LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security updates for Thursday

[Posted January 17, 2013 by jake]

Security updates for Thursday
[Security] Posted Jan 17, 2013 21:16 UTC (Thu) by jake

CentOS has updated quota (C5: access restriction bypass), libvirt (C5: privilege escalation), hplip3 (C5: insecure tmpfile creation), conga (C5: authentication credential leak), wireshark (C5: 13 CVEs going back to 2011), net-snmp (C5: denial of service), gnome-vfs2 (C5: denial of service from 2009), freeradius2 (C5: authentication bypass), gtk2 (C5: denial of service), openipmi (C5: denial of service), mysql (C5: authentication bypass), ruby (C5: two vulnerabilities), tcl (C5: two denial of service flaws from 2007), autofs (C5: denial of service), squirrelmail (C5: denial of service), sos (C5: key disclosure), xulrunner (C5: multiple vulnerabilities), firefox (C5: multiple vulnerabilities), thunderbird (C5: multiple vulnerabilities), and java-1.7.0-openjdk (C5; C6: two code execution flaws).

Debian has updated rails (privilege escalation).

Fedora has updated java-1.7.0-openjdk (F16; F17; F18: two code execution flaws), xorg-x11-apps (F18: unspecified vulnerability), firefox (F17: multiple vulnerabilities), and xulrunner (F17: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (OL5; OL6: two code execution flaws).

Red Hat has updated java-1.7.0-openjdk (two code execution flaws).

Scientific Linux has updated squirrelmail (SL5: denial of service), java-1.7.0-openjdk (two code execution flaws), tcl (SL5: two denial of service flaws from 2007), openipmi (SL5: denial of service), quota (SL5: access restriction bypass), net-snmp (SL5: denial of service), mysql (SL5: authentication bypass), conga (SL5: authentication credential leak), wireshark (SL5: 13 CVEs going back to 2011), gnome-vfs2 (SL5: denial of service from 2009), ruby (SL5: two vulnerabilities), freeradius2 (SL5: authentication bypass), libvirt (SL5: privilege escalation), httpd (SL5: multiple flaws two from 2008), gtk2 (SL5: denial of service), hplip3 (SL5: insecure tmpfile creation), and autofs (SL5: denial of service).

Ubuntu has updated openjdk-7 (12.10: code execution), qemu-kvm (code execution), and rpm (12.10: incorrect signature checking).

Comments (none posted)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds