Thursday's security updates

[Posted September 25, 2014 by jake]

Thursday's security updates

[Security] Posted Sep 25, 2014 15:22 UTC (Thu) by jake

Debian has updated iceweasel (signature forgery) and nss (signature forgery).

Fedora has updated bash (F20; F19: code injection), moodle (F20: multiple vulnerabilities), not-yet-commons-ssl (F20; F19: hostname verification botch), phpMyAdmin (F20; F19: privilege escalation), procmail (F19: code execution), wireshark (F20: yet another pile of dissector flaws), and xerces-j2 (F20; F19: denial of service from 2013).

Gentoo has updated bash (code injection) and bash (fix to the previous update for the code injection vulnerability).

Mageia has updated bash (code injection), curl (M4; M3: cookie handling), php-pear-CAS (privilege escalation), and wireshark (yet another pile of dissector flaws).

Mandriva has updated bash (code injection), curl (two cookie-handling vulnerabilities), nss (signature forgery), and wireshark (yet another pile of dissector flaws).

Oracle has updated bash (OL7; OL6; OL5 OL4: code injection).

Scientific Linux has updated bash (code injection).

Slackware has updated bash (code injection) and mozilla (signature forgery).

SUSE has updated bash (SLE11SP3, SLE10SP4; SLE11SP1: code injection) and bash (SLE10SP3: two vulnerabilities, one from 2012).

Ubuntu has updated bash (14.04, 12.04, 10.04: code injection), firefox (14.04, 12.04: signature forgery), nss (14.04, 12.04, 10.04: signature forgery), and thunderbird (14.04, 12.04: signature forgery).

Comments (none posted)