Security updates for Monday

ris

from LWN.net on 2016-01-25 18:51 (#11TDP)

Arch Linux has updated ecryptfs-utils (privilege escalation), linux-lts (privilege escalation), privoxy (two denial of service flaws), python-rsa (signature forgery), and python2-rsa (signature forgery).

CentOS has updated ntp (C7; C6: missing check for zero originate timestamp).

Debian has updated claws-mail (code execution).

Debian-LTS has updated foomatic-filters (buffer overflows), imlib2 (denial of service), pound (multiple vulnerabilities, one from 2009), and privoxy (two denial of service flaws).

Fedora has updated bind (F23: twodenial of service flaws), bind99 (F23:denial of service), chrony (F23: packetmodification), dhcp (F22: denial ofservice), java-1.8.0-openjdk (F23:unspecified), mod_nss (F22: enablesinsecure ciphersuites), owncloud (F23; F22:multiple vulnerabilities), python-rsa (F22:signature forgery), and qemu (F23: multiple vulnerabilities).

Mageia has updated virtualbox (unspecified vulnerabilities).

openSUSE has updated bind (13.1:denial of service), cgit (13.1: threevulnerabilities), giflib (13.1: heap-basedbuffer overflow), jasper (13.2; 13.1: denial of service), libvirt (Leap42.1, 13.2; 13.1: path traversal), openldap2 (13.2: two vulnerabilities), roundcubemail (Leap42.1; 13.2; 13.1: code execution), and tiff (13.2; 13.1: denial of service).

Oracle has updated ntp (OL7: missing check for zero originate timestamp).

Red Hat has updated ntp (RHEL6,7:missing check for zero originate timestamp).

Scientific Linux has updated ntp(SL6,7: missing check for zero originate timestamp).

SUSE has updated bind(SLES10-SP4: four denial of service vulnerabilities), openldap2 (SLE12-SP1: two vulnerabilities),and kernel (SLE12: privilege escalation).

Source	RSS or Atom Feed
Feed Location	http://lwn.net/headlines/rss
Feed Title	LWN.net
Feed Link	https://lwn.net/