Security advisories for Monday

Post Syndicated from ris original http://lwn.net/Articles/710472/rss

Arch Linux has updated curl (two vulnerabilities) and libwmf (multiple vulnerabilities).

Debian has updated libgd2 (denial
of service) and libphp-phpmailer (code execution).

Debian-LTS has updated hdf5
(multiple vulnerabilities), hplip
(man-in-the-middle attack from 2015), kernel (multiple vulnerabilities), libphp-phpmailer (code execution), pgpdump (denial of service), postgresql-common (file overwrites), python-crypto (denial of service), and shutter (code execution from 2015).

Fedora has updated curl (F24:
buffer overflow), cxf (F25: two
vulnerabilities), game-music-emu (F24:
multiple vulnerabilities), libbsd (F25; F24:
denial of service), libpng (F25: NULL
dereference bug), mingw-openjpeg2 (F25; F24:
multiple vulnerabilities), openjpeg2 (F24:
two vulnerabilities), php-zendframework-zend-mail (F25; F24:
parameter injection), springframework (F25:
directory traversal), tor (F25; F24: denial of service), xen (F24: three vulnerabilities), and
zookeeper (F25; F24: buffer overflow).

Gentoo has updated bash (code
execution), busybox (denial of service), chicken (multiple vulnerabilities going back
to 2013), cyassl (multiple vulnerabilities
from 2014), e2fsprogs (code execution from
2015), hdf5 (multiple vulnerabilities), icinga (privilege escalation), libarchive (multiple vulnerabilities, some
from 2015), libjpeg-turbo (code execution),
libotr (code execution), lzo (code execution from 2014), mariadb (multiple unspecified
vulnerabilities), memcached (code
execution), musl (code execution), mutt (denial of service from 2014), openfire (multiple vulnerabilities from 2015),
openvswitch (code execution), pillow (multiple vulnerabilities, two from
2014), w3m (multiple vulnerabilities), xdg-utils (command execution from 2014), and
xen (multiple vulnerabilities).

Mageia has updated mcabber (roster push attack) and tracker (denial of service).

openSUSE has updated firefox
(13.1: multiple vulnerabilities), gd (42.2,
42.1: stack overflow), GNU Health (42.2:
two vulnerabilities), roundcubemail (13.1:
cross-site scripting), kernel (42.1:
information leak), thunderbird (42.2,
42.1, 13.2
; SPH for SLE12:
multiple vulnerabilities), and xen (42.2; 42.1; 13.2: multiple vulnerabilities).

Red Hat has updated ipa (RHEL7:
two vulnerabilities) and rh-nodejs4-nodejs and
rh-nodejs4-http-parser
(RHSCL: multiple vulnerabilities).

Slackware has updated libpng (NULL dereference bug), thunderbird (code execution), and seamonkey (multiple vulnerabilities).

SUSE has updated gstreamer-plugins-good (SLE12-SP2: multiple
vulnerabilities) and kernel (SLERTE12-SP1: multiple vulnerabilities).