LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: March 16th, 2010
Linux Advisory Watch: March 14th, 2010
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: July 6th, 2009 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for xorg-x11-xfs, modsecurity, libwmf, wireshark, apache, phpMyAdmin, Ruby, kde4, timezone, imap, php, ruby, openswan, pidgin, seamonkey, ghostscript, mozilla-thunderbird, perl, nagios, samba, and tiff. The distributors include Gentoo, Mandriva, Red Hat, Slackware, SuSE, Ubuntu, and Pardus.

Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.

In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.

LinuxSecurity.com Feature Extras:

Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.

A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

  EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
 

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

http://www.linuxsecurity.com/content/view/145668
  Fedora 9 Update: xorg-x11-xfs-1.0.5-2.1.fc9 (Jul 2)
 

http://www.linuxsecurity.com/content/view/149289
  Fedora 10 Update: xorg-x11-xfs-1.0.5-3.1.fc10 (Jul 2)
 

http://www.linuxsecurity.com/content/view/149290
  Gentoo: ModSecurity Denial of Service (Jul 2)
 

=3D=3D=3D=3D=3D=3D=3D=3D Two vulnerabilities in ModSecurity might lead to a Denial of Service.

http://www.linuxsecurity.com/content/view/149300
  Gentoo: libwmf User-assisted execution of arbitrary (Jul 2)
 

=3D=3D=3D=3D=3D=3D=3D=3D libwmf bundles an old GD version which contains a "use-after-free" vulnerability.

http://www.linuxsecurity.com/content/view/149299
  Gentoo: Wireshark Multiple vulnerabilities (Jun 30)
 

=3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service (application crash) or remote code execution.

http://www.linuxsecurity.com/content/view/149283
  Gentoo: Apache Tomcat JK Connector Information (Jun 29)
 

=3D=3D=3D=3D=3D=3D=3D=3D An error in the Apache Tomcat JK Connector might allow for an information disclosure flaw.

http://www.linuxsecurity.com/content/view/149278
  Gentoo: phpMyAdmin Multiple vulnerabilities (Jun 29)
 

=3D=3D=3D=3D=3D=3D=3D=3D Multiple errors in phpMyAdmin might allow the remote execution of arbitrary code or a Cross-Site Scripting attack.

http://www.linuxsecurity.com/content/view/149277
  Gentoo: Ruby Denial of Service (Jun 28)
 

=3D=3D=3D=3D=3D=3D=3D=3D A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack.

http://www.linuxsecurity.com/content/view/149271
  Mandriva: Subject: [Security Announce] [ MDVA-2009:123 ] kde4 (Jul 1)
 

Mandriva Linux 2009 Spring was released with KDE4 version 4.2.2. This update upgrades KDE4 in Mandriva Linux 2009 Spring to version 4.2.4, which brings many bugfixes and overall improvements.

http://www.linuxsecurity.com/content/view/149288
  Mandriva: Subject: [Security Announce] [ MDVA-2009:122 ] timezone (Jun 29)
 

Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information.

http://www.linuxsecurity.com/content/view/149274
  Mandriva: Subject: [Security Announce] [ MDVSA-2009:146 ] imap (Jun 29)
 

Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program (CVE-2008-5005). smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code (CVE-2008-5006). Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow (CVE-2008-5514). The updated packages have been patched to prevent this. Note that the software was renamed to c-client starting from Mandriva Linux 2009.0 and only provides the shared c-client library for the imap functions in PHP.

http://www.linuxsecurity.com/content/view/149273
  Mandriva: Subject: [Security Announce] [ MDVSA-2009:145 ] php (Jun 28)
 

A vulnerability has been found and corrected in PHP: - Fixed upstream bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/149270
  RedHat: Moderate: ruby security update (Jul 2)
 

Updated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149296
  RedHat: Important: openswan security update (Jul 2)
 

Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149294
  RedHat: Moderate: pidgin security and bug fix update (Jul 2)
 

Updated pidgin packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149295
  RedHat: Important: seamonkey security update (Jun 30)
 

Updated seamonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149284
  RedHat: Important: kernel security and bug fix update (Jun 30)
 

Updated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149280
  Slackware: ghostscript (Jun 30)
 

New ghostscript packages are available for Slackware 12.1, 12.2, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792

http://www.linuxsecurity.com/content/view/149279
  Slackware: mozilla-thunderbird (Jun 28)
 

New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html

http://www.linuxsecurity.com/content/view/149269
  SuSE: IBM Java 6 (SUSE-SA:2009:036) (Jul 2)
 

http://www.linuxsecurity.com/content/view/149301
  SuSE: Acrobat Reader (SUSE-SA:2009:035) (Jul 1)
 

http://www.linuxsecurity.com/content/view/149287
  Ubuntu: Perl vulnerability (Jul 2)
 

It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service.

http://www.linuxsecurity.com/content/view/149298
  Ubuntu: Nagios vulnerability (Jul 2)
 

It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.

http://www.linuxsecurity.com/content/view/149297
  Pardus: Samba: Security Bypass (Jun 30)
 

by malicious users to bypass certain security restrictions and by malicious people to potentially compromise a user's system.

http://www.linuxsecurity.com/content/view/149282
  Pardus: Tiff: Buffer Underflow (Jun 30)
 

malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.

http://www.linuxsecurity.com/content/view/149281

Only registered users can write comments.
Please login or register.

Powered by AkoComment!
 
< Prev   Next >
    
Partner:

 
Latest Features
HowTo: Secure your Ubuntu Apache Web Server
Creating Snort Rules with EnGarde
What You Need to Know About Linux Rootkits.
Introduction: Buffer Overflow Vulnerabilities
FTP Attack Case Study Part II: the Lessons
Network Security Audit (Part II)
Measuring Security IT Success
Yesterday's Edition
Google Chrome to do away with unique IDs
How To Harden PHP5 With Suhosin On CentOS 5.4
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2010 Guardian Digital, Inc. All rights reserved.