Security advisories for Wednesday

Post Syndicated from ris original http://lwn.net/Articles/702117/rss

Arch Linux has updated bind (denial of service), lib32-openssl (denial of service), and openssl (denial of service).

Debian has updated bind9 (two
denial of service flaws).

Fedora has updated jansson (F24; F23:
denial of service) and openssl (F24: multiple vulnerabilities).

Mageia has updated autotrace
(code execution), firefox/rootcerts/nss
(multiple vulnerabilities), gnutls
(certificate verification bypass), graphicsmagick (multiple vulnerabilities), pdns (three denial of service flaws), thunderbird (multiple vulnerabilities), wget (two vulnerabilities), and zookeeper (buffer overflow).

openSUSE has updated bind
(Leap42.1, 13.2: denial of service), freerdp (Leap42.1; 13.2: two vulnerabilities), and openssl (Leap42.1: multiple vulnerabilities).

Oracle has updated kvm (OL5: two vulnerabilities) and openssl (OL7; OL6: multiple vulnerabilities).

Red Hat has updated bind
(RHEL5,6,7: denial of service), bind97
(RHEL5: denial of service), kernel
(RHEL6.6: information leak), and kvm
(RHEL5: two vulnerabilities).

Slackware has updated bind (denial of service).

SUSE has updated bind (SLE12-SP1; SLES12; SOSC5,
SMP2.1, SM2.1, SLE11-SP4
: denial of service), mariadb (SLE12-SP1; SLES12: SQL injection/privilege escalation),
openssl (SLE12-SP1: multiple
vulnerabilities), and php5 (SLESDK12-SP1,
SLEM12: multiple vulnerabilities).

Ubuntu has updated bind9 (denial
of service) and Pillow (14.04: multiple vulnerabilities).