LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: February 10th, 2012
Linux Security Week: February 6th, 2012
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: February 26th, 2010 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. .

LinuxSecurity.com Feature Extras:

Measuring Security IT Success - In a time where budgets are constrained and Internet threats are on the rise, it is important for organizations to invest in network security applications that will not only provide them with powerful functionality but also a rapid return on investment.

Buffer Overflow Basics - A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

  EnGarde Secure Community 3.0.22 Now Available!
 

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

http://www.linuxsecurity.com/content/view/145668
  Debian: Linux 2.6.18 several vulnerabilities (Feb 22)
 

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

http://www.linuxsecurity.com/content/view/151755
  Debian: polipo denial of service (Feb 19)
 

Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems:

http://www.linuxsecurity.com/content/view/151740
  Debian: php5 multiple vulnerabilities (Feb 19)
 

Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems:

http://www.linuxsecurity.com/content/view/151739
  Debian: ffmpeg several vulnerabilities (Feb 18)
 

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer:

http://www.linuxsecurity.com/content/view/151736
  Debian: xulrunner several vulnerabilities (Feb 18)
 

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:

http://www.linuxsecurity.com/content/view/151734
  Mandriva: 2010:050: apache-mod_security (Feb 26)
 

This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. [More...]

http://www.linuxsecurity.com/content/view/151785
  Mandriva: 2010:049: sudo (Feb 25)
 

A vulnerabilitiy has been found and corrected in sudo: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary [More...]

http://www.linuxsecurity.com/content/view/151781
  Mandriva: 2010:048: roundcubemail (Feb 25)
 

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests (CVE-2010-0464). [More...]

http://www.linuxsecurity.com/content/view/151780
  Mandriva: 2010:047: fuse (Feb 23)
 

A race condition has been found in fuse that could escalate privileges for local users and lead to a DoS (Denial of Service) (CVE-2009-3297). The updated packages have been patched to correct this issue. [More...] _______________________________________________________________________

http://www.linuxsecurity.com/content/view/151766
  Mandriva: 2010:046: ncpfs (Feb 23)
 

A vulnerability has been found in ncpfs which can be exploited by local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges (CVE-2009-3297). [More...]

http://www.linuxsecurity.com/content/view/151765
  Mandriva: 2010:045: php (Feb 23)
 

A vulnerability has been found and corrected in php: PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the [More...]

http://www.linuxsecurity.com/content/view/151758
  Mandriva: mysql (Feb 19)
 

A vulnerabilitiy has been found and corrected in mysql: MySQL is vulnerable to a symbolic link attack when the data home directory contains a symlink to a different filesystem which allows remote authenticated users to bypass intended access restrictions (CVE-2008-7247). The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/151748
  Mandriva: blogtk (Feb 19)
 

The blogtk package in 2010.0 was crashing on start. This update fixes the problem by updating blogtk to the latest version. Additionally the python-gdata packages are being provided as well due to requirements.

http://www.linuxsecurity.com/content/view/151747
  Mandriva: libtheora (Feb 19)
 

A vulnerability have been discovered and corrected in libtheora: Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions (CVE-2009-3389). The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/151746
  Mandriva: firefox (Feb 19)
 

Security issues were identified and fixed in firefox 3.0.x and 3.5.x: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products.

http://www.linuxsecurity.com/content/view/151741
  Mandriva: xdg-utils (Feb 18)
 

This update enables files to be properly attached when xdg-email is used with Thunderbird as the default mail client.

http://www.linuxsecurity.com/content/view/151735
  Mandriva: dhcp (Feb 18)
 

The DHCP client ignores the interface-mtu option set by server. This update fixes the issue.

http://www.linuxsecurity.com/content/view/151733
  Mandriva: kernel (Feb 18)
 

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

http://www.linuxsecurity.com/content/view/151732
  Mandriva: mdkonline (Feb 18)
 

The new mdkonline packages adds the extended maintenance support to mdkonline. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers as well as for official 2008.0 updates.

http://www.linuxsecurity.com/content/view/151731
  Mandriva: kernel (Feb 18)
 

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

http://www.linuxsecurity.com/content/view/151728
  Mandriva: pidgin (Feb 18)
 

Multiple security vulnerabilities has been identified and fixed in pidgin: Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277).

http://www.linuxsecurity.com/content/view/151727
  RedHat: sudo (Feb 26)
 

An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151784
  RedHat: acroread security and bug fix update (Feb 18)
 

Updated acroread packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151729
  RedHat: pidgin (Feb 18)
 

Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151730
  SuSE: Linux kernel (Feb 18)
 

http://www.linuxsecurity.com/content/view/151737
  Ubuntu: 903-1: OpenOffice.org vulnerabilities (Feb 24)
 

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) [More...]

http://www.linuxsecurity.com/content/view/151767
  Ubuntu: Pidgin vulnerabilities (Feb 22)
 

Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)

http://www.linuxsecurity.com/content/view/151750
  Ubuntu: XML-RPC for C and C++ vulnerabilities (Feb 18)
 

USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

http://www.linuxsecurity.com/content/view/151738
  Pardus: Kernel: Multiple Vulnerabilities (Feb 24)
 

Multiple vulnerabilities have been fixed in kernel, which can be exploited by malicious people to cause denial of service, or possibly arbitrary code execution.

http://www.linuxsecurity.com/content/view/151776
  Pardus: Flashplugin: Multiple (Feb 24)
 

Multiple vulnerabilities have been fixed in Flashplugin, which can be used by malicious people to possibly 1) cause denial of service 2) make cross domain requests

http://www.linuxsecurity.com/content/view/151777
  Pardus: Alsa: Denial of Service (Feb 24)
 

A vulnerability has been fixed in Kernel, which can be exploited by malicious people to crash kernel due to divide by zero in azx_position_ok

http://www.linuxsecurity.com/content/view/151778
  Pardus: Pidgin: Multiple Vulnerabilities (Feb 24)
 

Multiple vulnerabilities have been fixed in Pidgin, which can be used by malicious people to cause denial of service.

http://www.linuxsecurity.com/content/view/151779

Only registered users can write comments.
Please login or register.

Powered by AkoComment!
 
< Prev   Next >
    
Partner

 
Latest Features
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Using the sec-wall Security Proxy
sec-wall: Open Source Security Proxy
Yesterday's Edition
Hackers Hit Apple Supplier Foxconn, Leak Usernames And Passwords
Hackers Mug Google's Wallet App on Rooted Android Devices
Google Chrome will no longer check for revoked SSL certificates online
Have Your Users' Passwords Already Been Hacked?
DDoS Tools Flourish, Give Attackers Many Options
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2012 Guardian Digital, Inc. All rights reserved.