Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
| |
(Jul 2) |
| |
Security Report Summary
|
| |
(Jun 30) |
| |
Security Report Summary
|
| |
(Jun 29) |
| |
Security Report Summary
|
| |
(Jun 29) |
| |
Security Report Summary
|
|
|
| |
(Jul 2) |
| |
- Release 7.38 is a security fix release- Upstream release notes: https://www.drupal.org/drupal-7.38-release-notes
|
| |
(Jul 2) |
| |
- Release 7.38 is a security fix release- Upstream release notes: https://www.drupal.org/drupal-7.38-release-notes
|
| |
(Jul 2) |
| |
- Release 6.36 is a security fix release- Upstream release notes: https://www.drupal.org/drupal-6.36-release-notes
|
| |
(Jul 2) |
| |
- Release 6.36 is a security fix release- Upstream release notes: https://www.drupal.org/drupal-6.36-release-notes
|
| |
(Jun 30) |
| |
Fixes for:CVE-2015-3226Escape HTML entities in JSON keysCVE-2015-3227XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack.
|
| |
(Jun 30) |
| |
Fixes for:CVE-2015-3226Escape HTML entities in JSON keysCVE-2015-3227XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack.
|
| |
(Jun 30) |
| |
Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:=====* Move the default dump location from /var/tmp/abrt to /var/spool/abrt* Use root for owner of all dump directories* Stop reading hs_error.log from /tmp* Don not save the system logs by default* Don not save dmesg if kernel.dmesg_restrict=1libreport:==========* Harden the code against directory traversal, symbolic and hard link attacks* Fix a bug causing that the first value of AlwaysExcludedElements was ignored* Fix missing icon for the "Stop" button icon name* Improve development documentation* Translations updatesgnome-abrt:===========* Use DBus to get problem data for detail dialog* Fix an error introduced with the details on System page* Enabled the Details also for the System problems
|
| |
(Jun 30) |
| |
Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:=====* Move the default dump location from /var/tmp/abrt to /var/spool/abrt* Use root for owner of all dump directories* Stop reading hs_error.log from /tmp* Don not save the system logs by default* Don not save dmesg if kernel.dmesg_restrict=1libreport:==========* Harden the code against directory traversal, symbolic and hard link attacks* Fix a bug causing that the first value of AlwaysExcludedElements was ignored* Fix missing icon for the "Stop" button icon name* Improve development documentation* Translations updatesgnome-abrt:===========* Use DBus to get problem data for detail dialog* Fix an error introduced with the details on System page* Enabled the Details also for the System problems
|
| |
(Jun 30) |
| |
Update fixing a minor security issue CVE-2015-3238.
|
| |
(Jun 30) |
| |
Security fixes for:* CVE-2015-3315* CVE-2015-3142* CVE-2015-1869* CVE-2015-1870* CVE-2015-3151* CVE-2015-3150* CVE-2015-3159abrt:=====* Move the default dump location from /var/tmp/abrt to /var/spool/abrt* Use root for owner of all dump directories* Stop reading hs_error.log from /tmp* Don not save the system logs by default* Don not save dmesg if kernel.dmesg_restrict=1libreport:==========* Harden the code against directory traversal, symbolic and hard link attacks* Fix a bug causing that the first value of AlwaysExcludedElements was ignored* Fix missing icon for the "Stop" button icon name* Improve development documentation* Translations updatesgnome-abrt:===========* Use DBus to get problem data for detail dialog* Fix an error introduced with the details on System page* Enabled the Details also for the System problems
|
| |
(Jun 30) |
| |
* New upstream version (3.0.1.2): - cups-x2go{,.conf}: port to File::Temp. Use Text::ParseWords to split up the ps2pdf command line correctly. Don't use system() but IPC::Open2::open2(). Capture the ps2pdf program's stdout and write it to the temporary file handle "manually". Should fix problems reported by Jan Bi on IRC. - cups-x2go: fix commented out second ps2pdf definition to output PDF data to stdout. * New upstream version (3.0.1.3): - cups-x2go: import tempfile() function from File::Temp module. - cups-x2go: only repeat the last X, not the whole ".pdfX" string (or the like.) - cups-x2go: actually print "real" executed command instead of the "original" one with placeholders. - cups-x2go: read output from ghostscript, don't write a filehandle to the temporary file. Fixes a hanging ghostscript call and... well... random junk, instead of a "real" PDF file. - cups-x2go: use parentheses around function arguments. - cups-x2go: fix binmode() call, :raw layer is implicit. - cups-x2go: fix print call... Does not allow to separate parameters with a comma. - cups-x2go: add correct :raw layer to binmode calls. - cups-x2go: fix tiny typo. - cups-x2go: read data from GS and STDIN in chunks of 8 kbytes, instead of everything at once. Handles large print jobs gracefully. - cups-x2go: add parentheses to close() calls. - cups-x2go: delete PDF and title temporary files automatically. - cups-x2go: unlink PS temporary file on-demand in END block. Also move closelog to END block, because we want to print diagnosis messages in the END block. - cups-x2go: don't use unlink() explicitly. Trust File::Temp and our END block to clean up correctly. - cups-x2go: there is no continue in perl for stepping forward a loop. Still not. I keep forgetting that. Use next. (Partly) Fixes: #887. - cups-x2go: use the same temp file template for PS, PDF and title files. Use appropriate suffixes if necessary when generating PDF and title temp files. (Fully) Fixes: #887.Update to 3.0.1.1:- Add a short README that provides some getting started information.Update to 3.0.1.1:- Add a short README that provides some getting started information.
