Wednesday's security updates
Wednesday's security updates
Debian has updated phpmyadmin (privilege escalation), chromium-browser (multiple vulnerabilities), ffmpeg (three code execution vulnerabilities), and shadow (privilege escalation).
Fedora has updated nbd (F13, F14: remote code execution - the return of CVE-2005-3534).
openSUSE has updated git (cross-site scripting and local privilege escalation).
Red Hat has updated fence (RHEL4: two temporary file vulnerabilities from 2008), ccs (RHEL4: another temporary file vulnerability from 2008), bash (RHEL4: temporary file vulnerability from 2008), rgmanager (RHEL4: local privilege escalation and, yes, one temporary file vulnerability from 2008), sendmail (RHEL4: certificate spoofing vulnerability from 2009), kernel (RHEL4: multiple vulnerabilities), python (RHEL4: multiple vulnerabilities in the rgbimg module), subversion (RHEL5, RHEL6: denial of service and information disclosure), and dhcp (RHEL6: denial of service).
Red Hat has also served notice that it will
be disabling the Adobe Flash plugin on RHEL4 systems in one month. "Adobe is no longer providing security updates for Adobe Flash Player 9, and
is not providing a replacement Flash Player version compatible with Red Hat
Enterprise Linux 4.
"
Ubuntu has updated shadow (local privilege escalation), and openssl (denial of service and possible information disclosure).