LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Tuesday's security updates

[Posted March 5, 2013 by ris]

CentOS has updated gnutls (C5: plaintext recovery) and openssl (C5: multiple vulnerabilities).

Debian has updated apache2 (multiple vulnerabilities), openafs (multiple vulnerabilities), and php5 (multiple vulnerabilities).

Fedora has updated seamonkey (F18; F17: multiple vulnerabilities), nginx (F18; F17: world accessible directories), dtach (F18: information disclosure), and openstack-keystone (F18: multiple vulnerabilities).

Mandriva has updated libxml2 (denial of service).

openSUSE has updated kernel (12.2; 12.1: multiple vulnerabilities).

Oracle has updated gnutls (OL6; OL5: plaintext recovery), nss-pam-ldapd (OL6: code execution), git (OL6: multiple vulnerabilities), and openssl (OL6; OL5: multiple vulnerabilities).

Red Hat has updated openssl (multiple vulnerabilities), gnutls (plaintext recovery), git (RHEL6: information disclosure), and nss-pam-ldapd (RHEL6: code execution).

Scientific Linux has updated openafs (multiple vulnerabilities), samba4 (SL6: remote code execution), openchange (SL6: remote code execution), dovecot (SL6: multiple vulnerabilities), sssd (SL6: file modification and denial of service), evolution (SL6: information disclosure), hplip (SL6: symlink attack/insecure temp files), util-linux-ng (SL6: information disclosure), ipa (SL6: incorrect CRLs), rdma (SL6: multiple vulnerabilities), ccid (SL6: arbitrary code execution), openssl (multiple vulnerabilities), nss-pam-ldapd (SL6: code execution), git (SL6: information disclosure), and gnutls (plaintext recovery).

SUSE has updated pidgin (multiple vulnerabilities).

(Log in to post comments)

Tuesday's security updates

Posted Mar 6, 2013 23:34 UTC (Wed) by geuder (subscriber, #62854) [Link]

Weird, Suse sends out a security alert, but more than 50 hours later the new kernel (for 12.2) is still not in the repos.

Sometimes I have observed just the opposite. The alert came days after the package was in the standard repo.

(Just an observation. If I were seriously concerned the right channel would be their security team's mailing list.)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds