Security advisories for Wednesday CentOS has updated php (C7:
multiple vulnerabilities), php53 (C6:
multiple vulnerabilities), resteasy-base
(C7: XML eXternal Entity (XXE) attacks), samba (C7: remote code execution/privilege
escalation), and samba4 (C6: remote code execution/privilege escalation).
Debian has updated reportbug (code execution).
Mageia has updated cups
(privilege escalation), eet (denial of
service), file (denial of service), glibc (multiple vulnerabilities), ipython (code execution), kernel (MG4; MG3:
multiple vulnerabilities), mediawiki
(multiple vulnerabilities), moodle
(multiple vulnerabilities), ocsinventory
(cross-site scripting), php-ZendFramework
(SQL injection), phpmyadmin (multiple
vulnerabilities), polarssl (denial of service), readline (insecure temporary files), and tor (traffic confirmation attack).
Mandriva has updated php
(multiple denial of service attacks) and tor (traffic confirmation attack).
Oracle has updated resteasy-base
(OL7: XML eXternal Entity (XXE) attacks), samba (OL7: remote code execution/privilege
escalation), samba4 (OL6: multiple
vulnerabilities), and yum-updatesd (OL5: bypass RPM package signing restriction).
Red Hat has updated php (RHEL7:
multiple vulnerabilities), php53
(RHEL5&6: multiple vulnerabilities), resteasy-base (RHEL7: XML eXternal Entity
(XXE) attacks), samba (RHEL7: remote code
execution/privilege escalation), and samba4
(RHEL6: remote code execution/privilege escalation).
Scientific Linux has updated php53
and php (SL5&6: multiple vulnerabilities) and samba4 (SL6: remote code execution/privilege escalation).
Ubuntu has updated gpgme1.0 (code
execution) and eglibc (10.04 LTS:
regression in previous update).