kernel regression (Jun 22) |
| |
The system could be made to crash under certain conditions.
|
