Security updates for Tuesday
Security updates for Tuesday
Debian has updated foomatic-filters (command execution).
Fedora has updated bind (F22: two vulnerabilities), bind-dyndb-ldap (F22: two vulnerabilities), dnsperf (F22: two vulnerabilities), firefox (F22: multiple vulnerabilities), jenkins (F22: multiple vulnerabilities), and kernel (F22: multiple vulnerabilities).
Oracle has updated jakarta-commons-collections (OL5: code execution).
Red Hat has updated openstack-ironic-discoverd (RHELOSP6: command execution), openstack-nova (RHELOSP7; RHELOSP5: insecure VM instances), and RHELOSP7 director (RHEL7: two vulnerabilities).
Scientific Linux has updated abrt and libreport (SL7: multiple vulnerabilities), autofs (SL7: privilege escalation), binutils (SL7: multiple vulnerabilities), chrony (SL7: multiple vulnerabilities), cpio (SL7: denial of service), cups-filters (SL7: code execution), curl (SL7: multiple vulnerabilities), file (SL7: multiple vulnerabilities), git (SL7: code execution), glibc (SL7: privilege escalation), glibc (SL7: multiple vulnerabilities), grep (SL7: heap buffer overrun), grub2 (SL7: Secure Boot circumvention), grub2 (SL7: code execution), jakarta-commons-collections (SL5: code execution), kernel (SL7: multiple vulnerabilities), kernel (SL7: two vulnerabilities), krb5 (SL7: two vulnerabilities), libpng (SL7: two vulnerabilities), libpng12 (SL7: multiple vulnerabilities), libssh2 (SL7: information leak), libxml2 (SL7: multiple vulnerabilities), net-snmp (SL7: denial of service), netcf (SL7: denial of service), NetworkManager (SL7: two vulnerabilities), ntp (SL7: multiple vulnerabilities), openhpi (SL7: world writable /var/lib/openhpi directory), openldap (SL7: unintended cipher usage), openssh (SL7: multiple vulnerabilities), pacemaker (SL7: privilege escalation), pcs (SL7: denial of service), python (SL7: multiple vulnerabilities), realmd (SL7: unsanitized input), rest (SL7: denial of service), rubygem-bundler, rubygem-thor (SL7: installs malicious gem files), squid (SL7: certificate validation bypass), sssd (SL7: memory leak), tigervnc (SL7: two vulnerabilities), unbound (SL7: denial of service), wireshark (SL7: multiple vulnerabilities), and xfsprogs (SL7: information disclosure).
SUSE has updated bind (SLE12; SLE11SP2,3,4: denial of service), firefox (SLE12SP1; SLE11SP3,4; SLE11SP2: multiple vulnerabilities), rubygem-passenger (SLE12: environment variable injection), strongswan (SLE12SP1: authentication bypass), and kernel (SLE11SP4: multiple vulnerabilities).