Security advisories for Monday
Security advisories for Monday
Arch Linux has updated curl (two vulnerabilities) and libwmf (multiple vulnerabilities).
Debian has updated libgd2 (denial of service) and libphp-phpmailer (code execution).
Debian-LTS has updated hdf5 (multiple vulnerabilities), hplip (man-in-the-middle attack from 2015), kernel (multiple vulnerabilities), libphp-phpmailer (code execution), pgpdump (denial of service), postgresql-common (file overwrites), python-crypto (denial of service), and shutter (code execution from 2015).
Fedora has updated curl (F24: buffer overflow), cxf (F25: two vulnerabilities), game-music-emu (F24: multiple vulnerabilities), libbsd (F25; F24: denial of service), libpng (F25: NULL dereference bug), mingw-openjpeg2 (F25; F24: multiple vulnerabilities), openjpeg2 (F24: two vulnerabilities), php-zendframework-zend-mail (F25; F24: parameter injection), springframework (F25: directory traversal), tor (F25; F24: denial of service), xen (F24: three vulnerabilities), and zookeeper (F25; F24: buffer overflow).
Gentoo has updated bash (code execution), busybox (denial of service), chicken (multiple vulnerabilities going back to 2013), cyassl (multiple vulnerabilities from 2014), e2fsprogs (code execution from 2015), hdf5 (multiple vulnerabilities), icinga (privilege escalation), libarchive (multiple vulnerabilities, some from 2015), libjpeg-turbo (code execution), libotr (code execution), lzo (code execution from 2014), mariadb (multiple unspecified vulnerabilities), memcached (code execution), musl (code execution), mutt (denial of service from 2014), openfire (multiple vulnerabilities from 2015), openvswitch (code execution), pillow (multiple vulnerabilities, two from 2014), w3m (multiple vulnerabilities), xdg-utils (command execution from 2014), and xen (multiple vulnerabilities).
Mageia has updated mcabber (roster push attack) and tracker (denial of service).
openSUSE has updated firefox (13.1: multiple vulnerabilities), gd (42.2, 42.1: stack overflow), GNU Health (42.2: two vulnerabilities), roundcubemail (13.1: cross-site scripting), kernel (42.1: information leak), thunderbird (42.2, 42.1, 13.2; SPH for SLE12: multiple vulnerabilities), and xen (42.2; 42.1; 13.2: multiple vulnerabilities).
Red Hat has updated ipa (RHEL7: two vulnerabilities) and rh-nodejs4-nodejs and rh-nodejs4-http-parser (RHSCL: multiple vulnerabilities).
Slackware has updated libpng (NULL dereference bug), thunderbird (code execution), and seamonkey (multiple vulnerabilities).
SUSE has updated gstreamer-plugins-good (SLE12-SP2: multiple vulnerabilities) and kernel (SLERTE12-SP1: multiple vulnerabilities).