LWN.net's Journal

Security updates for Wednesday

Arch Linux has updated bind (denial of service), pacman (man-in-the-middle attack), and qemu (multiple vulnerabilities).

CentOS has updated bind (C7; C5: denial of service) and bind97 (C5: denial of service).

Debian has updated bind9 (denial of service).

Debian-LTS has updated apache2 (denial of service) and bind9 (denial of service).

Fedora has updated elfutils (F21: unspecified vulnerabilities), haproxy (F22; F21: information leak), hplip (F22: man-in-the-middle attack), libidn (F22; F21: information disclosure), php (F21: multiple vulnerabilities), roundcubemail (F22; F21: multiple vulnerabilities), subversion (F21: multiple vulnerabilities), and wpa_supplicant (F22: denial of service).

Mageia has updated ansible (MG4,5: two vulnerabilities), freeradius (MG4,5: insufficient certificate verification), openssh (MG4,5: authentication limits bypass), python-django (MG4,5: multiple vulnerabilities), and springframework (MG5: denial of service).

Oracle has updated bind (OL7; OL5: denial of service) and bind97 (OL5: denial of service).

Red Hat has updated bind (RHEL6,7; RHEL5: denial of service), bind97 (RHEL5: denial of service), and qemu-kvm-rhev (RHOSP5,6: two vulnerabilities).

Scientific Linux has updated bind (SL5: denial of service) and bind97 (SL5: denial of service).

Slackware has updated bind (denial of service).

SUSE has updated bind (SLE12; SLE11SP3,4: denial of service).

Ubuntu has updated bind9 (15.04, 14.04, 12.04: denial of service) and qemu (15.04, 14.04: multiple vulnerabilities).