Debian has updated davfs2 (privilege escalation).
openSUSE has updated flash-player (11.4: multiple vulnerabilities).
Red Hat has updated openstack-neutron (OSP4.0: two vulnerabilities).
SUSE has updated firefox (SLE10SP4, SLE10SP3: multiple vulnerabilities), kernel (SLE11SP3; SLE11SP3; SLE11SP3; SLERTE11SP3; SLERTE11SP3: many vulnerabilities, including one from 2012), and lzo (SLE11SP3: denial of service/possible code execution).
Ubuntu has updated EC2 kernel (10.04: three vulnerabilities), kernel (14.04; 13.10; 12.04; 10.04: multiple vulnerabilities), linux-lts-quantal (12.04: multiple vulnerabilities), linux-lts-raring (12.04: multiple vulnerabilities), linux-lts-saucy (12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), and mysql-5.5 (14.04, 12.04: unidentified vulnerabilities).
Genealogy is a fairly popular pursuit, and those wishing to use open-source software in their hobby have their choice cut-out for them—Gramps is the only complete, actively-developed free-software solution. The project was started in 2001 and initially known as GRAMPS; the first stable release was in 2004. The latest, version 4.1.0 ("Name go in book") was released on June 18.
Fedora has updated libXfont (F20: multiple vulnerabilities).
openSUSE has updated flash-player (13.1, 12.3: multiple vulnerabilities).
SUSE has updated struts (code execution).
Ubuntu has updated file (14.04, 13.10, 12.04, 10.04: multiple vulnerabilities), libav (13.10, 12.04: code execution), miniupnpc (14.04, 13.10, 12.04: denial of service), and transmission (14.04, 13.10, 12.04: code execution).
Update: This issue has been fixed in LibreSSL 2.0.2.
Subscribers can check out the next article in guest author Michael Kerrisk's series by clicking below.
[Michael] Mapbox is "running a business like you would run an open source project." Can you elaborate on what that means?
[Justin] This is the meat of my talk, but basically, the organization is flat and open. People join in on projects based on interest and available time, or start their own projects based on an idea and the ability to convince a couple coworkers that it's a worthwhile effort. If you have an idea for improvement, talk is cheap and putting in the code to demonstrate its potential is preferred. It's a very exciting way to choose direction and participation and lets everyone engage based on their interests and skill set. And nearly everything we write, anything that's easily reusable by someone else, is completely open source.
Fedora has updated claws-mail (F20: code execution), claws-mail-plugins (F20: code execution), docker-io (F20; F19: privilege escalation), openstack-nova (F20: privilege escalation), and pnp4nagios (F20; F19: cross-site scripting).
openSUSE has updated python (13.1, 12.3: missing boundary check).
Slackware has updated php (multiple vulnerabilities).
OpenBSD Journal is reporting that the first release of LibreSSL Portable is available for download from OpenBSD project servers. LibreSSL is the OpenSSL fork started in April by members of the OpenBSD development community after the "Heartbleed" vulnerability; the "Portable" version is designed to run on operating systems other than OpenBSD itself, including Linux. The announcement calls this release "an initial release to allow the community to start using and providing feedback;" it is tagged as version 2.0.0.