Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

- Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited.

- When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly.

  Debian: DSA-3936-1: postgresql-9.6 security update (Aug 10)
 

Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546
  Debian: DSA-3935-1: postgresql-9.4 security update (Aug 10)
 

Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7546
  Debian: DSA-3933-1: pjproject security update (Aug 10)
 

Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service. For the oldstable distribution (jessie), these problems have been fixed
  Debian: DSA-3934-1: git security update (Aug 10)
 

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules.
  Debian: DSA-3932-1: subversion security update (Aug 10)
 

Several problems were discovered in Subversion, a centralised version control system. CVE-2016-8734 (jessie only)
  Debian: DSA-3930-1: freeradius security update (Aug 10)
 

Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets. This would allow a remote attacker to cause a
  Debian: DSA-3929-1: libsoup2.4 security update (Aug 10)
 

Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the
  Debian: DSA-3928-1: firefox-esr security update (Aug 10)
 

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or
  Debian: DSA-3927-1: linux security update (Aug 7)
 

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
  Debian: DSA-3925-1: qemu security update (Aug 4)
 

Multiple vulnerabilities were found in qemu, a fast processor emulator: CVE-2017-9524
  Debian: DSA-3926-1: chromium-browser security update (Aug 4)
 

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087
  Fedora 25: cacti Security Update (Aug 9)
 

- Update to 1.1.16 - CVE-2017-12065 CVE-2017-12066 Release notes: ---- - Update to 1.1.15 Release notes: ---- - Update to 1.1.14 Release notes:

  Fedora 25: community-mysql Security Update (Aug 9)
 

**Update to version 5.7.19** Replication tests in the testsuite enabled, they don't fail anymore **Resolves:** #1462688; /run #1406172; random failures of the testsuite #1417880, #1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894, #1417896; replication tests **CVE fixes:** #1472716 CVE-2017-3633,
  Fedora 26: pspp Security Update (Aug 9)
 

* FTBFS with GCC 7
  Fedora 26: community-mysql Security Update (Aug 9)
 

**Update to version 5.7.19** Replication tests in the testsuite enabled, they don't fail anymore **Resolves:** #1462688; /run #1406172; random failures of the testsuite #1417880, #1417883, #1417885, #1417887, #1417890, #1417891, #1417893, #1417894, #1417896; replication tests **CVE fixes:** #1472716 CVE-2017-3633,
  Fedora 25: supervisor Security Update (Aug 7)
 

Security fix for CVE-2017-11610
  Fedora 25: remmina Security Update (Aug 7)
 

Update to latest snapshot that contains fixes for the latest Talos discovered CVEs.
  Fedora 25: freerdp Security Update (Aug 7)
 

Update to latest snapshot that contains fixes for the latest Talos discovered CVEs.
  Fedora 25: subversion Security Update (Aug 7)
 

This update includes the latest stable release of _Apache Subversion_, version **1.9.6**. ### User-visible changes: #### Client-side bugfixes: * cp/mv: improve error message when target is an unversioned dir * merge: reduce memory usage with large amounts of mergeinfo ([issue 4667](https://issues.apache.org/jira/browse/SVN-4667)) #### Server-side
  Fedora 24: supervisor Security Update (Aug 7)
 

Security fix for CVE-2017-11610
  Fedora 24: webkitgtk4 Security Update (Aug 7)
 

This update addresses the following vulnerabilities: * [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7037),
  Fedora 26: cacti Security Update (Aug 7)
 

- Update to 1.1.16 - CVE-2017-12065 CVE-2017-12066 Release notes: ---- - Update to 1.1.15 Release notes: ---- - Update to 1.1.14 Release notes:

  Fedora 26: supervisor Security Update (Aug 7)
 

Security fix for CVE-2017-11610
  Fedora 26: wireshark Security Update (Aug 7)
 

Rebase to the newest upstream version in 2.2.X line containing only bug fixes.
  Fedora 25: qt5-qtwebkit Security Update (Aug 6)
 

