In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
|
|
| |
Debian: New wget packages fix SSL certificate verification weakness (Oct 9) |
| |
http://www.linuxsecurity.com/content/view/150334
|
| |
Debian: New graphicsmagick packages fix several (Oct 7) |
| |
http://www.linuxsecurity.com/content/view/150318
|
| |
Debian: New elinks packages fix arbitrary code execution (Oct 5) |
| |
http://www.linuxsecurity.com/content/view/150296
|
| |
Debian: New mediawiki1.7 packages fix several vulnerabilities (Oct 5) |
| |
http://www.linuxsecurity.com/content/view/150292
|
|
|
| |
Fedora 10 Update: deltarpm-3.4-11.fc10.1 (Oct 8) |
| |
deltarpm prior to the current build ships with a bundled copy of zlib. This version of zlib has a known vulnerability with CVE identifier: CAN-2005-1849 This build of deltarpm patches the program to use the system zlib (which was fixed when the vulnerability was first discovered) instead of the bundled copy. http://www.linuxsecurity.com/content/view/150333
|
| |
Fedora 10 Update: aria2-1.3.1-2.fc10 (Oct 8) |
| |
Fixes CVE-2009-3575, A buffer overflow vulnerability described in more detail at https://bugzilla.redhat.com/show_bug.cgi?id=527827 http://www.linuxsecurity.com/content/view/150332
|
| |
Fedora 11 Update: deltarpm-3.4-17.fc11 (Oct 8) |
| |
deltarpm prior to the current build ships with a bundled copy of zlib. This version of zlib has a known vulnerability with CVE identifier: CAN-2005-1849 This build of deltarpm patches the program to use the system zlib (which was fixed when the vulnerability was first discovered) instead of the bundled copy. http://www.linuxsecurity.com/content/view/150331
|
| |
Fedora 11 Update: thunderbird-3.0-2.7.b4.fc11 (Oct 6) |
| |
http://www.linuxsecurity.com/content/view/150300
|
| |
Fedora 11 Update: sunbird-1.0-0.7.20090715hg.fc11 (Oct 6) |
| |
http://www.linuxsecurity.com/content/view/150301
|
|
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:260 ] imagemagick (Oct 8) |
| |
A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. http://www.linuxsecurity.com/content/view/150329
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:261 ] graphicsmagick (Oct 8) |
| |
A vulnerability has been found and corrected in GraphicsMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow (CVE-2009-1882). This update fixes this vulnerability. http://www.linuxsecurity.com/content/view/150326
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:217-2 ] mozilla-thunderbird (Oct 8) |
| |
A number of security vulnerabilities have been discovered in Mozilla Thunderbird: Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues.
Update:
The previous mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded (#53129). The new packages addresses this problem. http://www.linuxsecurity.com/content/view/150324
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:217-1 ] mozilla-thunderbird (Oct 8) |
| |
A number of security vulnerabilities have been discovered in Mozilla Thunderbird: Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues.
Update:
The mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded (#53129). The new packages addresses this problem. http://www.linuxsecurity.com/content/view/150323
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:259 ] snort (Oct 7) |
| |
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. (CVE-2008-1804) The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/150320
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2009:182 ] gnucash (Oct 7) |
| |
The widget to change a date field in gnucash did not react to keyboard input. This upgrades to the fixed version 2.2.7. http://www.linuxsecurity.com/content/view/150319
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:258 ] openssl (Oct 7) |
| |
A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue. http://www.linuxsecurity.com/content/view/150312
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:257 ] qemu (Oct 6) |
| |
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. (CVE-2008-0928) The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/150311
|
| |
Mandriva: Subject: [Security Announce] [ MDVSA-2009:256 ] dbus (Oct 6) |
| |
A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 (CVE-2009-1189). This update provides a fix for this vulnerability. http://www.linuxsecurity.com/content/view/150310
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2009:181 ] php-pear-Spreadsheet_Excel_Writer (Oct 6) |
| |
The package.xml file contained bad xml which prevented pear-Spreadsheet_Excel_Writer from being registered as installed. This update addresses this problem. http://www.linuxsecurity.com/content/view/150302
|
| |
Mandriva: Subject: [Security Announce] [ MDVA-2009:180 ] x11-driver-video-openchrome (Oct 5) |
| |
The Openchrome driver had an issue where it could cause errors in the PCI bus after returning from DPMS, which could lead to errors in other devices. This new openchrome driver version fixes this problem, so it doesn't interfere with the other PCI devices anymore. http://www.linuxsecurity.com/content/view/150297
|
|
|
| |
RedHat: Moderate: squirrelmail security update (Oct 8) |
| |
An updated squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/150325
|
| |
RedHat: Moderate: postgresql security update (Oct 7) |
| |
Updated postgresql packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/150314
|
|
|
| |
Slackware: samba (Oct 4) |
| |
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906 http://www.linuxsecurity.com/content/view/150290
|
| |
Slackware: php (Oct 4) |
| |
New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293 http://www.linuxsecurity.com/content/view/150291
|
|
|
| |
Ubuntu: Pan vulnerability (Oct 8) |
| |
Pavel Polischouk discovered that Pan incorrectly handled certain data structures. If a user were tricked into viewing malicious nntp data, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. http://www.linuxsecurity.com/content/view/150322
|
| |
Ubuntu: mimeTeX vulnerabilities (Oct 8) |
| |
Chris Evans discovered that mimeTeX incorrectly handled certain long tags. An attacker could exploit this with a crafted mimeTeX expression and cause a denial of service or possibly execute arbitrary code. (CVE-2009-1382) Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. This update fixed the issue by disabling the \input and \counter tags. (CVE-2009-2459) http://www.linuxsecurity.com/content/view/150321
|
| |
Ubuntu: BackupPC vulnerability (Oct 6) |
| |
It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter. http://www.linuxsecurity.com/content/view/150309
|
| |
Ubuntu: Wget vulnerability (Oct 6) |
| |
It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. http://www.linuxsecurity.com/content/view/150308
|
Only registered users can write comments.
Please login or register.
