LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The Wednesday security update pile

[Posted May 21, 2008 by corbet]

The Wednesday security update pile
[Security] Posted May 21, 2008 18:41 UTC (Wed) by corbet

CentOS has updated the kernel (multiple vulnerabilities) and libxslt (code execution).

Debian has updated peercast (remotely exploitable buffer overflow) and gnome-peercast (ditto, with an additional overflow from 2007).

Fedora has updated gnutls (F7, F8, F9: multiple vulnerabilities), django (F7, F8, F9: cross-site scripting), and dbmail (F9: authentication bypass).

Gentoo has updated perl (double-free vulnerability), firefox, thunderbird, seamonkey, and xulrunner (long list of vulnerabilities), and clamav (multiple, remotely exploitable vulnerabilities).

Mandriva has updated the kernel (multiple vulnerabilities) and the kernel again (even more vulnerabilities).

Red Hat has updated libxslt (code execution), setroubleshoot (file overwrite and HTML injection), vsftpd (denial of service), dovecot (access to other users' mail), bind (multiple vulnerabilities), mysql (multiple vulnerabilities), nss_ldap (information disclosure), and compiz (screen saver bypass).

Ubuntu has updated openssl-blacklist (improved detection of weak keys) and gnutls (multiple vulnerabilities).

Comments (none posted)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds