Security updates for Monday
Security updates for Monday
Arch Linux has updated ecryptfs-utils (privilege escalation), linux-lts (privilege escalation), privoxy (two denial of service flaws), python-rsa (signature forgery), and python2-rsa (signature forgery).
CentOS has updated ntp (C7; C6: missing check for zero originate timestamp).
Debian has updated claws-mail (code execution).
Debian-LTS has updated foomatic-filters (buffer overflows), imlib2 (denial of service), pound (multiple vulnerabilities, one from 2009), and privoxy (two denial of service flaws).
Fedora has updated bind (F23: two denial of service flaws), bind99 (F23: denial of service), chrony (F23: packet modification), dhcp (F22: denial of service), java-1.8.0-openjdk (F23: unspecified), mod_nss (F22: enables insecure ciphersuites), owncloud (F23; F22: multiple vulnerabilities), python-rsa (F22: signature forgery), and qemu (F23: multiple vulnerabilities).
Mageia has updated virtualbox (unspecified vulnerabilities).
openSUSE has updated bind (13.1: denial of service), cgit (13.1: three vulnerabilities), giflib (13.1: heap-based buffer overflow), jasper (13.2; 13.1: denial of service), libvirt (Leap42.1, 13.2; 13.1: path traversal), openldap2 (13.2: two vulnerabilities), roundcubemail (Leap42.1; 13.2; 13.1: code execution), and tiff (13.2; 13.1: denial of service).
Oracle has updated ntp (OL7: missing check for zero originate timestamp).
Red Hat has updated ntp (RHEL6,7: missing check for zero originate timestamp).
Scientific Linux has updated ntp (SL6,7: missing check for zero originate timestamp).
SUSE has updated bind (SLES10-SP4: four denial of service vulnerabilities), openldap2 (SLE12-SP1: two vulnerabilities), and kernel (SLE12: privilege escalation).