Some Monday security updates

Security knows no holidays; the number of updates in the mailbox has grown, so it seems worthwhile to put them out there.

It's also worthwhile to note one significant fact: CentOS has once again quietly stopped shipping updates for CentOS 5; the last update came out on July 21. The first CentOS 6 update has yet to appear. So CentOS users remain vulnerable to problems (like the Apache DOS issue) that have been fixed elsewhere.

CentOS has updated firefox (C4: remove DigiNotar), thunderbird (C4: remove DigiNotar), and seamonkey (C4: remove DigiNotar).

Debian has updated rails (cross-site scripting, SQL injection, and response splitting, one from 2009), nss (remove DigiNotar), and apache2 (fix regression from previous update).

Mandriva has updated libxml (possible remote code execution), apache (denial of service), and mozilla (remove DigiNotar).

openSUSE has updated ca-certificates (remove DigiNotar) and samba (cross-site request forgery and scripting).

Pardus has updated dhcp (denial of service), libmodplug (multiple vulnerabilities), pidgin (denial of service), samba (cross-site request forgery and scripting), subversion (denial of service and information disclosure), and libsoup (information disclosure).

Scientific Linux has updated ca-certificates (SL6: remove DigiNotar).

SUSE has updated openssl-certs (remove DigiNotar)

Comments (4 posted)