LWN.net

CentOS has updated kernel (C5: denial of service) and subversion (C7; C6: multiple vulnerabilities).Debian has updated ruby1.8 (denial of service).openSUSE has updated krb5 (13.2:multiple vulnerabilities) and xen (13.2: multiple vulnerabilities).Oracle has updated subversion (OL7; OL6: multiple vulnerabilities).Red Hat has updated chromium-browser (RHEL6 Supplementary:multiple vulnerabilities), kernel (RHEL5: denial of service), and subversion (RHEL7; RHEL6: multiple vulnerabilities).Scientific Linux has updated kernel (SL5: denial of service), shim (SL7: multiple vulnerabilities), and subversion (SL6: two vulnerabilities).Ubuntu has updated krb5 (multiplevulnerabilities) and oxide-qt (14.10,14.04: multiple vulnerabilities).

Last week the Red Hat developer blog looked at some changes coming with GCC5.This week's articlecovers how those changes will be handled in Fedora. "One consequence of this decision will be that Fedora 22 and Fedora 23 will both have GCC 5, but they’ll be fundamentally different. The C++ library (libstdc++.so) will becompatible between F22 and F23 (in fact, it will be almost exactly the same,modulo some extra patches from upstream that might be pulled into the later F23 build). The difference will be all the other DSOs that link to it. That’s important for Fedora developers to note.Specifically, FESCo’s decision means the C++ standard library headers installed by thelibstdc++-devel RPM will have a different default value for the _GLIBCXX_USE_CXX11_ABI macro (0 in F22 and 1 in F23) but the libstdc++.so library will be largely the same in F22 and F23, because that library contains all the symbol definitions for both the old ABI and the new ABI, so that the same library works for both cases."

Debian has updated ruby1.9.1(multiple vulnerabilities) and unrtf (code execution).Mageia has updated clamav (heap overflow), moodle (information disclosure), and polarssl (code execution).Mandriva has updated cabextract (denial of service), clamav (heap overflow), glibc (code execution), otrs (privilege escalation), and zarafa (denial of service).openSUSE has updated curl (13.2,13.1: two vulnerabilities), grep (13.2:heap buffer overrun), llvm (13.1: insecuretemporary files), openvas-manager (13.2:sql injection), and rsync (13.2, 13.1: code execution).Ubuntu has updated binutils(multiple vulnerabilities) and ntp (two vulnerabilities).

Version8 of the ownCloud server is available. "This new release bringsimproved sharing and collaboration between clouds and introduces fasterways of getting at your files with favorites and improved search."See the feature page for details.

Debian has updated liblivemedia(code execution), libxml2(regression/incomplete fix in previous update), and ntp (incomplete fix in previous update).Debian-LTS has updated krb5(multiple vulnerabilities), libxml2(regression/incomplete fix in previous update), ntp (multiple vulnerabilities), sympa (information disclosure), unzip (two vulnerabilities), and wpasupplicant (command execution).Fedora has updated e2fsprogs(F21: code execution), jasper (F21;F20: two vulnerabilities), kernel (F20: two vulnerabilities),mantis (F21; F20: multiple vulnerabilities), maradns (F20: security hardening), postgresql (F21: multiple vulnerabilities), and websvn (F21; F20: information disclosure).Gentoo has updated adobe-flash(multiple vulnerabilities), antiword(denial of service), bind (denial ofservice), libav (multiple vulnerabilities),libevent (code execution), mediawiki (multiple vulnerabilities), nginx (information disclosure), and tcpdump (multiple vulnerabilities).Mageia has updated flash-player-plugin (multiple vulnerabilities).openSUSE has updated flash-player (13.2, 13.1; 11.4:multiple vulnerabilities), privoxy (13.2,13.1: multiple vulnerabilities), unzip(13.2, 13.1: code execution), virtualbox(13.2, 13.1: multiple vulnerabilities), and vorbis-tools (13.2, 13.1: denial of service).Red Hat has updated flash-plugin(RHEL5,6: multiple vulnerabilities).SUSE has updated flash-player(SLE12: multiple vulnerabilities) and flash-player, flash-player-gnome,flash-player-kde4 (SLE11 SP3: multiple vulnerabilities).