Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition - Mark Sobell again delivers the answers to common Linux administration challenges, and provides thorough and step-by-step instructions to configuring many of the common Linux Internet services in A Practical Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.

(Jul 11)

DSA 2276-1 for Asterisk in the oldstable distribution (lenny) introduced a functionality bug which invokes an undefined symbol. For the oldstable distribution (lenny), this problem has been fixed in [More...]
(Jul 10)

It has been discovered that xml-security-c, an implementation of the XML Digital Signature and Encryption specifications, is not properly handling RSA keys of sizes on the order of 8192 or more bits. This allows an attacker to crash applications using this functionality or potentially [More...]
(Jul 10)

Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 (CVE-2011-2529) through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. [More...]
Red Hat: 2011:0927-01: kernel: Important Advisory (Jul 15)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
Red Hat: 2011:0938-01: java-1.6.0-ibm: Critical Advisory (Jul 15)

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...]
Red Hat: 2011:0928-01: kernel: Moderate Advisory (Jul 12)

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
Red Hat: 2011:0930-01: NetworkManager: Moderate Advisory (Jul 12)

Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
(Jul 14)

New mozilla-firefox packages are available for Slackware 13.0 and 13.1 to fix security issues. [More Info...]
(Jul 14)

New seamonkey packages are available for Slackware 13.37, and -current to fix security issues. [More Info...]
(Jul 8)

New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. [More Info...]
(Jul 8)

New bind packages are available for Slackware 13.37, and -current to fix a security issue. [More Info...]
Ubuntu: 1159-1: Linux kernel vulnerabilities (Marvell Dove) (Jul 13)

Multiple kernel flaws have been fixed.
Ubuntu: 1161-1: Linux kernel vulnerabilities (EC2) (Jul 13)

Multiple kernel flaws have been fixed.
Ubuntu: 1167-1: Linux kernel vulnerabilities (Jul 13)

Multiple kernel flaws have been fixed.
Pardus: 2011-99: vlc: Integer Overflow (Jul 14)

A vulnerability has been fixed in vlc.
Pardus: 2011-98: nfs-utils: Corruption of the (Jul 14)

A vulnerability has been fixed in ntf-utils.
Pardus: 2011-96: libpng: Denial of Service (Jul 12)

A vulnerability has been fixed in libpng.
Pardus: 2011-95: Oracle Java: Multible (Jul 12)

Multible vulnerabilities have been fixed in java.
Pardus: : Security Summary: Summary (Jul 12)

A vulnerability has been fixed in vte.
Pardus: 2011-93: D-bus: Denial of Service (Jul 12)

A vulnerability has been fixed in d-bus.