There are also some great article extras on LinuxSecurity this week, including info on the release of EnGarde Secure Linux, a review of How Much Does Google Know About You, and much more. Read On!
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
|
|
| |
Debian: New libwmf packages fix denial of service (May 7) |
| |
http://www.linuxsecurity.com/content/view/148807
|
| |
Debian: New ldns packages fix arbitrary code execution (May 7) |
| |
http://www.linuxsecurity.com/content/view/148797
|
| |
Debian: New Linux 2.6.18 packages fix several vulnerabilities (May 6) |
| |
http://www.linuxsecurity.com/content/view/148796
|
| |
Debian: New kdegraphics packages fix multiple vulnerabilities (May 6) |
| |
http://www.linuxsecurity.com/content/view/148793
|
| |
Debian: New drupal6 packages fix multiple vulnerabilities (May 6) |
| |
http://www.linuxsecurity.com/content/view/148792
|
| |
Debian: New moin packages fix cross-site scripting (May 6) |
| |
http://www.linuxsecurity.com/content/view/148789
|
| |
Debian: New xpdf packages fix multiple vulnerabilities (May 5) |
| |
http://www.linuxsecurity.com/content/view/148783
|
| |
Debian: New php5 packages fix several vulnerabilities (May 4) |
| |
http://www.linuxsecurity.com/content/view/148780
|
| |
Debian: New quagga packages fix denial of service (May 4) |
| |
http://www.linuxsecurity.com/content/view/148779
|
| |
Debian: New Linux 2.6.24 packages fix several vulnerabilities (May 2) |
| |
http://www.linuxsecurity.com/content/view/148775
|
| |
Debian: New acpid packages fix denial of service (May 1) |
| |
http://www.linuxsecurity.com/content/view/148765
|
| |
Debian: New wireshark packages fix several vulnerabilities (May 1) |
| |
http://www.linuxsecurity.com/content/view/148762
|
| |
Debian: New freetype packages fix arbitrary code execution (Apr 30) |
| |
http://www.linuxsecurity.com/content/view/148750
|
|
|
| |
Fedora 9 Update: pam_ssh-1.92-10.fc9 (May 2) |
| |
http://www.linuxsecurity.com/content/view/148773
|
| |
Fedora 9 Update: drupal-6.11-1.fc9 (May 2) |
| |
6.11, Fix for SA-CORE-2009-005. See http://drupal.org/node/449078 for more information. Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script. http://www.linuxsecurity.com/content/view/148770
|
| |
Fedora 9 Update: prelude-manager-0.9.14.2-2.fc9 (May 2) |
| |
The configuration file of prelude-manager contains a database password and is world readable. This update restricts permissions to the root account. http://www.linuxsecurity.com/content/view/148771
|
| |
Fedora 10 Update: prelude-manager-0.9.14.2-2.fc10 (May 2) |
| |
The configuration file of prelude-manager contains a database password and is world readable. This update restricts permissions to the root account. http://www.linuxsecurity.com/content/view/148772
|
| |
Fedora 10 Update: pam_ssh-1.92-10.fc10 (May 2) |
| |
http://www.linuxsecurity.com/content/view/148769
|
| |
Fedora 10 Update: drupal-6.11-1.fc10 (May 2) |
| |
6.11, Fix for SA-CORE-2009-005. See http://drupal.org/node/449078 for more information. Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script. http://www.linuxsecurity.com/content/view/148768
|
| |
Fedora 9 Update: bash-completion-1.0-2.fc9 (May 2) |
| |
Update to version 1.0: http://git.debian.org/?p=bash-completion/bash- completion.git;a=blob;f=CHANGES;hb=28cdfc9243da41f5bdb29b7515482354c01438d3 http://www.linuxsecurity.com/content/view/148767
|
| |
Fedora 10 Update: bash-completion-1.0-2.fc10 (May 2) |
| |
Update to version 1.0: http://git.debian.org/?p=bash-completion/bash- completion.git;a=blob;f=CHANGES;hb=28cdfc9243da41f5bdb29b7515482354c01438d3 http://www.linuxsecurity.com/content/view/148766
|
|
|
| |
Gentoo: Asterisk Multiple vulnerabilities (May 2) |
| |
Multiple vulnerabilities have been found in Asterisk allowing for Denial of Service and username disclosure. http://www.linuxsecurity.com/content/view/148774
|
|
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:108 ] zsh (May 7) |
| |
A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell (CVE-2009-1214, CVE-2009-1215). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148801
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:107 ] acpid (May 6) |
| |
The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop (CVE-2009-0798). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148795
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2009:104 ] fuse (May 6) |
| |
FUSE default setup was requiring non privileged users to be added manually to fuse group to be able to use fuse feature and this feature was not available immediatly after fuse package installation. This package updates ensure fuse is now immediatly available after package installation and for all users on the system. http://www.linuxsecurity.com/content/view/148791
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2009:104 ] evolution (May 6) |
| |
FUSE default setup was requiring non privileged users to be added manually to fuse group to be able to use fuse feature and this feature was not available immediatly after fuse package installation. This package updates ensure fuse is now immediatly available after package installation and for all users on the system. http://www.linuxsecurity.com/content/view/148790
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:106 ] libwmf (May 5) |
| |
Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148784
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2009:058 ] SDL12 (May 4) |
| |
The SDL12 package shipped in 2008.1 and 2009.0 have a bug which will cause segment fault error on some games such as ri-li. http://www.linuxsecurity.com/content/view/148781
