Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Oct 20) |
|
Security Report Summary
|
|
(Oct 18) |
|
Security Report Summary
|
|
(Oct 16) |
|
Security Report Summary
|
|
(Oct 16) |
|
Security Report Summary
|
|
|
|
Mandriva: 2014:202: php (Oct 23) |
|
A vulnerability has been discovered and corrected in php: A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code [More...]
|
|
Mandriva: 2014:201: kernel (Oct 21) |
|
Multiple vulnerabilities has been found and corrected in the Linux kernel: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, [More...]
|
|
Mandriva: 2014:200: bugzilla (Oct 21) |
|
Updated bugzilla packages fix security vulnerabilities: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group (CVE-2014-1571). [More...]
|
|
Mandriva: 2014:199: perl (Oct 21) |
|
Updated perl and perl-Data-Dumper packages fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service (stack [More...]
|
|
Mandriva: 2014:198: mediawiki (Oct 21) |
|
Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199). [More...]
|
|
Mandriva: 2014:197: python (Oct 21) |
|
Updated python packages fix security vulnerability: Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185). [More...] _______________________________________________________________________
|
|
Mandriva: 2014:196: rsyslog (Oct 21) |
|
Updated rsyslog packages fix security vulnerability: Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted [More...]
|
|
|
|
Red Hat: 2014:1691-01: openstack-packstack: Important Advisory (Oct 22) |
|
Updated openstack-packstack packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
|
|
Red Hat: 2014:1690-01: python-backports-ssl_match_hostname: Low Advisory (Oct 22) |
|
An updated python-backports-ssl_match_hostname package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
|
|
Red Hat: 2014:1689-01: openstack-nova: Important Advisory (Oct 22) |
|
Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
|
|
Red Hat: 2014:1688-01: openstack-keystone: Important Advisory (Oct 22) |
|
Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
|
|
Red Hat: 2014:1686-01: openstack-neutron: Moderate Advisory (Oct 22) |
|
Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1685-01: openstack-glance: Moderate Advisory (Oct 22) |
|
Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1687-02: openstack-heat: Moderate Advisory (Oct 22) |
|
Updated openstack-heat packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
|
|
Red Hat: 2014:1677-01: wireshark: Moderate Advisory (Oct 21) |
|
Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1676-01: wireshark: Moderate Advisory (Oct 21) |
|
Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1669-02: qemu-kvm: Low Advisory (Oct 20) |
|
Updated qemu-kvm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security [More...]
|
|
Red Hat: 2014:1671-01: rsyslog5 and rsyslog: Moderate Advisory (Oct 20) |
|
Updated rsyslog5 and rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1658-01: java-1.6.0-sun: Important Advisory (Oct 16) |
|
Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1657-01: java-1.7.0-oracle: Critical Advisory (Oct 16) |
|
Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
Red Hat: 2014:1655-01: libxml2: Moderate Advisory (Oct 16) |
|
Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1654-01: rsyslog7: Important Advisory (Oct 16) |
|
Updated rsyslog7 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1653-01: openssl: Moderate Advisory (Oct 16) |
|
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1652-01: openssl: Important Advisory (Oct 16) |
|
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. [More...]
|
|
|
|
(Oct 20) |
|
New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
|
|
|
|
Ubuntu: 2388-1: OpenJDK 7 vulnerabilities (Oct 22) |
|
Several security issues were fixed in OpenJDK 7.
|
|
Ubuntu: 2387-1: pollinate update (Oct 22) |
|
The certificate bundled with pollinate has been refreshed.
|
|
Ubuntu: 2386-1: OpenJDK 6 vulnerabilities (Oct 16) |
|
Several security issues were fixed in OpenJDK 6.
|
|
Ubuntu: 2385-1: OpenSSL vulnerabilities (Oct 16) |
|
Several security issues were fixed in OpenSSL.
|
