In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
|
|
| |
Debian: New udev packages fix privilege escalation (Apr 16) |
| |
Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon. http://www.linuxsecurity.com/content/view/148577
|
| |
Debian: New clamav packages fix several vulnerabilities (Apr 15) |
| |
Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit http://www.linuxsecurity.com/content/view/148574
|
| |
Debian: New imp4 packages fix cross-site scripting (Apr 13) |
| |
Several vulnerabilities have been found in imp4, a webmail component for the horde framework. http://www.linuxsecurity.com/content/view/148560
|
| |
Debian: New openjdk-6 packages fix arbitrary code execution (Apr 11) |
| |
Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. http://www.linuxsecurity.com/content/view/148553
|
| |
Debian: New openafs packages potential code execution (Apr 10) |
| |
An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a vulnerability in XDR array decoding. (CVE-2009-1251) http://www.linuxsecurity.com/content/view/148551
|
| |
Debian: New roundup packages fix privilege escalation (Apr 9) |
| |
It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights. http://www.linuxsecurity.com/content/view/148547
|
| |
Debian: New multipath-tools packages fix denial of service (Apr 9) |
| |
It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data. http://www.linuxsecurity.com/content/view/148537
|
|
|
| |
Fedora 10 Update: ghostscript-8.63-6.fc10 (Apr 15) |
| |
This update fixes several security flaws: CVE-2009-0792 (multiple integer overflows and missing upper-bounds checks in icclib), CVE-2009-0196 (missing boundary check in jbig2dec library), and CVE-2008-6679 (buffer overflow in pdfwrite device). http://www.linuxsecurity.com/content/view/148575
|
| |
Fedora 9 Update: ghostscript-8.63-3.fc9 (Apr 15) |
| |
This update fixes several security flaws: CVE-2009-0792 (multiple integer overflows and missing upper-bounds checks in icclib), CVE-2009-0196 (missing boundary check in jbig2dec library), and CVE-2008-6679 (buffer overflow in pdfwrite device). http://www.linuxsecurity.com/content/view/148576
|
| |
Fedora 10 Update: phpMyAdmin-3.1.3.2-1.fc10 (Apr 15) |
| |
Improvements for 3.1.3.2: - [security] Insufficient output sanitizing when generating configuration file http://www.linuxsecurity.com/content/view/148573
|
| |
Fedora 9 Update: phpMyAdmin-3.1.3.2-1.fc9 (Apr 15) |
| |
Improvements for 3.1.3.2: - [security] Insufficient output sanitizing when generating configuration file http://www.linuxsecurity.com/content/view/148572
|
| |
Fedora 9 Update: pam-1.0.4-4.fc9 (Apr 14) |
| |
Update to new minor upstream release. Minor security issue fixes and bug fixes. http://www.linuxsecurity.com/content/view/148565
|
| |
Fedora 10 Update: pam-1.0.4-4.fc10 (Apr 14) |
| |
Update to new minor upstream release. Minor security issue fixes and bug fixes. http://www.linuxsecurity.com/content/view/148564
|
| |
Fedora 10 Update: ntop-3.3.8-3.fc10 (Apr 13) |
| |
Fixed log world-writable when the --access-log-file option is used. http://www.linuxsecurity.com/content/view/148562
|
| |
Fedora 10 Update: pptp-1.7.2-5.fc10 (Apr 9) |
| |
This update corrects the behaviour of pptpsetup when its --delete option is used, retaining the permissions of /etc/ppp/chap-secrets rather than creating a new file that is likely to be world-readable. http://www.linuxsecurity.com/content/view/148545
|
| |
Fedora 10 Update: wordpress-mu-2.6.5-2.fc10 (Apr 9) |
| |
Patch for CVE-2009-1030 http://www.linuxsecurity.com/content/view/148544
|
| |
Fedora 10 Update: argyllcms-1.0.3-4.fc10 (Apr 9) |
| |
Multiple integer overflows and multiple insufficient upper-bounds checks on certain variable sizes were originally discovered in the Ghostscript's International Color Consortium Format Library (icclib). It was found, the original patch, addressing this issue was incomplete. http://www.linuxsecurity.com/content/view/148543
|
| |
Fedora 10 Update: device-mapper-multipath-0.4.8-9.fc10 (Apr 9) |
| |
Fix insecure permissions on multipathd.sock (CVE-2009-0115) http://www.linuxsecurity.com/content/view/148541
|
| |
Fedora 9 Update: device-mapper-multipath-0.4.7-17.fc9 (Apr 9) |
| |
Fix insecure permissions on multipathd.sock (CVE-2009-0115) http://www.linuxsecurity.com/content/view/148542
|
| |
Fedora 10 Update: xine-lib-1.1.16.3-1.fc10 (Apr 9) |
| |
Maintenance release. Fixes two security problems (CVE-2009-0385, CVE-2009-1274) and a few miscellaneous bugs. http://www.linuxsecurity.com/content/view/148540
|
| |
Fedora 9 Update: xine-lib-1.1.16.3-1.fc9 (Apr 9) |
