Debian: Security Updates for Code Execution and DoS Risks
Aug 24, 2007
•
Anthony Pell
3 - 5 min read
Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.
In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.
LinuxSecurity.com Feature Extras:
Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian: New tcpdump packages fix arbitrary code execution | ||
11th, August, 2007
It was discovered that an integer overflow in the BGP dissector of tcpdump, a powerful tool for network monitoring and data acquisition, may lead to the execution of arbitrary code. advisories/debian/debian-new-tcpdump-packages-fix-arbitrary-code-execution |
||
| Debian: New gpdf packages fix arbitrary code execution | ||
13th, August, 2007
It was discovered that an integer overflow in xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. advisories/debian/debian-new-gpdf-packages-fix-arbitrary-code-execution |
||
| Debian: New kdegraphics packages fix arbitrary code execution | ||
13th, August, 2007
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. advisories/debian/debian-new-kdegraphics-packages-fix-arbitrary-code-execution-8637 |
||
| Debian: New Linux 2.6.18 packages fix several vulnerabilities | ||
15th, August, 2007
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems below. advisories/debian/debian-new-linux-2618-packages-fix-several-vulnerabilities-45410 |
||
| Fedora Core 6 Update: kernel-2.6.22.1-32.fc6 | ||
9th, August, 2007
The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the Linux kernel before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference. advisories/fedora/fedora-core-6-update-kernel-26221-32fc6-11-57-00-128958 |
||
| Gentoo: ClamAV Denial of Service | ||
9th, August, 2007
A vulnerability has been discovered in ClamAV, allowing for a Denial of Service. |
||
| Gentoo: GD Multiple vulnerabilities | ||
9th, August, 2007
Multiple vulnerabilities have been discovered in GD, allowing for the execution of arbitrary code. |
||
| Gentoo: Net:DNS: Multiple vulnerabilities | ||
11th, August, 2007
Multiple vulnerabilities have been discovered in the Net::DNS Perl module, allowing for a Denial of Service and a cache poisoning attack. |
||
| Gentoo: Xfce Terminal Remote arbitrary code execution | ||
11th, August, 2007
A vulnerability has been discovered in the Xfce Terminal program, allowing for the remote execution of arbitrary code. |
||
| Gentoo: SquirrelMail G/PGP plugin Arbitrary code execution | ||
11th, August, 2007
Multiple vulnerabilities have been discovered in SquirrelMail, allowing for the remote execution of arbitrary code. |
||
| Gentoo: MySQL Denial of Service and information leakage | ||
16th, August, 2007
A Denial of Service vulnerability and a table structure information leakage vulnerability were found in MySQL. |
||
| RedHat: Moderate: kernel security and bugfix update | ||
16th, August, 2007
Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 3 kernel are now available. These new kernel packages contain fixes for the security issues described below: This security advisory has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-kernel-security-and-bugfix-update-61033 |
||
| Slackware: gimp | ||
11th, August, 2007
New gimp packages are available for Slackware 10.2, 11.0, and 12.0 to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2007-2949 |
||
| Slackware: seamonkey | ||
11th, August, 2007
New seamonkey packages are available for Slackware 11.0 and 12.0 to fix various security issues. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/ |
||
| Slackware: xpdf | ||
11th, August, 2007
New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix an integer overflow. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2007-3387 |
||
| Ubuntu: xfce4-terminal vulnerability | ||
13th, August, 2007
Lasse K | ||
PREVIOUS
NEXT
