In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
|
|
| |
Debian: New weechat packages fix denial of service (Mar 18) |
| |
Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. http://www.linuxsecurity.com/content/view/148293
|
| |
Debian: New libtk-img packages fix arbitrary code execution (Mar 17) |
| |
Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform graphical toolkit, which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/148285
|
| |
Debian: New libsnd packages fix arbitrary code execution (Mar 15) |
| |
Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution. http://www.linuxsecurity.com/content/view/148268
|
| |
Debian: New psi packages fix denial of service (Mar 14) |
| |
Jesus Olmos Gonzalez discovered that an integer overflow in the PSI Jabber client may lead to remote denial of service. http://www.linuxsecurity.com/content/view/148266
|
| |
Debian: New yaws packages fix denial of service (Mar 14) |
| |
It was discovered that yaws, a high performance HTTP 1.1 webserver, is prone to a denial of service attack via a request with a large HTTP header. http://www.linuxsecurity.com/content/view/148265
|
| |
Debian: New mldonkey packages fix information disclosure (Mar 13) |
| |
It has been discovered that mldonkey, a client for several P2P networks, allows attackers to download arbitrary files using crafted requests to the HTTP console. http://www.linuxsecurity.com/content/view/148262
|
|
|
| |
Fedora 9 Update: opensc-0.11.7-1.fc9 (Mar 18) |
| |
Security update fixing CVE-2008-3972, CVE-2008-2235, and CVE-2009-0368. http://www.linuxsecurity.com/content/view/148301
|
| |
Fedora 9 Update: evolution-data-server-2.22.3-3.fc9 (Mar 18) |
| |
This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) http://www.linuxsecurity.com/content/view/148298
|
| |
Fedora 10 Update: opensc-0.11.7-1.fc10 (Mar 18) |
| |
Security update fixing CVE-2009-0368. http://www.linuxsecurity.com/content/view/148299
|
| |
Fedora 10 Update: evolution-data-server-2.24.5-4.fc10 (Mar 18) |
| |
This update fixes two security issues: Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) http://www.linuxsecurity.com/content/view/148297
|
| |
Fedora 9 Update: wireshark-1.0.6-1.fc9 (Mar 16) |
| |
Minor security issues are fixed in new version of wireshark. Security-related bugs in the Tektronix K12 and NetScreen file formats have been fixed. http://www.linuxsecurity.com/content/view/148277
|
| |
Fedora 10 Update: mldonkey-3.0.0-1.fc10 (Mar 16) |
| |
* Fix local file access bug in internal http server * Optimized implementation of the ip_set module http://www.linuxsecurity.com/content/view/148276
|
| |
Fedora 9 Update: mldonkey-3.0.0-1.fc9 (Mar 16) |
| |
* Fix local file access bug in internal http server * Optimized implementation of the ip_set module http://www.linuxsecurity.com/content/view/148275
|
| |
Fedora 10 Update: mod_security-2.5.9-1.fc10 (Mar 13) |
| |
Security fixes for potential denials of service when using PDF XSS protection as well as when parsing multipart requests. http://www.linuxsecurity.com/content/view/148260
|
| |
Fedora 10 Update: pdfjam-1.21-1.fc10 (Mar 13) |
| |
PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues. http://www.linuxsecurity.com/content/view/148257
|
| |
Fedora 9 Update: mod_security-2.5.9-1.fc9 (Mar 13) |
| |
Security fixes for potential denials of service when using PDF XSS protection as well as when parsing multipart requests. http://www.linuxsecurity.com/content/view/148258
|
| |
Fedora 9 Update: pdfjam-1.21-1.fc9 (Mar 13) |
| |
PDFjam scripts previously create temporary files with predictable names, and are also susceptible to the search path being modified. This update fixes the two issues. http://www.linuxsecurity.com/content/view/148259
|
|
|
| |
Gentoo: phpMyAdmin Multiple vulnerabilities (Mar 18) |
| |
Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which may allow for remote code execution. http://www.linuxsecurity.com/content/view/148304
|
| |
Gentoo: libcdaudio User-assisted execution of arbitrary (Mar 17) |
| |
A vulnerability in libcdaudio might allow for the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/148291
|
| |
Gentoo: Opera Multiple vulnerabilities (Mar 16) |
| |
Multiple vulnerabilities were found in Opera, the worst of which allow for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/148284
|
| |
Gentoo: BlueZ Arbitrary code execution (Mar 16) |
| |
Insufficient input validation in BlueZ may lead to arbitrary code execution or a Denial of Service. http://www.linuxsecurity.com/content/view/148282
|
| |
Gentoo: libpng Multiple vulnerabilities (Mar 15) |
| |
Multiple vulnerabilities were found in libpng, which might result in the execution of arbitrary code http://www.linuxsecurity.com/content/view/148267
|
| |
Gentoo: ProFTPD Multiple vulnerabilities (Mar 12) |
| |
Two vulnerabilities in ProFTPD might allow for SQL injection attacks. http://www.linuxsecurity.com/content/view/148252
|
| |
Gentoo: TMSNC Execution of arbitrary code (Mar 12) |
| |
A buffer overflow in TMSNC might lead to the execution of arbitrary code when processing an instant message. http://www.linuxsecurity.com/content/view/148248
|
|
|
| |
Mandriva: [ MDVA-2009:044 ] module-init-tools (Mar 18) |
| |
This stable update fixes a bug in depmod which may cause the corruption of the modules.dep file when triggered. (#46884) http://www.linuxsecurity.com/content/view/148307
|
| |
Mandriva: [ MDVA-2009:043 ] module-init-tools (Mar 18) |
| |
This stable update for module-init-tools fixes a number of problems found since the initial Mandriva Linux 2009 release. http://www.linuxsecurity.com/content/view/148306
