Security updates for Tuesday

by
ris
from LWN.net on (#YGC5)

Debian has updated foomatic-filters (command execution).

Fedora has updated bind (F22: twovulnerabilities), bind-dyndb-ldap (F22: twovulnerabilities), dnsperf (F22: twovulnerabilities), firefox (F22: multiplevulnerabilities), jenkins (F22: multiplevulnerabilities), and kernel (F22: multiplevulnerabilities).

Oracle has updated jakarta-commons-collections (OL5: code execution).

Red Hat has updated openstack-ironic-discoverd (RHELOSP6: commandexecution), openstack-nova (RHELOSP7; RHELOSP5: insecure VM instances), and RHELOSP7 director (RHEL7: two vulnerabilities).

Scientific Linux has updated abrt andlibreport (SL7: multiple vulnerabilities), autofs (SL7: privilege escalation), binutils (SL7: multiple vulnerabilities), chrony (SL7: multiple vulnerabilities), cpio (SL7: denial of service), cups-filters (SL7: code execution), curl (SL7: multiple vulnerabilities), file (SL7: multiple vulnerabilities), git (SL7: code execution), glibc (SL7: privilege escalation), glibc (SL7: multiple vulnerabilities), grep (SL7: heap buffer overrun), grub2 (SL7: Secure Boot circumvention), grub2 (SL7: code execution), jakarta-commons-collections (SL5: codeexecution), kernel (SL7: multiplevulnerabilities), kernel (SL7: twovulnerabilities), krb5 (SL7: twovulnerabilities), libpng (SL7: twovulnerabilities), libpng12 (SL7: multiplevulnerabilities), libssh2 (SL7: informationleak), libxml2 (SL7: multiplevulnerabilities), net-snmp (SL7: denial ofservice), netcf (SL7: denial of service),NetworkManager (SL7: two vulnerabilities),ntp (SL7: multiple vulnerabilities), openhpi (SL7: world writable /var/lib/openhpidirectory), openldap (SL7: unintendedcipher usage), openssh (SL7: multiplevulnerabilities), pacemaker (SL7: privilegeescalation), pcs (SL7: denial of service),python (SL7: multiple vulnerabilities), realmd (SL7: unsanitized input), rest (SL7: denial of service), rubygem-bundler, rubygem-thor (SL7: installsmalicious gem files), squid (SL7:certificate validation bypass), sssd (SL7:memory leak), tigervnc (SL7: twovulnerabilities), unbound (SL7: denial ofservice), wireshark (SL7: multiplevulnerabilities), and xfsprogs (SL7: information disclosure).

SUSE has updated bind (SLE12; SLE11SP2,3,4: denial of service),firefox (SLE12SP1; SLE11SP3,4; SLE11SP2: multiple vulnerabilities), rubygem-passenger (SLE12: environment variableinjection), strongswan (SLE12SP1:authentication bypass), and kernel(SLE11SP4: multiple vulnerabilities).

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments