LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Wednesday security update pile

[Posted May 21, 2008 by corbet]

The Wednesday security update pile
[Security] Posted May 21, 2008 18:41 UTC (Wed) by corbet

CentOS has updated the kernel (multiple vulnerabilities) and libxslt (code execution).

Debian has updated peercast (remotely exploitable buffer overflow) and gnome-peercast (ditto, with an additional overflow from 2007).

Fedora has updated gnutls (F7, F8, F9: multiple vulnerabilities), django (F7, F8, F9: cross-site scripting), and dbmail (F9: authentication bypass).

Gentoo has updated perl (double-free vulnerability), firefox, thunderbird, seamonkey, and xulrunner (long list of vulnerabilities), and clamav (multiple, remotely exploitable vulnerabilities).

Mandriva has updated the kernel (multiple vulnerabilities) and the kernel again (even more vulnerabilities).

Red Hat has updated libxslt (code execution), setroubleshoot (file overwrite and HTML injection), vsftpd (denial of service), dovecot (access to other users' mail), bind (multiple vulnerabilities), mysql (multiple vulnerabilities), nss_ldap (information disclosure), and compiz (screen saver bypass).

Ubuntu has updated openssl-blacklist (improved detection of weak keys) and gnutls (multiple vulnerabilities).

Comments (none posted)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds