In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
|
|
| |
Debian: New courier-authlib packages fix regression (Dec 22) |
| |
Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667). http://www.linuxsecurity.com/content/view/146349
|
| |
Debian: New moodle packages fix several vulnerabilities (Dec 22) |
| |
Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution. http://www.linuxsecurity.com/content/view/146340
|
| |
Debian: New avahi packages fix denial of service (Dec 22) |
| |
Two denial of service conditions were discovered in avahi, a Multicast DNS implementation. Huge Dias discovered that the avahi daemon aborts with an assert error if it encounters a UDP packet with source port 0 (CVE-2008-5081). http://www.linuxsecurity.com/content/view/146339
|
| |
Debian: New courier-authlib packages fix SQL injection (Dec 20) |
| |
Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667). http://www.linuxsecurity.com/content/view/146064
|
|
|
| |
Gentoo: VLC Multiple vulnerabilities (Dec 23) |
| |
Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/146362
|
| |
Gentoo: Imlib2 User-assisted execution of arbitrary code (Dec 23) |
| |
A buffer overflow vulnerability has been discovered in Imlib2. http://www.linuxsecurity.com/content/view/146361
|
| |
Gentoo: Ampache Insecure temporary file usage (Dec 23) |
| |
An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. http://www.linuxsecurity.com/content/view/146360
|
| |
Gentoo: ClamAV Multiple vulnerabilities (Dec 23) |
| |
Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. http://www.linuxsecurity.com/content/view/146359
|
| |
Gentoo: PowerDNS Multiple vulnerabilities (Dec 19) |
| |
Two vulnerabilities have been discovered in PowerDNS, possibly leading to a Denial of Service and easing cache poisoning attacks. http://www.linuxsecurity.com/content/view/146062
|
|
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2008:241 ] mailscanner (Dec 22) |
| |
Local users can use symlink attacks throughout a flaw on trend-autoupdate script of MailScanner by using /tmp/opr.ini.##### or /tmp/lpt temporary file (CVE-2008-5140). http://www.linuxsecurity.com/content/view/146348
|
|
|
| |
RedHat: Critical: flash-plugin security update (Dec 19) |
| |
An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/146061
|
| |
RedHat: Important: java-1.4.2-bea security update (Dec 18) |
| |
java-1.4.2-bea as shipped in Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/146053
|
| |
RedHat: Important: java-1.5.0-bea security update (Dec 18) |
| |
java-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/146054
|
| |
RedHat: Important: java-1.6.0-bea security update (Dec 18) |
| |
java-1.6.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used.This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/146055
|
|
|
| |
Slackware: mozilla-firefox (Dec 18) |
| |
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. http://www.linuxsecurity.com/content/view/146060
|
|
|
| |
Ubuntu: OpenOffice.org Internationalization update (Dec 23) |
| |
USN-677-1 fixed vulnerabilities in OpenOffice.org. The changes required that openoffice.org-l10n also be updated for the new version in Ubuntu 8.04 LTS. Original advisory details: Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2008-2237, CVE-2008-2238) http://www.linuxsecurity.com/content/view/146358
|
| |
Ubuntu: Nagios vulnerabilities (Dec 23) |
| |
It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028) http://www.linuxsecurity.com/content/view/146351
|
| |
Ubuntu: Blender vulnerabilities (Dec 22) |
| |
It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102) http://www.linuxsecurity.com/content/view/146342
|
| |
Ubuntu: Nagios3 vulnerabilities (Dec 22) |
| |
It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028) http://www.linuxsecurity.com/content/view/146343
|
| |
Ubuntu: Imlib2 vulnerability (Dec 22) |
| |
It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/146344
|
| |
Ubuntu: Nagios vulnerability (Dec 22) |
| |
It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands. http://www.linuxsecurity.com/content/view/146345
|
|
|
| |
Pardus: Perl Symlink Attack (Dec 24) |
| |
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack. http://www.linuxsecurity.com/content/view/146388
|
| |
Pardus: Mplayer Buffer Overflow (Dec 24) |
| |
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer allows remote attackers to execute arbitrary code via a malformed TwinVQ file. http://www.linuxsecurity.com/content/view/146387
|
| |
Pardus: Flashplugin System access Vulnerability (Dec 23) |
| |
A vulnerability has been reported in Adobe Flash Player, which potentially can be exploited by malicious people to compromise a user's system. http://www.linuxsecurity.com/content/view/146357
|
| |
Pardus: Thunderbird Multiple Vulnerabilities (Dec 23) |
| |
Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. http://www.linuxsecurity.com/content/view/146356
|
| |
Pardus: Firefox Multiple Vulnerabilities (Dec 23) |
| |
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. http://www.linuxsecurity.com/content/view/146355
|
| |
Pardus: Sun-JDK Multiple Vulnerabilities (Dec 23) |
| |
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system. http://www.linuxsecurity.com/content/view/146354
|
| |
Pardus: Avahi Denial of Service Vulnerability (Dec 23) |
| |
The vulnerability is caused due to an error when processing multicast DNS (mDNS) data and can be exploited to terminate the application via an UDP packet having a source port equal to zero. http://www.linuxsecurity.com/content/view/146353
|
| |
Pardus: Php Multiple Vulnerabilities (Dec 23) |
| |
Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. http://www.linuxsecurity.com/content/view/146352
|
| |
Pardus: Git Privilege Escalation (Dec 23) |
| |
A security issue has been reported in GIT, which can be exploited by malicious, local users to gain escalated privileges. http://www.linuxsecurity.com/content/view/146389
|
Only registered users can write comments.
Please login or register.