Qt5WebKit update to the new, maintained "annulen branch". Drop-in replacement for the old unmaintained QtWebKit. ---- Update to annulen-branch of qt5-qtwebkit, which contains a lot of security fixes. Drop-in replacement for the old unmaintained qt5-qtwebkit
  Fedora 24: qt5-qtwebkit Security Update (Aug 6)
 

Qt5WebKit update to the new, maintained "annulen branch". Drop-in replacement for the old unmaintained QtWebKit.
  Fedora 26: qpdf Security Update (Aug 6)
 

Security fix for CVE-2017-11627, CVE-2017-11626, CVE-2017-11625, CVE-2017-11624, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210.
  Fedora 25: ruby Security Update (Aug 4)
 

Fix IV Reuse in GCM Mode.
  Fedora 24: qt5-qtwebengine Security Update (Aug 4)
 

This update adds security fixes for CVE-2017-5052 and CVE-2017-5054, backported to Chromium 49 / QtWebEngine 5.6 by the Qt developers.
  Fedora 24: ruby Security Update (Aug 4)
 

Fix IV Reuse in GCM Mode.
  Fedora 26: php-PHPMailer Security Update (Aug 4)
 

Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503.
  Fedora 25: rt Security Update (Aug 3)
 

Security fix for CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944
  Fedora 24: rt Security Update (Aug 3)
 

Security fix for CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944
  Fedora 24: evince Security Update (Aug 3)
 

- CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488)
  Fedora 26: rt Security Update (Aug 3)
 

Security fix for CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944
  openSUSE: 2017:2119-1: important: mariadb (Aug 9)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  SuSE: 2017:2114-1: important: Linux Kernel Live Patch 0 for SLE 12 SP3 (Aug 9)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2113-1: important: puppet (Aug 9)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  openSUSE: 2017:2111-1: important: libzypp, zypper (Aug 9)
 

An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes is now available. is now available.
  openSUSE: 2017:2112-1: important: the Linux Kernel (Aug 9)
 

An update that solves four vulnerabilities and has 61 fixes An update that solves four vulnerabilities and has 61 fixes An update that solves four vulnerabilities and has 61 fixes is now available. is now available.
  openSUSE: 2017:2110-1: important: the Linux Kernel (Aug 9)
 

An update that solves 5 vulnerabilities and has 61 fixes is An update that solves 5 vulnerabilities and has 61 fixes is An update that solves 5 vulnerabilities and has 61 fixes is now available. now available.
  SuSE: 2017:2109-1: important: tcmu-runner (Aug 9)
 

An update that contains security fixes can now be installed. An update that contains security fixes can now be installed. An update that contains security fixes can now be installed.
  SuSE: 2017:2103-1: important: Linux Kernel Live Patch 20 for SLE 12 (Aug 8)
 

An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is now available. errata is now available.
  SuSE: 2017:2099-1: important: Linux Kernel Live Patch 16 for SLE 12 (Aug 8)
 

An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
  SuSE: 2017:2102-1: important: Linux Kernel Live Patch 22 for SLE 12 (Aug 8)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
  SuSE: 2017:2098-1: important: Linux Kernel Live Patch 23 for SLE 12 (Aug 8)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
  SuSE: 2017:2095-1: important: Linux Kernel Live Patch 18 for SLE 12 (Aug 8)
 

An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
  SuSE: 2017:2089-1: important: Linux Kernel Live Patch 17 for SLE 12 SP1 (Aug 8)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
  SuSE: 2017:2090-1: important: Linux Kernel Live Patch 16 for SLE 12 SP1 (Aug 8)
 

An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
  SuSE: 2017:2094-1: important: Linux Kernel Live Patch 15 for SLE 12 SP1 (Aug 8)
 

An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is now available. errata is now available.
  SuSE: 2017:2096-1: important: Linux Kernel Live Patch 19 for SLE 12 (Aug 8)
 

An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now available. errata is now available.
  SuSE: 2017:2093-1: important: Linux Kernel Live Patch 17 for SLE 12 (Aug 8)
 

