LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: July 22nd, 2011 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

What You Need to Know About Linux Rootkits - Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system.

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition - Mark Sobell again delivers the answers to common Linux administration challenges, and provides thorough and step-by-step instructions to configuring many of the common Linux Internet services in A Practical Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.



  Debian: 2281-1: opie: Multiple vulnerabilities (Jul 21)
 

Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation (CVE-2011-2490) and an off-by-one error, which can lead to the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and [More...]

  Debian: 2280-1: libvirt: Multiple vulnerabilities (Jul 19)
 

It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow (CVE-2011-2511). Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe (CVE-2011-1486). [More...]

  Debian: 2279-1: libapache2-mod-authnz-external: SQL injection (Jul 19)
 

It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user paramter. [More...]

  Debian: 2278-1: horde3: Multiple vulnerabilities (Jul 16)
 

It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery. For the oldstable distribution (lenny), these problems have been fixed [More...]

  Debian: 2254-2: oprofile: command injection (Jul 16)
 

Jamie Strandboge noticed that the patch propoused to fix CVE-2011-1760 in OProfile has been incomplete. For reference, the description of the original DSA, is: [More...]


  Mandriva: 2011:117: krb5-appl (Jul 22)
 

A vulnerability was discovered and corrected in krb5-appl: ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass [More...]

  Mandriva: 2011:116: curl (Jul 22)
 

A vulnerability was discovered and corrected in curl: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote [More...]

  Mandriva: 2011:115: bind (Jul 20)
 

A vulnerability was discovered and corrected in bind: Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a [More...]

  Mandriva: 2011:114: blender (Jul 18)
 

Multiple vulnerabilities have been identified and fixed in blender: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted [More...]

  Mandriva: 2011:112: blender (Jul 18)
 

Multiple vulnerabilities have been identified and fixed in blender: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted [More...]


  Red Hat: 2011:1085-01: freetype: Important Advisory (Jul 21)
 

Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2011:1073-01: bash: Low Advisory (Jul 21)
 

An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2011:1005-01: sysstat: Low Advisory (Jul 21)
 

An updated sysstat package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2011:1000-01: rgmanager: Low Advisory (Jul 21)
 

An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. [More...]

  Red Hat: 2011:0975-01: sssd: Low Advisory (Jul 21)
 

Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2011:0999-01: rsync: Moderate Advisory (Jul 21)
 

An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2011:1084-01: libsndfile: Moderate Advisory (Jul 20)
 

Updated libsndfile packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2011:1083-01: fuse: Moderate Advisory (Jul 20)
 

Updated fuse packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2011:0959-01: mutt: Moderate Advisory (Jul 19)
 

An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2011:0953-01: system-config-firewall: Moderate Advisory (Jul 18)
 

Updated system-config-firewall packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2011:0927-01: kernel: Important Advisory (Jul 15)
 

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2011:0938-01: java-1.6.0-ibm: Critical Advisory (Jul 15)
 

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...]


  Slackware: 2011-195-02: mozilla-firefox: Security Update (Jul 14)
 

New mozilla-firefox packages are available for Slackware 13.0 and 13.1 to fix security issues. [More Info...]

  Slackware: 2011-195-01: seamonkey: Security Update (Jul 14)
 

New seamonkey packages are available for Slackware 13.37, and -current to fix security issues. [More Info...]


  Ubuntu: 1172-1: logrotate vulnerabilities (Jul 21)
 

An attacker could cause logrotate to run programs, stop working, or readand write arbitrary files.

  Ubuntu: 1171-1: Likewise Open vulnerability (Jul 20)
 

Local SQL injection vulnerability

  Ubuntu: 1150-1: Thunderbird vulnerabilities (Jul 15)
 

Multiple vulnerabilities were fixed in Thunderbird.

  Ubuntu: 1170-1: Linux kernel vulnerabilities (Jul 15)
 

Multiple kernel flaws have been fixed.

  Ubuntu: 1168-1: Linux kernel vulnerabilities (Jul 15)
 

Multiple kernel flaws have been fixed.


  Pardus: 2011-99: vlc: Integer Overflow (Jul 14)
 

A vulnerability has been fixed in vlc.

  Pardus: 2011-98: nfs-utils: Corruption of the (Jul 14)
 

A vulnerability has been fixed in ntf-utils.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.