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:105 ] memcached (May 4) |
| |
The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148777
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:102 ] apache (May 1) |
| |
A vulnerability has been found and corrected in apache: mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request (CVE-2009-1191). This update provides fixes for that vulnerability. http://www.linuxsecurity.com/content/view/148761
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:104 ] udev (Apr 30) |
| |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148756
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:103 ] udev (Apr 30) |
| |
Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185). Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments (CVE-2009-1186). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148755
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2009:103 ] kernel (Apr 30) |
| |
Some problems were discovered and corrected in the Linux 2.6 kernel: Filesystem could become read-only in the event of a I/O retry or path failover of the VMWare ESX Server's SAN or iSCSI storage. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate http://www.linuxsecurity.com/content/view/148754
|
|
|
| |
RedHat: Important: pango security update (May 8) |
| |
Updated pango and evolution28-pango packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148808
|
| |
RedHat: Important: kernel security and bug fix update (May 7) |
| |
Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148800
|
| |
RedHat: Moderate: acpid security update (May 7) |
| |
An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148802
|
| |
RedHat: Moderate: libwmf security update (Apr 30) |
| |
Updated libwmf packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148751
|
| |
RedHat: Important: gpdf security update (Apr 30) |
| |
An updated gpdf package that fixes multiple security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148752
|
| |
RedHat: Important: kernel security and bug fix update (Apr 30) |
| |
Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148753
|
|
|
| |
Slackware: ruby (May 1) |
| |
New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a problem with REXML and other security issues. For details about the REXML issue, see: http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ A full list may be found in the ChangeLog file included with the source code. http://www.linuxsecurity.com/content/view/148757
|
|
|
| |
Ubuntu: libmodplug vulnerabilities (May 7) |
| |
It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. (CVE-2009-1438) Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not correctly handle long instrument names when parsing PAT sample files. If a user or automated system were tricked into opening a crafted PAT file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-1438) http://www.linuxsecurity.com/content/view/148803
|
| |
Ubuntu: MPFR vulnerability (May 7) |
| |
It was discovered that MPFR improperly handled string lengths in its print routines. If a user or automated system were tricked into processing specially crafted data with applications linked against MPFR, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. http://www.linuxsecurity.com/content/view/148804
|
| |
Ubuntu: Pango vulnerability (May 7) |
| |
Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. http://www.linuxsecurity.com/content/view/148805
|
| |
Ubuntu: libwmf vulnerability (May 4) |
| |
Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. http://www.linuxsecurity.com/content/view/148778
|
|
|
| |
Pardus: Memcached: Information Disclosure (May 7) |
| |
Memcached is prone to an information-disclosure weakness that may aid attackers in bypassing Address Space Layout Randomization (ASLR) protections. http://www.linuxsecurity.com/content/view/148799
|
| |
Pardus: Firefox: Multiple Vulnerabilities (May 7) |
| |
Some vulnerabilities, security issues, and a weakness have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially compromise a user's system. http://www.linuxsecurity.com/content/view/148798
|
| |
Pardus: Cups: Multiple Vulnerabilities (May 6) |
| |
Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. http://www.linuxsecurity.com/content/view/148785
|
| |
Pardus: Freetype: Multiple Integer (May 6) |
| |
Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library. http://www.linuxsecurity.com/content/view/148786
|
| |
Pardus: Acpid: Denial of Service (May 6) |
| |
A flaw in how the acpid daemon handles error conditions can force the daemon into an infinite loop by not closing open UNIX sockets, even if the other end of the socket is closed. http://www.linuxsecurity.com/content/view/148787
|
| |
Pardus: Libwmf: Denial of Service (May 6) |
| |
A vulnerability has been reported in libwmf, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. http://www.linuxsecurity.com/content/view/148788
|
| |
Pardus: Libmodplug: Buffer Overflow (May 1) |
| |
A vulnerability has been reported in libmodplug, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. http://www.linuxsecurity.com/content/view/148760
|
| |
Pardus: Poppler: Multiple Vulnerabilities (May 1) |
| |
Multiple vulnerabilities have been reported in Poppler, which can be exploited by malicious people to cause a DoS (Denial of Service). http://www.linuxsecurity.com/content/view/148759
|
| |
Pardus: Ghostscript: Multiple (May 1) |
| |
Some vulnerabilities have been reported in Ghostscript which can be exploited by malicious people to potentially compromise a user's system. http://www.linuxsecurity.com/content/view/148758
|
Only registered users can write comments.
Please login or register.