An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
  SuSE: 2017:2092-1: important: Linux Kernel Live Patch 13 for SLE 12 SP1 (Aug 8)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  SuSE: 2017:2091-1: important: Linux Kernel Live Patch 14 for SLE 12 SP1 (Aug 8)
 

An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
  SuSE: 2017:2088-1: important: Linux Kernel Live Patch 8 for SLE 12 SP1 (Aug 8)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  SuSE: 2017:2074-1: important: the Linux Kernel (Aug 7)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2072-1: important: Linux Kernel Live Patch 10 for SLE 12 SP1 (Aug 7)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  SuSE: 2017:2067-1: important: Linux Kernel Live Patch 1 for SLE 12 SP2 (Aug 7)
 

An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata is now available. is now available.
  SuSE: 2017:2069-1: important: Linux Kernel Live Patch 10 for SLE 12 SP2 (Aug 7)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2070-1: important: Linux Kernel Live Patch 6 for SLE 12 SP2 (Aug 7)
 

An update that solves 6 vulnerabilities and has one errata An update that solves 6 vulnerabilities and has one errata An update that solves 6 vulnerabilities and has one errata is now available. is now available.
  SuSE: 2017:2066-1: important: Linux Kernel Live Patch 9 for SLE 12 SP2 (Aug 7)
 

An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes is now available. is now available.
  SuSE: 2017:2065-1: important: Linux Kernel Live Patch 4 for SLE 12 SP2 (Aug 7)
 

An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata is now available. is now available.
  SuSE: 2017:2064-1: important: Linux Kernel Live Patch 7 for SLE 12 SP2 (Aug 7)
 

An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes is now available. is now available.
  SuSE: 2017:2062-1: important: Linux Kernel Live Patch 0 for SLE 12 SP2 (Aug 7)
 

An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata is now available. is now available.
  SuSE: 2017:2060-1: important: Linux Kernel Live Patch 7 for SLE 12 SP1 (Aug 7)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  SuSE: 2017:2049-1: important: Linux Kernel Live Patch 12 for SLE 12 SP1 (Aug 4)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  SuSE: 2017:2046-1: important: Linux Kernel Live Patch 8 for SLE 12 SP2 (Aug 4)
 

An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes is now available. is now available.
  SuSE: 2017:2043-1: important: Linux Kernel Live Patch 3 for SLE 12 SP2 (Aug 4)
 

An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata is now available. is now available.
  SuSE: 2017:2042-1: important: the Linux Kernel (Aug 4)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2041-1: important: the Linux Kernel (Aug 3)
 

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  SuSE: 2017:2040-1: important: libzypp, zypper (Aug 3)
 

An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes An update that solves three vulnerabilities and has 6 fixes is now available. is now available.
  SuSE: 2017:2034-1: important: mariadb (Aug 3)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  SuSE: 2017:2035-1: important: mariadb (Aug 3)
 

An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available. An update that fixes 5 vulnerabilities is now available.
  Ubuntu 3381-2: Linux kernel (Trusty HWE) vulnerabilities (Aug 7)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3381-1: Linux kernel vulnerabilities (Aug 7)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3379-1: Shotwell vulnerability (Aug 7)
 

Shotwell could be made to expose sensitive information over the network.
  Ubuntu 3339-2: OpenVPN vulnerability (Aug 7)
 

Several security issues were fixed in OpenVPN.
  Ubuntu 3212-4: LibTIFF vulnerabilities (Aug 7)
 

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
  Ubuntu 0027-1: Linux kernel vulnerability (Aug 3)
 

Several security issues were fixed in the kernel.
  Ubuntu 3378-2: Linux kernel (Xenial HWE) vulnerabilities (Aug 3)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3377-1: Linux kernel vulnerabilities (Aug 3)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3378-1: Linux kernel vulnerabilities (Aug 3)
 

Several security issues were fixed in the Linux kernel.
  Ubuntu 3377-2: Linux kernel (HWE) vulnerabilities (Aug 3)
 

Several security issues were fixed in the Linux kernel.