Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
| |
(Aug 27) |
| |
Security Report Summary
|
| |
(Aug 26) |
| |
Security Report Summary
|
| |
(Aug 20) |
| |
Security Report Summary
|
| |
(Aug 20) |
| |
Security Report Summary
|
|
|
| |
(Aug 27) |
| |
Zend Framework Upstream ChangeLogs: * [Version2.4.7]( ) * [Version2.4.6]( ) * [Version2.4.5]( ) * [Version2.4.4]( ) * [Version2.4.3]( ) * [Version2.4.2]( ) * [Version2.4.1]( ) * [Version2.4.0]( )
|
| |
(Aug 27) |
| |
Zend Framework Upstream ChangeLogs: * [Version2.4.7]( ) * [Version2.4.6]( ) * [Version2.4.5]( ) * [Version2.4.4]( ) * [Version2.4.3]( ) * [Version2.4.2]( ) * [Version2.4.1]( ) * [Version2.4.0]( )
|
| |
(Aug 27) |
| |
Fix for CVE-2015-3225: Potential Denial of Service Vulnerability in Rack -Related rhbz#CVE-2015-3225 New rubygem-rack-1.6.1-1.fc22
|
| |
(Aug 27) |
| |
Security fix for CVE-2015-5475
|
| |
(Aug 27) |
| |
This update provides fixes for vulnerabilities published with openssh-7.0Security fix for CVE-2015-5600
|
| |
(Aug 27) |
| |
## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templatesand internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *deprecated Twig_Template::getEnvironment() * deprecated the _self variable forusage outside of the from and import tags * added Twig_BaseNodeVisitor to easethe compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)* fixed wrong error message when including an undefined template in a childtemplate * added support for variadic filters, functions, and tests * addedsupport for extra positional arguments in macros * added ignore_missing flag tothe source function * fixed batch filter with zero items * deprecatedTwig_Environment::clearTemplateCache() * fixed sandbox disabling when using theinclude function
|
| |
(Aug 27) |
| |
Zend Framework Upstream ChangeLogs: * [Version2.4.7]( ) * [Version2.4.6]( ) * [Version2.4.5]( ) * [Version2.4.4]( ) * [Version2.4.3]( ) * [Version2.4.2]( ) * [Version2.4.1]( ) * [Version2.4.0]( )
|
| |
(Aug 27) |
| |
Zend Framework Upstream ChangeLogs: * [Version2.4.7]( ) * [Version2.4.6]( ) * [Version2.4.5]( ) * [Version2.4.4]( ) * [Version2.4.3]( ) * [Version2.4.2]( ) * [Version2.4.1]( ) * [Version2.4.0]( )
|
| |
(Aug 27) |
| |
## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templatesand internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *deprecated Twig_Template::getEnvironment() * deprecated the _self variable forusage outside of the from and import tags * added Twig_BaseNodeVisitor to easethe compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)* fixed wrong error message when including an undefined template in a childtemplate * added support for variadic filters, functions, and tests * addedsupport for extra positional arguments in macros * added ignore_missing flag tothe source function * fixed batch filter with zero items * deprecatedTwig_Environment::clearTemplateCache() * fixed sandbox disabling when using theinclude function
|
| |
(Aug 27) |
| |
## 6.x-1.17 Fixes #2516976: Fix security issue and make release to bring backD6 releases.
|
| |
(Aug 27) |
| |
Security fix for CVE-2015-5475
|
| |
(Aug 27) |
| |
Update to rest-client 1.8.0.
|
| |
(Aug 27) |
| |
Updated to 7.39 * [Release notes](https://www.drupal.org/drupal-7.39-release-notes) * [Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003](https://www.drupal.org/SA-CORE-2015-003)
|
| |
(Aug 27) |
| |
This release fixes a heap overflow when compiling certain regular expressionswith named refecences. This release fixes buffer overflows when compilingcertain expressions.
