LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: November 18th, 2011 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night - An Interview with a Member of the Chown Group (COG) about the billion dollar hacking business in China

Free Online security course (LearnSIA) - A Call for Help - The Survivability and Information Assurance (SIA) course was originally developed by a team at Carnegie Mellon, led by Lawrence Rogers (http://www.cert.org/sia/). Back in 2010, I requested a license to continue the development of the course because it provides useful information on Information Assurance. Also, this course will always be freely available for anyone to use in the classroom or self-study. There are three parts to the LearnSIA curriculum.


  Debian: 2347-1: bind9: improper assert (Nov 16)
 

It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue. [More...]

  Debian: 2346-2: proftpd-dfsg: Multiple vulnerabilities (Nov 16)
 

The ProFTPD security update, DSA-2346-1, introduced a regression, preventing successful TLS connections. This regression does not affected the stable distribution (squeeze), nor the testing and unstable distributions. [More...]

  Debian: 2346-1: proftpd-dfsg: Multiple vulnerabilities (Nov 15)
 

Several vulnerabilities were discovered in ProFTPD, an FTP server: ProFTPD incorrectly uses data from an unencrypted input buffer after encryption has been enabled with STARTTLS, an issue [More...]

  Debian: 2345-1: icedove: Multiple vulnerabilities (Nov 11)
 

Several vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. CVE-2011-3647 [More...]

  Debian: 2344-1: python-django-piston: deserialization vulnerabili (Nov 11)
 

It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution. (CVE-2011-4103) The old stable distribution (lenny) does not contain a [More...]


  Gentoo: 201111-03: OpenTTD: Multiple vulnerabilities (Nov 11)
 

Multiple vulnerabilities were found in OpenTTD which could lead toexecution of arbitrary code, a Denial of Service, or privilegeescalation.

  Gentoo: 201111-04: phpDocumentor: Function call injection (Nov 11)
 

phpDocumentor bundles Smarty which contains an input sanitation flaw,allowing attackers to call arbitrary PHP functions.


  Mandriva: 2011:176-1: bind (Nov 17)
 

A vulnerability was discovered and corrected in bind: Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [ISC RT #26590] (CVE-2011-4313). [More...]

  Mandriva: 2011:176: bind (Nov 16)
 

A vulnerability was discovered and corrected in bind: Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. [ISC RT #26590] (CVE-2011-4313). [More...]

  Mandriva: 2011:175: poppler (Nov 15)
 

Multiple security vulnerabilities has been discovered and corrected in poppler: An out-of-bounds reading flaw in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file [More...]

  Mandriva: 2011:174: graphite2 (Nov 14)
 

Unspecified vulnerabilities were discovered in graphite2 conserning specially crafted TTF fonts and which has unknown impact. As a preemptive measure the new 1.0.3 version is being provided where this is fixed. [More...] _______________________________________________________________________

  Mandriva: 2011:172: libreoffice (Nov 11)
 

Multiple vulnerabilies has been discovered and corrected in libreoffice: Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary [More...]

  Mandriva: 2011:171: networkmanager (Nov 11)
 

Security issues were identified and fixed in networkmanager: GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors [More...]

  Mandriva: 2011:170: java-1.6.0-openjdk (Nov 11)
 

Security issues were identified and fixed in openjdk (icedtea6) and icedtea-web: IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality [More...]


  Red Hat: 2011:1458-01: bind: Important Advisory (Nov 17)
 

Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2011:1459-01: bind97: Important Advisory (Nov 17)
 

Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2011:1455-01: freetype: Important Advisory (Nov 16)
 

Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2011:1445-01: flash-plugin: Critical Advisory (Nov 11)
 

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]


  Ubuntu: 1267-1: FreeType vulnerabilities (Nov 18)
 

FreeType could be made to crash or run programs as your login if itopened a specially crafted font file.

  Ubuntu: 1266-1: OpenLDAP vulnerability (Nov 17)
 

An OpenLDAP server could potentially be made to crash if it receivedspecially crafted network traffic from an authenticated user.

  Ubuntu: 1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities (Nov 16)
 

Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.

  Ubuntu: 1262-1: Light Display Manager vulnerabilities (Nov 15)
 

Several security issues were fixed in Light Display Manager.

  Ubuntu: 1261-1: Quagga vulnerabilities (Nov 15)
 

Quagga could be made to crash or run programs if it received speciallycrafted network traffic.

  Ubuntu: 1260-1: Linux kernel (OMAP4) vulnerability (Nov 14)
 

A security issue was fixed in the kernel.

  Ubuntu: 1251-1: Firefox and Xulrunner vulnerabilities (Nov 10)
 

Multiple vulnerabilities have been fixed in Firefox and Xulrunner.

  Ubuntu: 1258-1: ClamAV vulnerability (Nov 10)
 

ClamAV could be made to crash or run programs as your login if it opened aspecially crafted file.

  Ubuntu: 1257-1: radvd vulnerabilities (Nov 10)
 

radvd could be made to crash or overwrite certain files if it receivedspecially crafted network traffic.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Hackers Hid a Money-Mining Botnet in Amazonís Cloud
Homeland Security gets into software security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.