CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the “Shellshock” vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.

Debian Linux Security Advisory 3046-1 – It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.

Gentoo Linux Security Advisory 201410-1 – Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition. Versions less than 4.2_p52 are affected.

Debian Linux Security Advisory 3042-1 – Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service.

Debian Linux Security Advisory 3044-1 – Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

Debian Linux Security Advisory 3045-1 – Several vulnerabilities were discovered in qemu, a fast processor emulator.