LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security advisories for Monday

[Posted March 11, 2013 by ris]

CentOS has updated ruby (C5: denial of service), kvm (C5: buffer overflow), xulrunner (C5: code execution), 389-ds-base (C6: ACL restriction bypass), automake (C6: code execution), ccid (C6: arbitrary code execution), dhcp (C6: denial of service), dnsmasq (C6: DNS proxy is wrongly created), dovecot (C6: multiple vulnerabilities), evolution (C6: information disclosure), evolution-mapi (C6: remote code execution), gdb (C6: code execution), hplip (C6: multiple vulnerabilities), httpd (C6: multiple vulnerabilities), ibacm (C6: multiple vulnerabilities), ibsim (C6: multiple vulnerabilities), ibutils (C6: multiple vulnerabilities), infiniband-diags (C6: multiple vulnerabilities), ipa (C6: incorrect CRLs), kernel (C6: multiple vulnerabilities), libibmad (C6: multiple vulnerabilities), libibumad (C6: multiple vulnerabilities), libibverbs (C6: multiple vulnerabilities), libmlx4 (C6: multiple vulnerabilities), librdmacm (C6: multiple vulnerabilities), libvirt (C6: DNS proxy is wrongly created), openchange (C6: remote code execution), opensm (C6: multiple vulnerabilities), openssh (C6: code execution), pam (C6: arbitrary code execution), pcsc-lite (C6: arbitrary code execution), php (C6: multiple vulnerabilities), pki-core (C6: cross-site scripting), rdma (C6: multiple vulnerabilities), samba4 (C6: remote code execution), squid (C6: denial of service), sssd (C6: file modification and denial of service), util-linux-ng (C6: information disclosure), xinetd (C6: service disclosure flaw), xorg-x11-apps (C6: code execution), xorg-x11-server-utils (C6: code execution), xorg-x11-utils (C6: code execution), bind (C6: denial of service), cups (C6: privilege escalation), dbus-glib (C6: privilege escalation), git (C6: information disclosure), gnutls (C6: plaintext recovery), java-1.6.0-openjdk (C6: code execution), java-1.7.0-openjdk (C6: code execution), kernel (C6: kernel-mode code execution), libxml2 (C6: denial of service), nss-pam-ldapd (C6: code execution), openssl (C6: multiple vulnerabilities), qemu-kvm (C6: buffer overflow), ruby (C6: multiple vulnerabilities), and xulrunner (C6: code execution).

Debian has updated sudo (privilege escalation) and perl (denial of service).

Fedora has updated python-tw2-jquery (F18; F17: cross-site scripting), crypto-utils (F18; F17: symlink attack), kernel (F18: multiple vulnerabilities), and libproxy (format string flaw).

Mageia has updated iceape (multiple vulnerabilities), krb5 (denial of service), java-1.7.0-openjdk (code execution), and java-1.6.0-openjdk (code execution).

openSUSE has updated libqt4 (information disclosure).

Oracle has updated ruby (OL5: denial of service), kvm (OL5: buffer overflow), and xulrunner (OL6; OL5: code execution).

Scientific Linux has updated xulrunner (code execution).

Slackware has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

SUSE has updated firefox (multiple vulnerabilities).

Ubuntu has updated firefox (code execution).

(Log in to post comments)

is centos delivering security updates on time?

Posted Mar 14, 2013 4:55 UTC (Thu) by clopez (guest, #66009) [Link]

how much ago was the last update of centos? this one is scary

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds