Apache Qpid’s qpidd up to and including version 0.30 suffers from a denial of service vulnerability.

CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2015-0042-01 – The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python’s SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security.

Red Hat Security Advisory 2015-0043-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel’s SCTP implementation handled the association’s output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

Red Hat Security Advisory 2015-0045-01 – In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5-year life cycle of Production Support for the 4.0 version will end on June 19, 2015. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux OpenStack Platform version 4.0 after June 19, 2015. In addition, technical support through Red Hat’s Global Support Services will no longer be provided after this date. We encourage customers to upgrade to the latest version of Red Hat Enterprise Linux OpenStack Platform as soon as possible. As of the End of Life date, this is expected to be the 6.0 version, based on the upstream Juno release, and will be supported for 3 years. In addition, the 5.0 version will continue to be in the Production Support phase until its End of Life on June 29, 2017. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux OpenStack Platform version.

Red Hat Security Advisory 2015-0047-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Thunderbird did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.

Red Hat Security Advisory 2015-0046-01 – Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.

Ubuntu Security Notice 2470-1 – Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.

Debian Linux Security Advisory 3123-2 – In DSA 3123 the binutils package was updated for several security issues. This update adds rebuilt packages for binutils-mingw-w64, so these will take advantage of the fixes.

Ubuntu Security Notice 2469-1 – Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Various other issues were also addressed.