A massive weekend security update pile The pile of security updates has gotten deep enough that it makes sense to
shove them out now. The biggest pile is seemingly Mandriva catching up on
numerous updates for its Mandriva Business Server (MBS) line of products.
Debian has updated
batik (unauthorized file access),
binutils (code execution),
dulwich (code execution),
libxfont (privilege escalation),
php5 (fix regression from previous update),
shibboleth-sp2 (denial of service), and
xerces-c (denial of service).
Fedora has updated
kernel (F21: code execution),
mongodb (F21: denial of service),
python-requests (F21: cookie stealing),
python-urllib3 (F21: cookie stealing),
strongswan (F20, F21: denial of service), and
webkitgtk4 (F21: late certificate
verification).
Mageia has updated
docuwiki (cross-site scripting),
drupal (authentication bypass),
krb5 (denial of service),
python-requests (cookie stealing),
setup (incorrect file protections), and
wireshark (dissector issues).
Mandriva has updated
apache (MBS2: 11 CVEs),
apache-mod_security (MBS2:
restriction bypass),
cifs-utils (MBS2: code execution),
cups (MBS2: six CVEs),
cups-filters (MBS2: nine CVEs),
curl (MBS2: seven CVEs),
dovecot (MBS2: denial of service),
egroupware (MBS2: code execution),
elfutils (MBS2: code execution),
emacs (MBS2: symbolic link vulnerability),
freetype2 (MBS2: 21 CVEs),
gnupg (MBS1, MBS2: five CVEs),
gnutls (MBS2: five CVEs),
imagemagick (MBS2: five CVEs),
jbigkit (MBS2: code execution),
json-c (MBS2: denial of service),
krb5 (MBS1-2: five CVEs),
lcms2 (MBS2: denial of service),
libcap-ng (MBS2: privilege escalation),
libgd (MBS2: denial of service),
libevent (MBS2: code execution),
libjpeg (MBS2: code execution),
libksba (MBS2: denial of service),
liblzo (MBS2: code execution),
libpng (MBS2: memory overwrite),
libpng12 (MBS2: three 2013 CVEs),
libsndfile (MBS2: code execution),
libssh (MBS2: information disclosure
and denial of service),
libssh2 (MBS1, MBS2: MITM vulnerability),
libtasn1 (MBS2: denial of service),
libtiff (MBS2: six CVEs),
libvirt (MBS1, MBS2: denial of service and
information leak),
libvncserver (MBS2: six CVEs),
libxfont (MBS2: six CVEs),
libxml2 (MBS2: denial of service),
lua (MBS2: code execution),
mariadb (MBS2: uncountable
unexplained CVEs),
mpfr (MBS2: code execution),
mutt (MBS2: denial of service),
net-snmp (MBS2: denial of service),
nginx (MBS2: code execution),
nodejs (MBS2: multiple unspecified
vulnerabilities),
not-yet-commons-ssl (MBS2: MITM
vulnerability),
ntp (MBS2: six CVEs),
openldap (MBS1, MBS2: denial of service),
openssh (MBS2: restriction and
authentication bypass),
openvpn (MBS2: denial of service),
patch (MBS2: file overwrite),
pcre (MBS2: denial of service),
perl (MBS2: denial of service),
php (MBS1, MBS2: lots of vulnerabilities),
postgresql (MBS2: twelve CVEs),
ppp (MBS2: privilege escalation),
pulseaudio (MBS2: denial of service),
python-django (MBS2: five CVEs),
python-pillow (MBS2: five CVEs),
python-requests (MBS2: cookie stealing),
php-ZendFramework (MBS2: eight CVEs),
python (MBS2: seven CVEs),
python3 (MBS2: five CVEs),
python-lxml (MBS2: code injection),
python-numpy (MBS2: temporary file vulnerability),
readline (MBS2: symbolic link vulnerability),
rsync (MBS2: denial of service),
rsyslog (MBS2: denial of service),
ruby (MBS2: denial of service),
samba (MBS1, MBS2: code execution and more),
samba4 (MBS2: code execution),
sendmail (MBS2: file descriptor access),
serf (MBS2: MITM vulnerability),
squid (MBS2: five CVEs),
stunnel (MBS2: private key disclosure),
subversion (MBS2: five CVEs),
sudo (MBS2: file disclosure),
tcpdump (MBS2: seven CVEs),
tomcat (MBS2: eight CVEs),
torque (MBS2: kill arbitrary processes),
udisks2 (MBS2: code execution),
unzip (MBS2: code execution),
util-linux (MBS2: command injection),
wpa_supplicant (MBS2: command execution),
wget (MBS2: symbolic link vulnerability),
x11-server (MBS2: thirteen CVEs), and
xlockmore (MBS2: lock bypass).
openSUSE has updated
mercurial (command injection).
SUSE has updated
firefox (SLES10-11: code execution) and
mysql (SLES11: 33 vulnerabilities).