Ubuntu Security Notice 2606-1 – For compatibility reasons, Ubuntu 12.04 LTS shipped OpenSSL with TLSv1.2 disabled when being used as a client. This update re-enables TLSv1.2 by default now that the majority of problematic sites have been updated to fix compatibility issues. For problematic environments, TLSv1.2 can be disabled again by setting the OPENSSL_NO_CLIENT_TLS1_2 environment variable before library initialization. Various other issues were also addressed.

Ubuntu Security Notice 2607-1 – John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. John Lightsey discovered that Module::Signature incorrectly handled files that were not listed in the SIGNATURE file. A remote attacker could use this flaw to execute arbitrary code when tests were run. Various other issues were also addressed.

Debian Linux Security Advisory 3257-1 – Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command.

Slackware Security Advisory – New mariadb packages are available for Slackware 14.1 and -current to fix security issues.

Slackware Security Advisory – New wpa_supplicant packages are available for Slackware 14.0, 14.1, and -current to fix security issues.