|
| |
(Aug 26) |
| |
Update to 10.0.21
|
| |
(Aug 25) |
| |
Security fix for CVE-2015-5475
|
| |
(Aug 23) |
| |
* Rebased to version 2.4.0 * Support for virtio-gpu, 2D only * Support forvirtio-based keyboard/mouse/tablet emulation * x86 support for memory hot-unplug* ACPI v5.1 table support for 'virt' board * CVE-2015-3209: pcnet: multi-tmdbuffer overflow in the tx path (bz #1230536) * CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728) * CVE-2015-5158: scsi stack buffer overflow(bz #1246025) * CVE-2015-5154: ide: atapi: heap overflow during I/O buffermemory access (bz #1247141) * CVE-2015-5165: rtl8139 uninitialized heap memoryinformation leakage to guest (bz #1249755) * CVE-2015-5166: BlockBackend objectuse after free issue (bz #1249758) * CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160)
|
| |
(Aug 22) |
| |
Zend Framework Upstream ChangeLog: * [Version2.4.7]( ) * [Version2.4.6]( ) * [Version2.4.5]( ) * [Version2.4.4]( ) * [Version2.4.3]( ) * [Version2.4.2]( ) * [Version2.4.1]( ) * [Version2.4.0]( )
|
| |
(Aug 22) |
| |
Zend Framework Upstream ChangeLog: * [Version2.4.7]( ) * [Version2.4.6]( ) * [Version2.4.5]( ) * [Version2.4.4]( ) * [Version2.4.3]( ) * [Version2.4.2]( ) * [Version2.4.1]( ) * [Version2.4.0]( )
|
| |
(Aug 20) |
| |
* denial of service in glob_()
|
| |
(Aug 20) |
| |
Update to 10.0.21
|
| |
(Aug 20) |
| |
Update to 10.0.21
|
|
|
| |
Red Hat: 2015:1693-01: firefox: Critical Advisory (Aug 27) |
| |
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1682-01: thunderbird: Important Advisory (Aug 25) |
| |
An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1685-01: python-keystoneclient: Moderate Advisory (Aug 25) |
| |
Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1686-01: python-django: Moderate Advisory (Aug 25) |
| |
Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1683-01: qemu-kvm-rhev: Moderate Advisory (Aug 25) |
| |
Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1684-01: openstack-swift: Moderate Advisory (Aug 25) |
| |
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1681-01: openstack-swift: Moderate Advisory (Aug 24) |
| |
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate [More...]
|
| |
Red Hat: 2015:1678-01: python-django: Moderate Advisory (Aug 24) |
| |
Updated python-django packages that fix a security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6. Red Hat Product Security has rated this update as having Moderate [More...]
|
| |
Red Hat: 2015:1679-01: python-django-horizon: Moderate Advisory (Aug 24) |
| |
Updated python-django-horizon packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1676-01: redis: Moderate Advisory (Aug 24) |
| |
Updated redis packages that fix a security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1680-01: openstack-neutron: Moderate Advisory (Aug 24) |
| |
Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Red Hat Product Security has rated this update as having a Moderate [More...]
|
| |
Red Hat: 2015:1675-01: libunwind: Low Advisory (Aug 24) |
| |
Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security [More...]
|
| |
Red Hat: 2015:1674-01: qemu-kvm-rhev: Moderate Advisory (Aug 24) |
| |
Updated qemu-kvm-rhev packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1665-01: mariadb: Moderate Advisory (Aug 24) |
| |
Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1666-01: httpd24-httpd: Moderate Advisory (Aug 24) |
| |
Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1667-01: httpd: Moderate Advisory (Aug 24) |
| |
Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1668-01: httpd: Moderate Advisory (Aug 24) |
| |
Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1664-01: nss: Moderate Advisory (Aug 24) |
| |
Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1657-01: rh-ruby22-ruby: Important Advisory (Aug 24) |
| |
Updated rh-ruby22-ruby packages that fix one security issue are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1650-01: openshift: Important Advisory (Aug 21) |
| |
Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1647-01: mariadb55-mariadb: Moderate Advisory (Aug 20) |
| |
Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1646-01: rh-mariadb100-mariadb: Important Advisory (Aug 20) |
| |
Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security [More...]
|
|
|
| |
(Aug 21) |
| |
New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix security issues. IMPORTANT: On Slackware 14.0, install the new updated nettle package first. [More Info...]
|
|
|
| |
Ubuntu: 2723-1: Firefox vulnerabilities (Aug 27) |
| |
Firefox could be made to crash or run programs as your login if itopened a malicious website.
|
| |
Ubuntu: 2725-1: cups-filters vulnerability (Aug 27) |
| |
cups-filters would allow unintended access to printers over the network.
|
| |
Ubuntu: 2724-1: QEMU vulnerabilities (Aug 27) |
| |
Several security issues were fixed in QEMU.
|
| |
Ubuntu: 2722-1: GDK-PixBuf vulnerability (Aug 26) |
| |
GDK-PixBuf could be made to crash or run programs as your login if itopened a specially crafted file.
|
| |
Ubuntu: 2712-1: Thunderbird vulnerabilities (Aug 25) |
| |
Several security issues were fixed in Thunderbird.
|
| |
Ubuntu: 2702-3: Firefox regression (Aug 20) |
| |
USN-2702-1 introduced a regression in Firefox.
|
| |
Ubuntu: 2721-1: Subversion vulnerabilities (Aug 20) |
| |
Several security issues were fixed in Subversion.
|
