Security Fixes 11.02.130
Firefox
- Updated Firefox browser to version 60.8.0 ESR.
Fixes for mfsa2019-22, also known as:
- Fixes for mfsa2019-19, also known as: CVE-2019-11708.
- Fixes for mfsa2019-18, also known as: CVE-2019-11707.
Fixes for mfsa2019-08, also known as:
- Fixes for mfsa2019-05, also known as: CVE-2018-18356, CVE-2019-5785.
- Fixes for mfsa2019-02, also known as: CVE-2018-18500, CVE-2018-18505, and CVE-2018-18501.
- Added allowance for Firefox to access Yubikey (FIDO/U2F) if apparmor is active.
Base system
- Set default umask to 0077 for all non-root users.
- Remote users home is now /home/ruser.
- Fixed policykit-1 security issue CVE-2019-6133.
Fixed tiff security issues:
- Fixed lcms2 security issue CVE-2018-16435.
- Fixed libpng1.6 security issues CVE-2019-7317 and CVE-2018-13785.
- Fixed nss security issues CVE-2018-18508, CVE-2019-11729, and CVE-2019-11719.
Fixed procps security issues:
- Fixed evince security issues CVE-2019-11459 and CVE-2019-1010006.
- Fixed gdk-pixbuf security issue CVE-2017-12447.
- Fixed gst-plugins-base0.10 security issue CVE-2019-9928.
- Fixed bind9 security issues CVE-2019-6465, CVE-2018-5745 and CVE-2018-5743.
- Fixed libgd2 security issues CVE-2019-6978 and CVE-2019-6977.
- Fixed ghostscript security issues CVE-2019-3839, CVE-2019-3838 and CVE-2019-3835.
- Fixed ldb security issue CVE-2019-3824.
- Fixed file security issues CVE-2019-8907 and CVE-2019-8905.
Fixed poppler security issues:
- Fixed samba security issues CVE-2019-3880 and CVE-2018-16860.
- Fixed openssl security issue CVE-2019-1559.
- Fixed libxslt security issue CVE-2019-11068.
- Fixed openssh security issue CVE-2019-6111.
- Fixed wget security issue CVE-2019-5953.
Fixed wpa security issues:
- Fixed gtk+2.0 security issue CVE-2013-7447.
- Fixed heimdal security issues CVE-2019-12098 and CVE-2018-16860.
- Fixed webkit2gtk security issues CVE-2019-8615, CVE-2019-8607, and CVE-2019-8595.
Fixed gimp security issues:
- Fixed libtomcrypt security issue CVE-2018-12437.
- Fixed unzip security issues CVE-2019-13232, CVE-2018-1000035, CVE-2016-9844, and CVE-2014-9913.
Fixed curl security issues:
- Fixed gnutls28 security issues CVE-2018-10846, CVE-2018-10845, CVE-2018-10844, and CVE-2018-1084.
- Fixed db5.3 security issue CVE-2019-8457.
- Fixed qtbase-opensource-src security issues CVE-2018-19873, CVE-2018-19870, and CVE-2018-15518.
Fixed libssh2 security issues:
- Fixed network-manager security issue CVE-2018-15688.
Fixed elfutils security issues:
Fixed libsndfile security issues:
- Fixed dbus security issue CVE-2019-12749.
- Fixed vim security issues CVE-2019-12735 and CVE-2017-5953.
- Fixed glib2.0 security issue CVE-2019-12450.
Fixed openssl (1.1.x) security issues:
Fixed sqlite3 security issues:
Fixed systemd security issues:
- Fixed libseccomp security issue CVE-2019-9893.
- Fixed bzip2 security issues CVE-2019-12900 and CVE-2016-3189.
Fixed imagemagick security issues:
- Fixed expat security issue CVE-2018-20843.
- Fixed glib2.0 security issue CVE-2019-13012.
- Fixed libvirt security issues CVE-2019-10167 and CVE-2019-10161.
- Fixed gvfs security issue CVE-2019-12795.
- Fixed libmspack security issue CVE-2019-1010305.
- Fixed bash security issue CVE-2019-9924.
- Fixed openldap security issues CVE-2019-13565 and CVE-2019-13057.
Updated libwebkit2gtk-4.0-37 to version 2.24.2.
Security fixes:- Fixed a vulnerability in the custom environment variable framework.
- Fixed possible malicious owner change within TC setup configuration.
- Fixed kernel TCP vulnerabilities CVE-2019-11477: SACK Panic, CVE-2019-11478: SACK Slowness, and CVE-2019-11479: Excess resource consumption due to low MSS values.
- Changed minimally allowed MSS size to 1000 to prevent possible Denial of Service attacks.
- Fixed a vulnerability in Java configuration script.