|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2013-12-01 22:39:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
After taking a few days to eat too much over the US Thanksgiving holiday, it seemed time to clear the decks for next week by putting out the security advisories that had accumulated over the four days.
Debian has updated links2 (integer overflow), nbd (access restriction bypass), and sup-mail (two command injection flaws).
Fedora has updated kernel (F18: denial of service).
Gentoo has updated cpio (code execution from 2010), namazu (multiple vulnerabilities from 2009 and 2011), okular (code execution from 2010), perl (multiple vulnerabilities from 2008-2011), rssh (two command injections from 2012), and unbound (two denial of service flaws from 2011).
Mageia has updated 389-ds-base (denial of service), busybox (privilege escalation), drupal (multiple vulnerabilities), ganglia-web (cross-site scriptin), gnutls (code execution), graphicsmagick (denial of service), moodle (multiple vulnerabilities), polarssl (insecure private key), quassel (information leak), and subversion (two vulnerabilities).
openSUSE has updated seamonkey (12.3: multiple vulnerabilities), chromium (12.2; 12.3: multiple vulnerabilities), librsvg (12.x: denial of service), nginx (11.4: security restriction bypass), nginx-1.0 (12.2: security restriction bypass), and samba (11.4; 12.x: access restriction bypass).
Oracle has updated evolution (OL6: encrypt to unintended recipient), kernel (OL6: multiple vulnerabilities), kernel (OL6; OL5; OL6; OL5: multiple vulnerabilities), libguestfs (OL6: insecure tmp directory usage), openssh (OL6: denial of service from 2010), python (OL6: man-in-the-middle spoofing vulnerability), qemu-kvm (OL6: multiple vulnerabilities, one from 2012), ruby (OL6: code execution), and xorg-x11-server (OL6: two vulnerabilities).
Ubuntu has updated ruby1.8 and ruby1.9.1 (two vulnerabilities).
