LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora
Find the information you need for your favorite open source distribution

To browse through our weekly Linux Advisory Watch newsletters, click here.



Fedora 12 moodle-1.9.7-1.fc12  11 December 2009 
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection in SCORM module The list for 1.8.11 release: ---------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data * MSA-09-0029 - Enabling a password salt in encouraged in config.php and admins are forced to change password after the upgrade * MSA-09-0031 - Fixed SQL injection in SCORM module References: ----------- http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request: ------------ http://www.openwall.com/lists/oss-security/2009/12/06/1
 
Fedora 10 ruby-1.8.6.368-2.fc10  11 December 2009 
Update to 1.8.6 p368 This package also fixes the build failure on arm -gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method (bug 504958, CVE-2009-1904)
 
Fedora 12 ntp-4.2.4p8-1.fc12  11 December 2009 
This update fixes possible DoS with mode 7 packets. (CVE-2009-3563)
 
Fedora 10 moodle-1.9.7-1.fc10  11 December 2009 
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection in SCORM module The list for 1.8.11 release: ---------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data * MSA-09-0029 - Enabling a password salt in encouraged in config.php and admins are forced to change password after the upgrade * MSA-09-0031 - Fixed SQL injection in SCORM module References: ----------- http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request: ------------ http://www.openwall.com/lists/oss-security/2009/12/06/1
 
Fedora 12 kernel-2.6.31.6-166.fc12  10 December 2009 
CVE-2009-4131: EXT4 - fix insufficient permission checking which could result in arbitrary data corruption by a local unprivileged user.
 
Fedora 10 httpd-2.2.14-1.fc10  09 December 2009 
This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555) Note: This update does not fully resolve the issue for HTTPS servers. An attack is still possible in configurations that require a server-initiated renegotiation A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. (CVE-2009-3094) A second flaw was found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. (CVE-2009-3095) See the upstream changes file for further information: http://www.apache.org/dist/httpd/CHANGES_2.2.14
 
Fedora 12 nss-util-3.12.5-1.fc12.1  09 December 2009 
Update to 3.12.5 This update fixes the following security flaw: CVE-2009-3555 TLS: MITM attacks via session renegotiation
 
<< Start < Prev 1 2 3 Next > End >>

Results 1 - 7 of 2634
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.