Krzysztof Sieluzycki discovered that the notifier for removable devicesin the KDE Plasma workspace performed insufficient sanitisation ofFAT/VFAT volume labels, which could result in the execution of arbitraryshell commands if a removable device with a malformed disk label ismounted.
More info:
https://www.debian.org/security/2018/dsa-4116
Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of: 2018/02/05 4:30 PM PST This is an update for this issue. An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux configuration on or after January 13th, 2018 will automatically include the updated package, which incorporates the latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upon
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Jonas Klempel reported that tomcat-native, a library giving Tomcataccess to the Apache Portable Runtime (APR) librarys network connection(socket) implementation and random-number generator, does not properlyhandle fields longer than 127 bytes when parsing the AIA-Extension fieldof a client certificate. If OCSP checks are used, this could result inclient certificates that should have been rejected to be accepted.
More info:
https://www.debian.org/security/2018/dsa-4118
This update doesnt fix a vulnerability in GCC itself, but insteadprovides support for building retpoline-enabled Linux kernel updates.
More info:
https://www.debian.org/security/2018/dsa-4117
