Six disclosures this week, with three issues unfixed.
Other Security News
I’m not a sysadmin so I don’t pay as close attention to disclosures in the rest of the stack as I do disclosures in the application layer. However, I noticed recently that a buffer overflow vulnerability was disclosed for many versions of PHP which was patched at the end of October. If your institution is like mine, they only patch servers once a month. In this case, the patch was released after the patch window for October, and well before the window for November. I would encourage you to check your institution’s version to see what version you have installed and work with your system administrator(s) to do an emergency patch if you are running a vulnerable version.