Security advisories for Monday

by
ris
from LWN.net on (#27DAV)

Arch Linux has updated curl (two vulnerabilities) and libwmf (multiple vulnerabilities).

Debian has updated libgd2 (denialof service) and libphp-phpmailer (code execution).

Debian-LTS has updated hdf5(multiple vulnerabilities), hplip(man-in-the-middle attack from 2015), kernel (multiple vulnerabilities), libphp-phpmailer (code execution), pgpdump (denial of service), postgresql-common (file overwrites), python-crypto (denial of service), and shutter (code execution from 2015).

Fedora has updated curl (F24:buffer overflow), cxf (F25: twovulnerabilities), game-music-emu (F24:multiple vulnerabilities), libbsd (F25; F24:denial of service), libpng (F25: NULLdereference bug), mingw-openjpeg2 (F25; F24:multiple vulnerabilities), openjpeg2 (F24:two vulnerabilities), php-zendframework-zend-mail (F25; F24:parameter injection), springframework (F25:directory traversal), tor (F25; F24: denial of service), xen (F24: three vulnerabilities), andzookeeper (F25; F24: buffer overflow).

Gentoo has updated bash (codeexecution), busybox (denial of service), chicken (multiple vulnerabilities going backto 2013), cyassl (multiple vulnerabilitiesfrom 2014), e2fsprogs (code execution from2015), hdf5 (multiple vulnerabilities), icinga (privilege escalation), libarchive (multiple vulnerabilities, somefrom 2015), libjpeg-turbo (code execution),libotr (code execution), lzo (code execution from 2014), mariadb (multiple unspecifiedvulnerabilities), memcached (codeexecution), musl (code execution), mutt (denial of service from 2014), openfire (multiple vulnerabilities from 2015),openvswitch (code execution), pillow (multiple vulnerabilities, two from2014), w3m (multiple vulnerabilities), xdg-utils (command execution from 2014), andxen (multiple vulnerabilities).

Mageia has updated mcabber (roster push attack) and tracker (denial of service).

openSUSE has updated firefox(13.1: multiple vulnerabilities), gd (42.2,42.1: stack overflow), GNU Health (42.2:two vulnerabilities), roundcubemail (13.1:cross-site scripting), kernel (42.1:information leak), thunderbird (42.2,42.1, 13.2; SPH for SLE12:multiple vulnerabilities), and xen (42.2; 42.1; 13.2: multiple vulnerabilities).

Red Hat has updated ipa (RHEL7:two vulnerabilities) and rh-nodejs4-nodejs andrh-nodejs4-http-parser (RHSCL: multiple vulnerabilities).

Slackware has updated libpng (NULL dereference bug), thunderbird (code execution), and seamonkey (multiple vulnerabilities).

SUSE has updated gstreamer-plugins-good (SLE12-SP2: multiplevulnerabilities) and kernel (SLERTE12-SP1: multiple vulnerabilities).

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments