Friday's security updates

[Posted September 26, 2014 by n8willis]

Friday's security updates

[Security] Posted Sep 26, 2014 15:44 UTC (Fri) by n8willis

CentOS has updated bash (C5; C6; C7: code execution) and nss (C6; C7: certificate forgery).

Debian has updated bash (code execution) and mediawiki (cross-site scripting).

Fedora has updated bash (F19; F20: code execution), drupal6 (F20: multiple vulnerabilities), nss (F20: certificate forgery), nss-softokn (F20: certificate forgery), nss-util (F20: certificate forgery), perl-Email-Address (F19; F20: denial of service), python-oauth2 (F19; F20: multiple vulnerabilities), rubygem-activerecord (F20: authentication bypass), and tomcat (F20: multiple vulnerabilities).

Mandriva has updated bash (BS1: code execution).

Oracle has updated bash (O4; O5; O6; O7: code execution) and bash (O5; O6; O7: code execution; second vulnerability).

Red Hat has updated bash (code execution) and nss (certificate forgery).

Scientific Linux has updated automake (SL5: code execution), bash (code execution), nss (certificate forgery), and nss, nspr (certificate forgery).

Slackware has updated bash (code execution) and bash-3.1 (13.0: code execution).

SUSE has updated spacewalk-java (Manager Server: cross-site scripting).

Ubuntu has updated bash (10.04, 12.04, 14.04: code execution; 14.04: code execution).

Comments (none posted)