|
|
Subscribe / Log in / New account

A boatload of weekend security updates

[Posted September 27, 2014 by corbet]

A boatload of weekend security updates

[Security] Posted Sep 27, 2014 23:33 UTC (Sat) by corbet

Debian has updated icedove (nss certificate forgery vulnerability), and libvirt (denial of service and data leakage).

Fedora has updated much of the distribution, mostly in response to CVE-2014-5033 (authentication bypass vulnerability in KDE): akonadi (F20: CVE-2014-5033), analitza (F20: CVE-2014-5033), amor (F20: CVE-2014-5033), ark (F20: CVE-2014-5033), audiocd-kio (F20: CVE-2014-5033), baloo (F20: CVE-2014-5033), baloo-widgets (F20: CVE-2014-5033), blinken (F20: CVE-2014-5033), calligra (F20: CVE-2014-5033), calligra-l10n (F20: CVE-2014-5033), cantor (F20: CVE-2014-5033), check-mk (F19, F20: three CVEs), digikam (F20: CVE-2014-5033), dragon (F20: CVE-2014-5033), filelight (F20: CVE-2014-5033), gwenview (F20: CVE-2014-5033), jovie (F20: CVE-2014-5033), juk (F20: CVE-2014-5033), kaccessible (F20: CVE-2014-5033), kalgebra (F20: CVE-2014-5033), kamera (F20: CVE-2014-5033), kalzium (F20: CVE-2014-5033), kanagram (F20: CVE-2014-5033), kate (F20: CVE-2014-5033), kbruch (F20: CVE-2014-5033), kcalc (F20: CVE-2014-5033), kcharselect (F20: CVE-2014-5033), kcolorchooser (F20: CVE-2014-5033), kcron (F20: CVE-2014-5033), kde-base-artwork (F20: CVE-2014-5033), kde-baseapps (F20: CVE-2014-5033), kde-l10n (F20: CVE-2014-5033), kde-print-manager (F20: CVE-2014-5033, kde-runtime (F20: CVE-2014-5033), kde-wallpapers (F20: CVE-2014-5033), kdeaccessibility (F20: CVE-2014-5033), kdeadmin (F20: CVE-2014-5033), kdeartwork (F20: CVE-2014-5033), kdebindings (F20: CVE-2014-5033), kdeedu (F20: CVE-2014-5033), kdegraphics (F20: CVE-2014-5033), kdegraphics-mobipocket (F20: CVE-2014-5033), kdegraphics-stringi-analyzer (F20: CVE-2014-5033), kdegraphics-thumbnailers (F20: CVE-2014-5033), kdelibs (F20: CVE-2014-5033), kdemultimedia (F20: CVE-2014-5033), kdenetwork (F20: CVE-2014-5033), kdenetwork-filesharing (F20: CVE-2014-5033), kdenetwork-strigi-analyzers (F20: CVE-2014-5033, kdepim (F20: CVE-2014-5033), kdepim-runtime (F20: CVE-2014-5033), kdepimlibs (F20: CVE-2014-5033), kdetoys (F20: CVE-2014-5033), kdeplasma-addons (F20: CVE-2014-5033), kdeutils (F20: CVE-2014-5033), kdf (F20: CVE-2014-5033), kdnssd (F20: CVE-2014-5033), kfilemetadata (F20: CVE-2014-5033), kfloppy (F20: CVE-2014-5033), kgamma (F20: CVE-2014-5033), kgeography (F20: CVE-2014-5033), kget (F20: CVE-2014-5033), kgpg (F20: CVE-2014-5033), khangman (F20: CVE-2014-5033), kig (F20: CVE-2014-5033), kimono (F20: CVE-2014-5033), kiten (F20: CVE-2014-5033), klettres (F20: CVE-2014-5033), kmag (F20: CVE-2014-5033), kmix (F20: CVE-2014-5033), kmousetool (F20: CVE-2014-5033), kmouth (F20: CVE-2014-5033), kmplot (F20: CVE-2014-5033), kolourpaint (F20: CVE-2014-5033), konsole (F20: CVE-2014-5033), kopete (F20: CVE-2014-5033), kphotoalbum (f20: CVE-2014-5033), kppp (F20: CVE-2014-5033), kqtquickcharts (F20: CVE-2014-5033), krdc (F20: CVE-2014-5033), kremotecontrol (F20: CVE-2014-5033), krfb (F20: CVE-2014-5033), kross-interpreters (F20: CVE-2014-5033), kruler (F20: CVE-2014-5033), ksaneplugin (F20: CVE-2014-5033), kscd (F20: CVE-2014-5033), ksnapshot (F20: CVE-2014-5033), kstars (F20: CVE-2014-5033), ksystemlog (F20: CVE-2014-5033), kteatime (F20: CVE-2014-5033), ktimer (F20: CVE-2014-5033), ktouch (F20: CVE-2014-5033), kturtle (F20: CVE-2014-5033), ktux (F20: CVE-2014-5033), kuser (F20: CVE-2014-5033), kwalletmanager (F20: CVE-2014-5033), kwordquiz (F20: CVE-2014-5033), libkcddb (F20: CVE-2014-5033), libkcompactdisc (F20: CVE-2014-5033), libkdcraw (F20: CVE-2014-5033), libkdeedu (F20: CVE-2014-5033), libkexiv (F20: CVE-2014-5033), libkgapi (F20: CVE-2014-5033), libkipi (F20: CVE-2014-5033), libkolab (F20: CVE-2014-5033), libksane (F20: CVE-2014-5033), marble (F20: CVE-2014-5033), nepomuk-core (F20: CVE-2014-5033), nepomuk-widgets (F20: CVE-2014-5033), okular (F20: CVE-2014-5033), oxygen-icon-theme (F20: CVE-2014-5033), pairs (F20: CVE-2014-5033), parley (F20: CVE-2014-5033), pykde (F20: CVE-2014-5033), qyoto (F20: CVE-2014-5033), rocs (F20: CVE-2014-5033), ruby-korundum (F20: CVE-2014-5033), ruby-qt (F20: CVE-2014-5033), smokegen (F20: CVE-2014-5033), smokekde (F20: CVE-2014-5033), smokeqt (F20: CVE-2014-5033), step (F20: CVE-2014-5033), subsurface (F20: CVE-2014-5033), superkaramba (F20: CVE-2014-5033), svgpart (F20: CVE-2014-5033), and sweeper (F20: CVE-2014-5033).

Mageia has updated perl-Email-Address (denial of service), perl-XML-DT (symbolic link vulnerability), and nss (certificate forgery).

Oracle has updated nss (OL5, OL6, OL7: certificate forgery) and bash (OL4: command injection).

Red Hat has updated bash (RHEL4-6 (command injection).

SUSE has updated mozilla-nss (certificate forgery), wireshark (10 CVE numbers), and bash (command injection).

Ubuntu has updated bash (command injection).

Comments (6 posted)


Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds