Wednesday's security updates

There is a new null pointer vulnerability out there, associated with the pipe code. Updates are beginning to arrive from distributors. LWN subscribers can see this brief article for more information on the issue.

CentOS has updated wget (C3: certificate spoofing), kernel (C3: pipe vulnerability and several others), and kernel (C4: pipe vulnerability).

Fedora has updated wireshark (F11: three dissector vulnerabilities), rt (F10, F11: JavaScript injection), PyXML (F10, F11: buffer overflow), python-4Suite-XML (F10, F11: denial of service), squidguard (F10, F11: multiple vulnerabilities), mimetex (F10, F11: buffer overflow), and expat (F10, F11: buffer overflow). Fedora has also sent out a cascade of F10 advisories resulting from the latest firefox update: blam, epiphany, epiphany-extensions, evolution-rss, firefox, galeon, gecko-sharp, gnome-python2-extras, gnome-web-photo, google-gadgets, kazehakase, miro, mozvoikko, mugshot, pcmanx-gtk2, perl-Gtk2-MozEmbed, ruby-gnome2, xulrunner, and yelp.

Mandriva has updated squidguard (multiple vulnerabilities)

Red Hat has updated kernel (RHEL3: pipe vulnerability and several others), kernel (RHEL4: pipe vulnerability), kernel (RHEL5: pipe vulnerability and several others), kernel-rt (RHEL5: pipe vulnerability and several others), and wget (RHEL3-5: certificate spoofing).

SUSE has updated firefox (multiple vulnerabilities) and IBM Java 6 (multiple vulnerabilities). SUSE has also warned users that its releases are vulnerable to the pipe null pointer problem, but that producing a kernel update takes them four days.

Comments (none posted)