Security advisories for Thursday

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), nspr (C7; C6; C5: code execution), nss (C7; C6; C5: code execution), and nss-util (C7; C6: code execution).

Debian has updated iceweasel (multiple vulnerabilities).

Fedora has updated firefox (F23; F22: multiple vulnerabilities), nspr (F23; F22: code execution), nss (F23; F22: code execution), nss-softokn (F23; F22: code execution), nss-util (F23; F22: code execution), ntp (F21: multiple vulnerabilities), php-horde-horde (F22; F21: cross-site request forgeries), php-horde-imp (F22; F21: cross-site request forgeries), php-horde-ingo (F22; F21: cross-site request forgeries), and php-horde-passwd (F22; F21: cross-site request forgeries).

Mageia has updated drupal (open redirect), firefox, nspr, and nss (multiple vulnerabilities), and springframework (open file redirect).

openSUSE has updated postgresql92 (13.1: information disclosure) and wpa_supplicant (13.1: denial of service).

Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities), kernel 2.6.32 (OL6; OL5: privilege escalation), kernel 3.8.13 (OL7; OL6: privilege escalation), kernel 2.6.39 (OL6: privilege escalation), nss and nspr (OL5: code execution), and nss, nss-util, and nspr (OL7; OL6: code execution).

Scientific Linux has updated firefox (multiple vulnerabilities), kernel (SL7: two vulnerabilities, one from 2014), libreswan (SL7: denial of service), nss and nspr (SL5: code execution), and nss, nss-util, and nspr (SL6&7: code execution).

Ubuntu has updated firefox (multiple vulnerabilities), nspr (code execution), and nss (code execution).

Comments (none posted)