Mandriva Linux Security Advisory 2014-191 – The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.

Red Hat Security Advisory 2014-1327-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP’s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. Multiple flaws were found in the File Information extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.

Slackware Security Advisory – New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

Slackware Security Advisory – New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

Slackware Security Advisory – New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

Red Hat Security Advisory 2014-1326-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP’s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information extension did not correctly parse certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP’s gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap file.

PayPal’s Service Manager allows for malicious script insertion into emails.

PayPal’s Bill Later finance marketing site suffered from a cross site scripting vulnerability.

WordPress All In One Security and Firewall plugin version 3.8.3 suffers from multiple cross site scripting vulnerabilities.