Security advisories for Wednesday

Fedora has updated arpwatch (F17; F16; F15: privilege escalation).

Mandriva has updated python (2011.0; 2010.1: multiple vulnerabilities).

Red Hat has announced the six month end-of-life notice for Red Hat Enterprise Linux Extended Update Support 6.0. Following that announcement are a long list of updated packages containing security and other bug fixes and enhancements for RHEL 6. Most of these have been assigned low to moderate severity by the Red Hat security team. The java updates (last on the list) have been assigned important or critical severity.

The updated packages are: libvirt (unintended access to USB devices), libguestfs (unintended file access), rsyslog (denial of service), busybox (multiple vulnerabilities), php-pecl-apc (cross-site scripting), 389-ds-base (denial of service), abrt, libreport, btparser, python-meh (information leak), kernel (multiple denial of service vulnerabilities), mysql (temporary denial of service), net-snmp (denial of service), qt (multiple vulnerabilities), openssh (denial of service), openldap (denial of service), cifs-utils (file existence disclosure flaw), xorg-x11-server (xserver locking vulnerabilities), sos (privilege escalation), nss, nss-util, nspr (multiple bugs), sblim-cim-client2 (predictable hash collisions), 389-ds-base (plain text password disclosure), java-1.7.0-openjdk (multiple vulnerabilities), and java-1.7.0-oracle (multiple vulnerabilities).

SUSE has updated kernel (multiple vulnerabilities), java-1_6_0-openjdk (multiple vulnerabilities), and oracle-update (man-in-the-middle attack).

Ubuntu has updated clamav (multiple vulnerabilities), clamav (fixes a regression in a previous update), and firefox (fixes a regression in a previous update).

Comments (2 posted)