| |
Maintenance release. Fixes two security problems (CVE-2009-0385, CVE-2009-1274) and a few miscellaneous bugs. http://www.linuxsecurity.com/content/view/148538
|
| |
Fedora 9 Update: argyllcms-1.0.3-4.fc9 (Apr 9) |
| |
Multiple integer overflows and multiple insufficient upper-bounds checks on certain variable sizes were originally discovered in the Ghostscript's International Color Consortium Format Library (icclib). It was found, the original patch, addressing this issue was incomplete. http://www.linuxsecurity.com/content/view/148539
|
|
|
| |
Gentoo: F-PROT Antivirus Denial of Service (Apr 14) |
| |
An error in F-PROT Antivirus may lead to a Denial of Service. http://www.linuxsecurity.com/content/view/148570
|
| |
Gentoo: Ventrilo Denial of Service (Apr 14) |
| |
A vulnerability has been discovered in Ventrilo, allowing for a Denial of Service. http://www.linuxsecurity.com/content/view/148569
|
| |
Gentoo: Wicd Information disclosure (Apr 10) |
| |
A vulnerability in Wicd may allow for disclosure of sensitive information. http://www.linuxsecurity.com/content/view/148550
|
|
|
| |
Mandriva: [ MDVSA-2009:092 ] ntp (Apr 13) |
| |
A vulnerability has been found and corrected in ntp: Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution (CVE-2009-0159). http://www.linuxsecurity.com/content/view/148561
|
| |
Mandriva: [ MDVSA-2009:091 ] mod_perl (Apr 12) |
| |
A vulnerability has been found and corrected in mod_perl v1.x and v2.x: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI (CVE-2009-0796). The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/148554
|
| |
Mandriva: [ MDVSA-2009:090 ] php (Apr 10) |
| |
A vulnerability has been found and corrected in PHP: The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function (CVE-2009-1271). http://www.linuxsecurity.com/content/view/148552
|
| |
Mandriva: [ MDVSA-2009:089 ] opensc (Apr 9) |
| |
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. The updated packages fix the issue. http://www.linuxsecurity.com/content/view/148548
|
| |
Mandriva: [ MDVSA-2009:088 ] wireshark (Apr 9) |
| |
Multiple vulnerabilities has been identified and corrected in wireshark. http://www.linuxsecurity.com/content/view/148546
|
|
|
| |
RedHat: Moderate: php security update (Apr 14) |
| |
Updated php packages that fix several security issues are now available for Red Hat Application Stack v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148566
|
| |
RedHat: Moderate: ghostscript security update (Apr 14) |
| |
Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148567
|
| |
RedHat: Moderate: ghostscript security update (Apr 14) |
| |
Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148568
|
|
|
| |
Slackware: seamonkey (Apr 13) |
| |
New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. http://www.linuxsecurity.com/content/view/148563
|
|
|
| |
Ubuntu: Ghostscript vulnerabilities (Apr 15) |
| |
It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2007-6725) http://www.linuxsecurity.com/content/view/148571
|
|
|
| |
Pardus: Mit-kerberos: Multiple (Apr 12) |
| |
There are multiple implementation vulnerabilities in MIT krb5 which can cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. http://www.linuxsecurity.com/content/view/148558
|
| |
Pardus: Ntp: Buffer Overflow (Apr 12) |
| |
Apple discovered a stack-based buffer overflow in the ntpq program. http://www.linuxsecurity.com/content/view/148559
|
| |
Pardus: Lcms: Denial of Service (Apr 12) |
| |
A null pointer dereference flaw was found in the LittleCMS color management system (lcms) in the way lcms performs transformation operations when creating gray input matrix shaper. http://www.linuxsecurity.com/content/view/148556
|
| |
Pardus: Wireshark: Multiple Vulnerabilities (Apr 12) |
| |
Some vulnerabilities have been reported in Wireshark, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system. http://www.linuxsecurity.com/content/view/148557
|
| |
Pardus: Avahi: Denial of Service (Apr 12) |
| |
The avahi-daemon reflector contains a bug that causes packet storms when reflecting legacy unicast mDNS traffic which can cause to a denial of service. http://www.linuxsecurity.com/content/view/148555
|
| |
Pardus: Openssl: Multiple Vulnerabilities (Apr 9) |
| |
Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). http://www.linuxsecurity.com/content/view/148535
|
| |
Pardus: Ejabberd: Cross-site scripting (Apr 9) |
| |
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. http://www.linuxsecurity.com/content/view/148536
|
Only registered users can write comments.
Please login or register.
