Wednesday's security updates

Debian has updated typo3 (multiple vulnerabilities).

Red Hat has updated kernel (RHEL4: three information leaks), firefox (RHEL4-5: multiple vulnerabilities), seamonkey (RHEL3-4: multiple vulnerabilities), and thunderbird (RHEL4-5: code execution and privilege escalation).

Ubuntu has updated kernel (27 CVE numbers).

It's also worth noting that there is a new local-root kernel vulnerability out there; this one is tied to the RDS protocol implementation. See this VSR advisory for more information.

Update: Another recently reported local root privilege escalation is also worth a mention. Tavis Ormandy reported a flaw in GNU libc that can be exploited by local users to gain root privileges.

Comments (4 posted)