Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

http://www.linuxsecurity.com/content/view/145668

http://www.linuxsecurity.com/content/view/150761

http://www.linuxsecurity.com/content/view/150746

http://www.linuxsecurity.com/content/view/150740

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

http://www.linuxsecurity.com/content/view/150771

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

http://www.linuxsecurity.com/content/view/150770

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

http://www.linuxsecurity.com/content/view/150769

This update fixes CVE-2009-3639, in which proftpd's mod_tls, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate. This allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority. This update to upstream release 1.3.2b also fixes the following issues recorded in the proftpd bug tracker at bugs.proftpd.org: - Regression causing command-line define options not to work (bug 3221) - Use correct cached user values with "SQLNegativeCache on" (bug 3282) - Slower transfers of multiple small files (bug 3284) - Support MaxTransfersPerHost, MaxTransfersPerUser properly (bug 3287) - Handle symlinks to directories with trailing slashes properly (bug 3297)

http://www.linuxsecurity.com/content/view/150768

This update fixes CVE-2009-3639, in which proftpd's mod_tls, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate. This allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority. This update to upstream release 1.3.2b also fixes the following issues recorded in the proftpd bug tracker at bugs.proftpd.org: - Regression causing command-line define options not to work (bug 3221) - Use correct cached user values with "SQLNegativeCache on" (bug 3282) - Slower transfers of multiple small files (bug 3284) - Support MaxTransfersPerHost, MaxTransfersPerUser properly (bug 3287) - Handle symlinks to directories with trailing slashes properly (bug 3297)

http://www.linuxsecurity.com/content/view/150767

* Tue Oct 27 2009 Jeffrey C. Ollie - 1.6.1.8-1 - Update to 1.6.1.8 to fix bug 531199: - - http://downloads.asterisk.org/pub/security/AST-2009-007.html - - A missing ACL check for handling SIP INVITEs allows a device to make - calls on networks intended to be prohibited as defined by the "deny" - and "permit" lines in sip.conf. The ACL check for handling SIP - registrations was not affected. Other bugs were handled by previous updates, including them here so that bodhi will close them out.

http://www.linuxsecurity.com/content/view/150729

A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS) implementation. Multiple security flaws (integer underflow, invalid pointer dereference, buffer underflow and a denial of service) were found in the way WebKit's FTP parser used to process remote FTP directory listings.

http://www.linuxsecurity.com/content/view/150726

Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300

http://www.linuxsecurity.com/content/view/150725

Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300

http://www.linuxsecurity.com/content/view/150724

A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS) implementation. Multiple security flaws (integer underflow, invalid pointer dereference, buffer underflow and a denial of service) were found in the way WebKit's FTP parser used to process remote FTP directory listings.

http://www.linuxsecurity.com/content/view/150722

A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS) implementation. Multiple security flaws (integer underflow, invalid pointer dereference, buffer underflow and a denial of service) were found in the way WebKit's FTP parser used to process remote FTP directory listings.

http://www.linuxsecurity.com/content/view/150723

Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300

http://www.linuxsecurity.com/content/view/150721

http://www.linuxsecurity.com/content/view/150707

http://www.linuxsecurity.com/content/view/150706

=3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilites in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/150762

perl-URPM can sometimes get confused about which GPG pubkey belong to which media. This update fixes this issue.

http://www.linuxsecurity.com/content/view/150783

SDL_image shipped in Mandriva Linux 2010.0 contains a hidden link on libjpeg62, which is incompatible with libjpeg7 shipped in 2010.0. The hidden link will cause downstream applications such as tuxmath unable to launch. This update fixes this issue.

http://www.linuxsecurity.com/content/view/150782

A bug in pango was preventing correct location of some glyphs when scaling was in effect. This update fixes this issue and enforce version dependency on cairo, which could cause crashes when upgrading Mandriva Linux distribution to release 2010.0.

http://www.linuxsecurity.com/content/view/150781

The version of kino shipped with 2010.0 does not use the soundwrapper system to allow output to legacy OSS sound device in a friendly way (without soundwrapper the first application to use OSS for sound will hog the device and prevent any other apps using sound). This update changes the .desktop file used to launch kino from the menus to ensure that soundwrapper is used. Additionally, this update also provides soundwrapper package in main/updates media, as it is a new dependency required by kino.

http://www.linuxsecurity.com/content/view/150780

This update to drakx-net fixes two issues: - Wireless passwords for WPA networks which contain only hex-parseable characters could be corrupted by conversion to lower-case (#52128) - Pending Interactive Firewall notifications could show in tray even after modifying drakfirewall configuration (#48493) This update fixes these issues.

http://www.linuxsecurity.com/content/view/150775

The aoss script which redirect OSS sound output to Alsa contains an error which makes it fail to preload the correct library. Because of this error, old applications using OSS may fail to play sound if PulseAudio is not used. This update corrects this error.

http://www.linuxsecurity.com/content/view/150764

Tcsh as shipped with Mandriva Linux 2010.0 would abort on startup with the Unknown colorls variable mh. error, caused by inability to handle the MULTIHARDLINK color parameter (bug #53139). This update fixes this issue.

http://www.linuxsecurity.com/content/view/150763

In Amarok of mandriva 2010, the time bar is locked, you cannot seek to a point when listening to a song, this happens because missing gstreamer0.10-plugins-ugly, this phonon-gstreamer update adds this package as dependency fixing the bug. Additionally the gstreamer0.10-plugins-ugly packages are provide to ensure a smooth update.

http://www.linuxsecurity.com/content/view/150757

cyrus-imapd-2.2.13 lacks support for large file systems (LFS) which caused problems and prevented users to have mail boxes larger than 2GB. The cyrus-imapd package has been updated to v2.3.12 to adress this problem.

http://www.linuxsecurity.com/content/view/150749

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue.

Update:

pango for CS3 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.

http://www.linuxsecurity.com/content/view/150742

As mentioned on http://kompozer.net/, KompoZer 0.7.10 doesn't work with GTK 2.14 or higher. This is a update to version 0.8 making it work fine again.

http://www.linuxsecurity.com/content/view/150741

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue.

Update:

pango for CS4 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.

http://www.linuxsecurity.com/content/view/150731

A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software (CVE-2009-2823). This update provides a solution to this vulnerability.

http://www.linuxsecurity.com/content/view/150728

This is a bugfix and maintenance release for php that upgrades php to 5.3.1RC4. Additionally, some packages which require so, have been rebuilt and are being provided as updates.

http://www.linuxsecurity.com/content/view/150727

Vulnerabilities have been discovered and corrected in xine-lib: - Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274) - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698) This update fixes these issues.

http://www.linuxsecurity.com/content/view/150720

Vulnerabilities have been discovered and corrected in ffmpeg: - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file (CVE-2008-3230) - FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. (CVE-2008-4869) - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference (CVE-2009-0385) The updated packages fix this issue.

http://www.linuxsecurity.com/content/view/150719

Vulnerabilities have been discovered and corrected in xine-lib: - xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via mp3 files with metadata consisting only of separators (CVE-2008-5248) - Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274) - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698) This update fixes these issues.

http://www.linuxsecurity.com/content/view/150718

Correct issues with scaled bitmap fonts by properly installing fontconfig.properties and requires a default font (bug #55005).

http://www.linuxsecurity.com/content/view/150716

A vulnerability was discovered and corrected in gimp: Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow (CVE-2009-1570). This update provides a solution to this vulnerability.

http://www.linuxsecurity.com/content/view/150710

This is a maintenance and bugfix release of samba 3.3.x. Major enhancements in Samba 3.3.9 include: o Fix trust relationships to windows 2008 (2008 r2) (bug #6711). o Fix file corruption using smbclient with NT4 server (bug #6606). o Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). o Fix SAMR server for Winbind access (bug #6504).

http://www.linuxsecurity.com/content/view/150709

When accounts are created in MDS, the accounts are created with shadowExpire=0 They should be set with shadowExpire=-1, otherwise new accounts will always warn that they are expired when logging in using the account. This fixes this bug for new accounts created using MDS. It does not fix the problem for existing accounts.

http://www.linuxsecurity.com/content/view/150708

This is a bugfix and maintenance release for squid that upgrades squid to 3.0.STABLE20 and fixes some bugs: An outstanding issue with code 304 and code 200 replies being mixed up has now been resolved. This means requests which need to refresh cache objects will not cause temporary client software failures.

http://www.linuxsecurity.com/content/view/150703

The mod_authnz_ldap module causes a segfault if the apr-util-dbd-ldap package is not installed, this update addresses the problem.

http://www.linuxsecurity.com/content/view/150702

This update ships glibc with fixed preadv/pwritev/fallocate prototypes which are wrong on 32-bit architectures with -D_FILE_OFFSET_BITS=64 on glibc 2.10.1. After installing the update, you must rebuild any application using preadv/pwritev/fallocate built with -D_FILE_OFFSET_BITS=64 on a 32-bit arch.

http://www.linuxsecurity.com/content/view/150701

The x86_64 and i586 development packages had conflicting files and weren't installable in parallel. This update modifies the installation of the conflicting files.

http://www.linuxsecurity.com/content/view/150700

A compilation problem made urlview crash when opening the wanted url. This update fixes the problem.

http://www.linuxsecurity.com/content/view/150697

This update fixes several issues with mdkapplet: - it fixes adding the Restricted media (bug #55320) - it fixes a rare crash (bug #55346) - it forces applying the updates before offering to upgrade to a newer distro - it fixes a crash while upgrading older distributions when perl has been upgraded to a newer version(bug #55090)

http://www.linuxsecurity.com/content/view/150692

Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/150766

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/150747

Updated kernel packages that fix security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/150748

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/150733

Updated samba3x packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/150732

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/150699

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://www.linuxsecurity.com/content/view/150743

http://www.linuxsecurity.com/content/view/150776

http://www.linuxsecurity.com/content/view/150765

http://www.linuxsecurity.com/content/view/150730

http://www.linuxsecurity.com/content/view/150698

It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

http://www.linuxsecurity.com/content/view/150693

Description ========== * CVE-2009-3384: Multiple security flaws (integer underflow, invalid pointer dereference, buffer underflow and a denial of service) were found in the way WebKit's FTP parser used to process remote FTP directory listings. If a remote FTP server issued a specially-crafted FTP command, it could lead to disclosure of sensitive information, denial of service (application crash) or, potentially to execution of arbitrary code, once the command was parsed.

http://www.linuxsecurity.com/content/view/150784

[UPDATE] Same issue was fixed in Pardus 2008

http://www.linuxsecurity.com/content/view/150717