Security advisories for Wednesday

[Posted February 24, 2016 by ris]

Security advisories for Wednesday

[Security] Posted Feb 24, 2016 16:57 UTC (Wed) by ris

Arch Linux has updated libssh (insecure ssh sessions).

Debian has updated libssh (multiple vulnerabilities), lighttpd (padding-oracle attack), and websvn (cross-site scripting).

Debian-LTS has updated nss (cryptographic weakness) and websvn (cross-site scripting).

Fedora has updated botan (F23: three vulnerabilities), code-editor (F23: three vulnerabilities), gdl (F22: out-of-bounds read flaw), GraphicsMagick (F22: out-of-bounds read flaw), monotone (F23: three vulnerabilities), octave (F22: out-of-bounds read flaw), postgresql (F23: denial of service), qca (F23: three vulnerabilities), qt-creator (F23: three vulnerabilities), vdr-skinenigmang (F22: out-of-bounds read flaw), vdr-skinnopacity (F22: out-of-bounds read flaw), and vdr-tvguide (F22: out-of-bounds read flaw).

openSUSE has updated firefox (13.1: same-origin restriction bypass).

Red Hat has updated rh-ror41 (RHSCL: multiple vulnerabilities).

Slackware has updated bind (denial of service), glibc (code execution), libgcrypt (two vulnerabilities), and ntp (multiple vulnerabilities).

SUSE has updated firefox (SLE12-SP1: denial of service) and postgresql94 (SLE12-SP1: three vulnerabilities, one from 2007).

Comments (none posted)