Thursday's security advisories

[Posted November 10, 2011 by jake]

Thursday's security advisories

[Security] Posted Nov 10, 2011 20:09 UTC (Thu) by jake

CentOS has updated nss (C4; C5: certificate authority removal), firefox (C4; C5: multiple vulnerabilities), thunderbird (C4; C5: cross-site scripting), rpm (C4: code execution), xorg-x11 (C4: multiple vulnerabilities), pidgin (C4: multiple vulnerabilities), postgresql (C4: crackable password hashing), kdelibs (C4: certificate spoofing), httpd (C4: mod_proxy reverse proxy exposure), freetype (C4: code execution), and seamonkey (C4: cross-site scripting).

Debian has updated openssl (certificate authority removal).

Fedora has updated tor (F16: multiple vulnerabilities), tomcat6 (F15: HTTP digest authentication flaws), java-1.7.0-openjdk (F16: multiple vulnerabilities), asterisk (F15; F16: denial of service), icedtea-web (F15; F16: same-origin policy violation), and freetype (F15: code execution).

Mandriva has updated mozilla (multiple vulnerabilities).

Oracle has updated firefox (OL4; OL5; OL6: multiple vulnerabilities), thunderbird (OL4; OL6: multiple vulnerabilities), seamonkey (OL4: cross-site scripting), icedtea-web (OL6: same-origin policy violation), and nss (OL4; OL5; OL6: certificate authority removal).

Ubuntu has updated radvd (code execution) and clamav (code execution).

Comments (none posted)