At Google's Pwnium hacking competition, two new security exploits in Chrome OS were demonstrated, while at Pwn2Own a Chrome Web browser problem was found that also impacted Chrome OS. All three problems have now been patched.
Originally, the Motorola DROID line (2013) was set to receive Android 4.4.3 shortly after that version was announced. But due to a security vulnerability that was patched in Android 4.4.4, the company had to wait for the latest version of Android. David Schuster, a member on Motorola’s Software Product Management team, provided the explanation on Google+.
Canonical announced on October 9th, in a security notice, that a new Linux kernel update for its Ubuntu 8.04.4 LTS (Hardy Heron) operating system is available for all users. There's a single kernel vulnerability, (CVE-2012-2136), discovered by various developers, related to the Linux kernel's network TUN/TAP device implementation.
I have the honor of reporting 14.1's first security vulnerability (I think I'm the first). OpenSSH 6.4p1 (sig) has been released to address a memory corruption vulnerability in sshd when using aes*[email protected] ciphers (supported in Slackware 14.1). CVE allocation pending; will update post when assigned.
While trying to address the Shellshock vulnerability on a RHEL6 server I keep running into this issue.
# yum update bash
Loaded plugins: downloadonly, priorities, product-id, replace, rhnplugin, security, subscription-manager
Updating Red Hat repositories.
Setting up Update Process
No Packages marked for Update