Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  Debian: DSA-3967-1: mbedtls security update (Sep 8)
 

An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended
  Fedora 26: mingw-libidn2 Security Update (Sep 8)
 

Libidn2 2.0.4 (released 2017-08-30) integer overflow in bidi.c/_isBidi() * Fix integer overflow in puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free() * Update fuzzer corpora
  Fedora 25: thunderbird Security Update (Sep 7)
 

Update to latest upstream version
  openSUSE: 2017:2394-1: important: xen (Sep 8)
 

An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is now available. now available.
  openSUSE: 2017:2398-1: important: xen (Sep 8)
 

An update that solves 7 vulnerabilities and has four fixes An update that solves 7 vulnerabilities and has four fixes An update that solves 7 vulnerabilities and has four fixes is now available. is now available.
  openSUSE: 2017:2393-1: important: gdk-pixbuf (Sep 8)
 

An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata An update that solves 5 vulnerabilities and has one errata is now available. is now available.
  openSUSE: 2017:2391-1: important: postgresql96 (Sep 8)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
  openSUSE: 2017:2392-1: important: postgresql94 (Sep 8)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
  SuSE: 2017:2390-1: important: evince (Sep 8)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2389-1: important: the Linux Kernel (Sep 8)
 

An update that solves 21 vulnerabilities and has 92 fixes An update that solves 21 vulnerabilities and has 92 fixes An update that solves 21 vulnerabilities and has 92 fixes is now available. is now available.
  openSUSE: 2017:2384-1: important: the Linux Kernel (Sep 7)
 

An update that solves two vulnerabilities and has 58 fixes An update that solves two vulnerabilities and has 58 fixes An update that solves two vulnerabilities and has 58 fixes is now available. is now available.
  Ubuntu 3415-2: tcpdump vulnerabilities (Sep 13)
 

Several security issues were fixed in tcpdump
  Ubuntu 3415-1: tcpdump vulnerabilities (Sep 13)
 

Several security issues were fixed in tcpdump.
  Ubuntu 3413-1: BlueZ vulnerability (Sep 12)
 

BlueZ could be made to expose sensitive information over bluetooth.
  Ubuntu 3412-1: file vulnerability (Sep 7)
 

The file utility could be made to crash if it opened a specially crafted file.