A massive weekend security update pile

The pile of security updates has gotten deep enough that it makes sense toshove them out now. The biggest pile is seemingly Mandriva catching up onnumerous updates for its Mandriva Business Server (MBS) line of products.

Debian has updatedbatik (unauthorized file access),binutils (code execution),dulwich (code execution),libxfont (privilege escalation),php5 (fix regression from previous update),shibboleth-sp2 (denial of service), andxerces-c (denial of service).

Fedora has updatedkernel (F21: code execution),mongodb (F21: denial of service),python-requests (F21: cookie stealing),python-urllib3 (F21: cookie stealing),strongswan (F20, F21: denial of service), andwebkitgtk4 (F21: late certificate verification).

Mageia has updateddocuwiki (cross-site scripting),drupal (authentication bypass),krb5 (denial of service),python-requests (cookie stealing),setup (incorrect file protections), andwireshark (dissector issues).

Mandriva has updatedapache (MBS2: 11 CVEs),apache-mod_security (MBS2: restriction bypass),cifs-utils (MBS2: code execution),cups (MBS2: six CVEs),cups-filters (MBS2: nine CVEs),curl (MBS2: seven CVEs),dovecot (MBS2: denial of service),egroupware (MBS2: code execution),elfutils (MBS2: code execution),emacs (MBS2: symbolic link vulnerability),freetype2 (MBS2: 21 CVEs),gnupg (MBS1, MBS2: five CVEs),gnutls (MBS2: five CVEs),imagemagick (MBS2: five CVEs),jbigkit (MBS2: code execution),json-c (MBS2: denial of service),krb5 (MBS1-2: five CVEs),lcms2 (MBS2: denial of service),libcap-ng (MBS2: privilege escalation),libgd (MBS2: denial of service),libevent (MBS2: code execution),libjpeg (MBS2: code execution),libksba (MBS2: denial of service),liblzo (MBS2: code execution),libpng (MBS2: memory overwrite),libpng12 (MBS2: three 2013 CVEs),libsndfile (MBS2: code execution),libssh (MBS2: information disclosure and denial of service),libssh2 (MBS1, MBS2: MITM vulnerability), libtasn1 (MBS2: denial of service),libtiff (MBS2: six CVEs),libvirt (MBS1, MBS2: denial of service andinformation leak),libvncserver (MBS2: six CVEs),libxfont (MBS2: six CVEs),libxml2 (MBS2: denial of service),lua (MBS2: code execution),mariadb (MBS2: uncountable unexplained CVEs),mpfr (MBS2: code execution),mutt (MBS2: denial of service),net-snmp (MBS2: denial of service),nginx (MBS2: code execution),nodejs (MBS2: multiple unspecified vulnerabilities), not-yet-commons-ssl (MBS2: MITM vulnerability), ntp (MBS2: six CVEs),openldap (MBS1, MBS2: denial of service),openssh (MBS2: restriction and authentication bypass),openvpn (MBS2: denial of service),patch (MBS2: file overwrite),pcre (MBS2: denial of service),perl (MBS2: denial of service),php (MBS1, MBS2: lots of vulnerabilities),postgresql (MBS2: twelve CVEs),ppp (MBS2: privilege escalation),pulseaudio (MBS2: denial of service),python-django (MBS2: five CVEs),python-pillow (MBS2: five CVEs),python-requests (MBS2: cookie stealing),php-ZendFramework (MBS2: eight CVEs),python (MBS2: seven CVEs),python3 (MBS2: five CVEs),python-lxml (MBS2: code injection),python-numpy (MBS2: temporary file vulnerability),readline (MBS2: symbolic link vulnerability),rsync (MBS2: denial of service),rsyslog (MBS2: denial of service),ruby (MBS2: denial of service),samba (MBS1, MBS2: code execution and more),samba4 (MBS2: code execution),sendmail (MBS2: file descriptor access),serf (MBS2: MITM vulnerability),squid (MBS2: five CVEs),stunnel (MBS2: private key disclosure),subversion (MBS2: five CVEs),sudo (MBS2: file disclosure),tcpdump (MBS2: seven CVEs),tomcat (MBS2: eight CVEs),torque (MBS2: kill arbitrary processes),udisks2 (MBS2: code execution),unzip (MBS2: code execution),util-linux (MBS2: command injection),wpa_supplicant (MBS2: command execution),wget (MBS2: symbolic link vulnerability),x11-server (MBS2: thirteen CVEs), andxlockmore (MBS2: lock bypass).

openSUSE has updatedmercurial (command injection).

SUSE has updatedfirefox (SLES10-11: code execution) andmysql (SLES11: 33 vulnerabilities).