LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security updates for Thursday

[Posted January 17, 2013 by jake]

CentOS has updated quota (C5: access restriction bypass), libvirt (C5: privilege escalation), hplip3 (C5: insecure tmpfile creation), conga (C5: authentication credential leak), wireshark (C5: 13 CVEs going back to 2011), net-snmp (C5: denial of service), gnome-vfs2 (C5: denial of service from 2009), freeradius2 (C5: authentication bypass), gtk2 (C5: denial of service), openipmi (C5: denial of service), mysql (C5: authentication bypass), ruby (C5: two vulnerabilities), tcl (C5: two denial of service flaws from 2007), autofs (C5: denial of service), squirrelmail (C5: denial of service), sos (C5: key disclosure), xulrunner (C5: multiple vulnerabilities), firefox (C5: multiple vulnerabilities), thunderbird (C5: multiple vulnerabilities), and java-1.7.0-openjdk (C5; C6: two code execution flaws).

Debian has updated rails (privilege escalation).

Fedora has updated java-1.7.0-openjdk (F16; F17; F18: two code execution flaws), xorg-x11-apps (F18: unspecified vulnerability), firefox (F17: multiple vulnerabilities), and xulrunner (F17: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (OL5; OL6: two code execution flaws).

Red Hat has updated java-1.7.0-openjdk (two code execution flaws).

Scientific Linux has updated squirrelmail (SL5: denial of service), java-1.7.0-openjdk (two code execution flaws), tcl (SL5: two denial of service flaws from 2007), openipmi (SL5: denial of service), quota (SL5: access restriction bypass), net-snmp (SL5: denial of service), mysql (SL5: authentication bypass), conga (SL5: authentication credential leak), wireshark (SL5: 13 CVEs going back to 2011), gnome-vfs2 (SL5: denial of service from 2009), ruby (SL5: two vulnerabilities), freeradius2 (SL5: authentication bypass), libvirt (SL5: privilege escalation), httpd (SL5: multiple flaws two from 2008), gtk2 (SL5: denial of service), hplip3 (SL5: insecure tmpfile creation), and autofs (SL5: denial of service).

Ubuntu has updated openjdk-7 (12.10: code execution), qemu-kvm (code execution), and rpm (12.10: incorrect signature checking).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds