| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
|
|
| |
Debian: hybserv denial of service (Jan 29) |
| |
Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option. http://www.linuxsecurity.com/content/view/151548
|
| |
Debian: pdns-recursor cache poisoning (Jan 28) |
| |
It was discovered that pdns-recursor, the PowerDNS recursive name server, contains a cache poisoning vulnerability which may allow attackers to trick the server into serving incorrect DNS data (CVE-2009-4010). http://www.linuxsecurity.com/content/view/151538
|
| |
Debian: maildrop regression (Jan 28) |
| |
The latest DSA for maildrop introduced two regressions. The maildrop program stopped working when invoked as a non-root user, such as with postfix. Also, the lenny version dropped a dependency on the courier-authlib package. http://www.linuxsecurity.com/content/view/151537
|
| |
Debian: maildrop privilege escalation (Jan 28) |
| |
Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. http://www.linuxsecurity.com/content/view/151527
|
| |
Debian: ircd-hybrid/ircd-ratbox arbitrary code execution (Jan 27) |
| |
ircd-hybrid/ircd-ratbox integer underflow/denial of service vulnerability http://www.linuxsecurity.com/content/view/151525
|
| |
Debian: lintian multiple vulnerabilities (Jan 27) |
| |
Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them http://www.linuxsecurity.com/content/view/151521
|
| |
Debian: phpgroupware several vulnerabilities (Jan 26) |
| |
http://www.linuxsecurity.com/content/view/151514
|
| |
Debian: python several vulnerabilities (Jan 25) |
| |
http://www.linuxsecurity.com/content/view/151500
|
| |
Debian: dokuwiki several vulnerabilities (Jan 21) |
| |
http://www.linuxsecurity.com/content/view/151483
|
|
|
| |
Mandriva: rootcerts (Jan 28) |
| |
The rootcerts package was added in Mandriva in 2005 and was meant to be updated when nessesary. The provided rootcerts packages has been upgraded using the latest certdata.txt file from the mozilla cvs repository, as of 2009/12/03. In Mandriva a number of additional CA root certificates has been added such as ICP-Brasil (Brazil government CA), cacert.org, IGC/A CA (French government CA). The IGC/A CA one was recently added upstream in the mozilla certdata.txt file. The rootcerts package provides the /etc/pki/tls/certs/ca-bundle.crt file which most sofwares in Mandriva, and where appliable is sharing such as KDE, curl, pidgin, neon, and more. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided. http://www.linuxsecurity.com/content/view/151539
|
| |
Mandriva: evolution (Jan 27) |
| |
Evolution could crash when adding new task to a task list. Those packages fixes this issue and updates Evolution to the latest stable release, bringing performance and stability fixes, as well as additional translations. http://www.linuxsecurity.com/content/view/151526
|
| |
Mandriva: webkit (Jan 27) |
| |
This update brings a new stable version of webkitgtk, and solves the problem with processors without the SSE2 instruction set. It is easy to see if you are suffering from this bug, just try to open some webpage on epiphany Web broswser, it will crash with old webkit version. http://www.linuxsecurity.com/content/view/151523
|
| |
Mandriva: urpmi (Jan 27) |
| |
There was a small typo in the french translation. The update packages addresses this issue. http://www.linuxsecurity.com/content/view/151522
|
| |
Mandriva: mmc Enterprise Server 5.0 (Jan 27) |
| |
This is a bundle of MDS related packages that fixes numerous bugs. http://www.linuxsecurity.com/content/view/151520
|
| |
Mandriva: pciutils 2010.0 (Jan 27) |
| |
This update fixes unaligned access in libpci on some rare hardware which ended in all programs using libldetect to fail with draksound (Bug #56772). http://www.linuxsecurity.com/content/view/151519
|
| |
Mandriva: urpmi 2010.0 (Jan 27) |
| |
This update a bug in urpmi which prevented rpmdrake to install packages a second time (bug #54842) http://www.linuxsecurity.com/content/view/151518
|
| |
Mandriva: kdelibs4 2010.0 (Jan 27) |
| |
Multiple vulnerabilities was discovered and corrected in kdelibs4 http://www.linuxsecurity.com/content/view/151516
|
| |
Mandriva: kdelibs4 2009.1 (Jan 27) |
| |
Multiple vulnerabilities was discovered and corrected in kdelibs4 http://www.linuxsecurity.com/content/view/151515
|
| |
Mandriva: openldap (Jan 26) |
| |
A vulnerability was discovered and corrected in openldap: libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \'\0\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-3767). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/151512
|
| |
Mandriva: mjpegtools (Jan 25) |
| |
jpeg2yuv (from the mjpegtools package) segfaulted when linked against libjpeg v7/8 (#55450). The provided packages has been patched to address this issue. http://www.linuxsecurity.com/content/view/151499
|
| |
Mandriva: php-pear-Mail (Jan 25) |
| |
Multiple vulnerabilities were discovered and corrected in php-pear (Mail): Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, a different vector than CVE-2009-4111 (CVE-2009-4023). Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023 (CVE-2009-4111). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/151493
|
| |
Mandriva: coreutils (Jan 23) |
| |
A vulnerability were discovered and corrected in coreutils: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp (CVE-2009-4135). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/151489
|
|
|
| |
Slackware: httpd (Jan 25) |
| |
New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://www.linuxsecurity.com/content/view/151491
|
| |
Slackware: php (Jan 25) |
| |
New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 http://www.linuxsecurity.com/content/view/151492
|
| |
Slackware: pidgin (Jan 25) |
| |
New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 http://www.linuxsecurity.com/content/view/151490
|
|
|
| |
SuSE: acoread (Jan 26) |
| |
http://www.linuxsecurity.com/content/view/151505
|
| |
SuSE: Linux kernel (Jan 21) |
| |
http://www.linuxsecurity.com/content/view/151482
|
|
|
| |
Ubuntu: Samba vulnerability (Jan 28) |
| |
Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation. http://www.linuxsecurity.com/content/view/151536
|
| |
Ubuntu: PyXML vulnerabilities (Jan 26) |
| |
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560) http://www.linuxsecurity.com/content/view/151513
|
| |
Ubuntu: Python 2.4 vulnerabilities (Jan 21) |
| |
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560) http://www.linuxsecurity.com/content/view/151481
|
| |
Ubuntu: Python 2.5 vulnerabilities (Jan 21) |
| |
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560) http://www.linuxsecurity.com/content/view/151479
|
|
|
| |
Pardus: Ruby:Terminal Escape Sequences (Jan 29) |
| |
A weakness has been reported in Ruby, which can be exploited by malicious people to manipulate certain data. http://www.linuxsecurity.com/content/view/151540
|
| |
Pardus: Sqlite: Information Disclosure (Jan 29) |
| |
A vulnerability has been found in sqlite, which can be exploited by malicious people to gather deleted information on sqlite database. http://www.linuxsecurity.com/content/view/151541
|
| |
Pardus: Nss: TLS Implementation MITM Attack (Jan 29) |
| |
A serious vulnerability was found in TLS/SSLv3 protocol as implemented in nss, which can be used by man-in-the-middle attackers to send arbitrary requests to the server as if legitimate user. http://www.linuxsecurity.com/content/view/151542
|
| |
Pardus: Systemtap: " stap-server" (Jan 29) |
| |
A vulnerability has been reported in SystemTap, which can be exploited by malicious users to compromise a vulnerable system. http://www.linuxsecurity.com/content/view/151543
|
| |
Pardus: Sun Java: Multiple Vulnerabilities (Jan 29) |
| |
Multiple vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system. http://www.linuxsecurity.com/content/view/151544
|
| |
Pardus: Bind: Cache Poisoning (Jan 26) |
| |
A vulnerability was found in Bind, which can be exploited by malicious people to add or change arbitrary records into dns cache in some situations. Note that previous fix for the cache poisoning vulnerability mentioned in PLSA-2009-193 issue was not complete. This is a complete fix for it. http://www.linuxsecurity.com/content/view/151504
|
Only registered users can write comments.
Please login or register.
