Arch Linux ASA-201704-6
CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433
CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437
CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441
CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445
CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449
CVE-2017-5451 CVE-2017-5453 CVE-2017-5454 CVE-2017-5455
CVE-2017-5456 CVE-2017-5458 CVE-2017-5459 CVE-2017-5460
CVE-2017-5461 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466
CVE-2017-5467 CVE-2017-5468 CVE-2017-5469
Firefox versions before 53.0-1 vulnerable to multiple issues including arbitrary code execution, cross-site scripting, access restriction bypass, file system access, denial service, information disclosure, and content spoofing.
pacman -Syu firefox>=53.0-1
Ubuntu has released a similar advisory.
Arch Linux Security Advisory ASA-201704-4
CVE ID: CVE-2017-5461
The package nss (Network Security Services) before version 3.30.1-1 is vulnerable to arbitrary code
Date: April 17, 2017
CVE ID: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138
Several security issues have been fixed on the bind9 Internet Domain Name Server package on affected Ubuntu versions.
Link:Ubuntu Bind Security Notice
Pegasus Spyware Found on Android Devices
A variant of the pegasus spyware is being found on some Android devices.
Link:Pegasus Spyware on Android
WordPress 4.7.4 Update
Released April 20th 2017
Link:WordPress Change Log
Arch Linux put a security advisory on March 14 for multiple vulnerabilities found in jasper. The vulnerabilities have been patched. You can update your Arch machine by running;
pacman -Syu “jasper>=2.0.12-1”
Arch Linux: ASA-201703-9
Ubuntu announces end of life for Precise Pangolin which will be on April 28, 2017. But if you wanted to keep getting security and essential package updates for your Pangolin machines that just can’t be upgraded you can join the Ubuntu Advantage program.
Ubuntu:12.04 End of Life and Ubuntu Advantage
Multiple vulnerabilities have been found in the Ubuntu 16.04 LTS Linux 4.4 kernel. The recent update to 16.04.2 uses the 16.10 (Yakkety) Linux 4.8 kernel. So if you made the jump to 16.04.2 then check this out:
Ubuntu 16.10 Security issue
CVE-2016-9588 Discovered by Jim Mattson and Dmitry Vyukov, a flaw in the kernel’s implementation of KVM.
UbuntuFree:New Ubuntu Vulnerabilities
EFF Reports VA Supreme Court Should Protect Drivers from License Plate Surveillance
You can vote for Supertux Racer now at Steam Greenlight below.
Arch Linux’s February ISO is to be the last release with i686 support, and will only receive updates for the next nine months. According to Archlinux.org it is due to a decreasing lack of popularity among devs and the community. The people at Arch are encouraging anyone still interested to “keep it alive” with some guidance from the Arch team.
Arch:Phasing out i686
Over at Vusec they document a side-channel attack, which can detect which locations in the page table are accessed by the memory management unit. The attack takes advantage of the cache hierarchy of modern processors being shared by untrusted applications. More details in the link below.
OpenSSL 1.1.0 updates to 1.1.0e.
Ubuntu releases 16.04.2 LTS.