|
| |
(Jun 30) |
| |
The 4.0.6 stable update contains a number of important fixes across the tree.
|
| |
(Jun 30) |
| |
Update to 0.163. Hardening fixes. Updated eu-addr2line utility. Various bug fixes. Updated translations.Update to 0.162. Hardening fixes. Updated eu-addr2line utility. Various bug fixes.
|
| |
(Jun 29) |
| |
Apply patch to work around out of bounds bug: BZ 1231871.
|
| |
(Jun 29) |
| |
Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
|
| |
(Jun 29) |
| |
Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
|
| |
(Jun 29) |
| |
Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
|
| |
(Jun 29) |
| |
Bump to openvas8 because of the issues found in previous versions.This should be the first version with scanner really working on Fedora.
|
| |
(Jun 29) |
| |
update to 9.3.9 minor releaseupdate to 9.3.8 per release notesupdate to 9.3.7 per release notes
|
| |
(Jun 29) |
| |
Security fix for CVE-2015-1840
|
| |
(Jun 29) |
| |
Latest upstream with security fix for https://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a
|
| |
(Jun 29) |
| |
**1.1.20** - 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-(HTML4) standard 'allowfullscreen' attribute of 'iframe.'
|
| |
(Jun 29) |
| |
Apply patch to work around out of bounds bug: BZ 1231871.
|
| |
(Jun 29) |
| |
Latest upstream with security fix for https://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a
|
| |
(Jun 29) |
| |
**1.1.20** - 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-(HTML4) standard 'allowfullscreen' attribute of 'iframe.'
|
| |
(Jun 29) |
| |
Security fix for CVE-2015-1840
|
| |
(Jun 29) |
| |
Security fix for CVE-2015-3224. Please note that since the security fix was not really backportable, I opted in for rebase.
|
| |
(Jun 27) |
| |
The 4.0.6 stable update contains a number of important fixes across the tree.
|
|
|
| |
Red Hat: 2015:1207-01: firefox: Critical Advisory (Jul 3) |
| |
Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1199-01: kernel: Important Advisory (Jun 30) |
| |
Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1196-01: rh-postgresql94-postgresql: Moderate Advisory (Jun 29) |
| |
Updated rh-postgresql94-postgresql packages that fix three security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1195-01: postgresql92-postgresql: Moderate Advisory (Jun 29) |
| |
Updated postgresql92-postgresql packages that fix three security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1194-01: postgresql: Moderate Advisory (Jun 29) |
| |
Updated postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate [More...]
|
| |
Red Hat: 2015:1193-01: xerces-c: Moderate Advisory (Jun 29) |
| |
An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1189-01: kvm: Important Advisory (Jun 25) |
| |
Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1190-01: kernel: Important Advisory (Jun 25) |
| |
Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1184-01: flash-plugin: Critical Advisory (Jun 25) |
| |
An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1185-01: nss: Moderate Advisory (Jun 25) |
| |
Updated nss and nss-util packages that fix one security issue, several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6 and 7. [More...]
|
| |
Red Hat: 2015:1188-01: chromium-browser: Important Advisory (Jun 25) |
| |
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1186-01: php55-php: Important Advisory (Jun 25) |
| |
Updated php55-php packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1187-01: rh-php56-php: Important Advisory (Jun 25) |
| |
Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security [More...]
|
|
|
| |
Ubuntu: 2652-1: Oxide vulnerabilities (Jun 30) |
| |
Several security issues were fixed in Oxide.
|
| |
Ubuntu: 2657-1: unattended-upgrades vulnerability (Jun 29) |
| |
An attacker could trick unattended-upgrades into installing alteredpackages.
|
| |
Ubuntu: 2653-1: Python vulnerabilities (Jun 25) |
| |
Several security issues were fixed in Python.
|
| |
Ubuntu: 2654-1: Tomcat vulnerabilities (Jun 25) |
| |
Several security issues were fixed in Tomcat.
|
| |
Ubuntu: 2655-1: Tomcat vulnerabilities (Jun 25) |
| |
Several security issues were fixed in Tomcat.
|