|
| |
Mandriva: [ MDVA-2009:042 ] rpmdrake (Mar 18) |
| |
This update fixes several minor issues with rpmdrake. http://www.linuxsecurity.com/content/view/148305
|
| |
Mandriva: [ MDVA-2009:018-1 ] clamav (Mar 18) |
| |
This update fixes several issues with clamav. http://www.linuxsecurity.com/content/view/148295
|
| |
Mandriva: [ MDVA-2009:041 ] php (Mar 17) |
| |
The previous fix for addressing Bug 43486 (XML parsing ignores encoded elements in character data (e.g. > < etc.)) broke the php-wddx extension. This bugfix release uses backported upstream fixes for both php and libxml2 to address the following Mandriva bugs: http://www.linuxsecurity.com/content/view/148287
|
| |
Mandriva: [ MDVSA-2009:076 ] avahi (Mar 13) |
| |
A security vulnerability has been identified and fixed in avahi which could allow remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet (CVE-2009-0758). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148264
|
| |
Mandriva: [ MDVA-2009:040 ] libdvdread (Mar 13) |
| |
dvdbackup in Mandriva Linux 2009.0 relies on a libdvdread API version older than the one released. This update patches libdvdread for ensuring backwards compatibility. http://www.linuxsecurity.com/content/view/148263
|
| |
Mandriva: [ MDVSA-2009:075 ] firefox (Mar 13) |
| |
Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.7 (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777). This update provides the latest Mozilla Firefox 3.x to correct these issues. http://www.linuxsecurity.com/content/view/148261
|
| |
Mandriva: [ MDVA-2009:039 ] coreutils (Mar 13) |
| |
The coreutils package released with Mandriva Linux 2009 makes use of a syscall unavailable in Xen dom0 kernel. Thus, when used on top of that kernel, the provided programs might fail in non-obvious ways. This update fixes that. http://www.linuxsecurity.com/content/view/148255
|
| |
Mandriva: [ MDVA-2009:038 ] nspluginwrapper (Mar 13) |
| |
Acroread would not react to keyboard input. This update also fixes non working Flash browser plugin using this wrapper in 64bits architecture. http://www.linuxsecurity.com/content/view/148253
|
|
|
| |
RedHat: Moderate: evolution security update (Mar 16) |
| |
Updated evolution packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148274
|
| |
RedHat: Moderate: evolution and evolution-data-server (Mar 16) |
| |
Updated evolution and evolution-data-server packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148273
|
| |
RedHat: Moderate: evolution-data-server security update (Mar 16) |
| |
Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148272
|
| |
RedHat: Moderate: libsoup security update (Mar 16) |
| |
Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148271
|
| |
RedHat: Important: kernel security and bug fix update (Mar 12) |
| |
Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148250
|
| |
RedHat: Moderate: icu security update (Mar 12) |
| |
Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148249
|
|
|
| |
SuSE: dbus-1 (SUSE-SA:2009:013) (Mar 17) |
| |
Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that intended access control for some services was not applied. http://www.linuxsecurity.com/content/view/148289
|
| |
SuSE: Mozilla Firefox (SUSE-SA:2009:012) (Mar 16) |
| |
The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. http://www.linuxsecurity.com/content/view/148269
|
|
|
| |
Ubuntu: Amarok vulnerabilities (Mar 17) |
| |
It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio (.aa) files. If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. http://www.linuxsecurity.com/content/view/148290
|
| |
Ubuntu: FFmpeg vulnerabilities (Mar 16) |
| |
It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. (CVE-2008-4610) It was discovered that FFmpeg did not correctly handle certain parameters when creating DTS streams. If a user were tricked into processing certain commands, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.10. (CVE-2008-4866) It was discovered that FFmpeg did not correctly handle certain malformed DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a crafted DCA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4867) It was discovered that FFmpeg did not correctly handle certain malformed 4X movie (4xm) files. If a user were tricked into opening a crafted 4xm file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0385) http://www.linuxsecurity.com/content/view/148283
|
| |
Ubuntu: GStreamer Base Plugins vulnerability (Mar 16) |
| |
It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/148278
|
| |
Ubuntu: libsoup vulnerability (Mar 16) |
| |
It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/148279
|
| |
Ubuntu: GStreamer Good Plugins vulnerabilities (Mar 16) |
| |
It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample (ctts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0386) It was discovered that GStreamer Good Plugins did not correctly handle malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0387) It was discovered that GStreamer Good Plugins did not correctly handle malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0397) http://www.linuxsecurity.com/content/view/148280
|
| |
Ubuntu: evolution-data-server vulnerability (Mar 16) |
| |
It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/148281
|
|
|
| |
Pardus: System-config-printer: Translation (Mar 18) |
| |
printing for everyone except these users:" and "Deny printing for everyone except these users:" strings. http://www.linuxsecurity.com/content/view/148292
|
Only registered users can write comments.
Please login or register.
