LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: February 24th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Debian: 2416-1: notmuch: information disclosure (Feb 23)
 

It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing [More...]

  Debian: 2417-1: libxml2: computational denial of ser (Feb 22)
 

It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large [More...]

  Debian: 2415-1: libmodplug: Multiple vulnerabilities (Feb 21)
 

Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following issues: [More...]

  Debian: 2413-1: fex: insufficient input sanitiza (Feb 21)
 

Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters. [More...]

  Debian: 2413-1: libarchive: buffer overflows (Feb 20)
 

Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary [More...]

  Debian: 2412-1: libvorbis: buffer overflow (Feb 19)
 

It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. [More...]

  Debian: 2411-1: mumble: information disclosure (Feb 19)
 

It was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them. [More...]


  Mandriva: 2012:022: mozilla (Feb 23)
 

Security issues were identified and fixed in mozilla firefox and thunderbird: An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, [More...]

  Mandriva: 2012:023: libxml2 (Feb 22)
 

A vulnerability has been found and corrected in libxml2: It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, [More...]

  Mandriva: 2012:022: libpng (Feb 22)
 

A vulnerability has been found and corrected in libpng: Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation (CVE-2011-3026). [More...]

  Mandriva: 2012:021: java-1.6.0-openjdk (Feb 17)
 

Multiple security issues were identified and fixed in OpenJDK (icedtea6): Fix issues in java sound (CVE-2011-3563). [More...]


  Red Hat: 2012:0333-01: kernel-rt: Important Advisory (Feb 23)
 

Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:0332-01: samba: Critical Advisory (Feb 23)
 

Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5, and Red Hat Enterprise Linux 5.3 Long Life, and 5.6 Extended Update Support. [More...]

  Red Hat: 2012:0324-01: libxml2: Moderate Advisory (Feb 21)
 

Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:0322-01: java-1.6.0-openjdk: Important Advisory (Feb 21)
 

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:0321-01: cvs: Moderate Advisory (Feb 21)
 

Updated cvs packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:0323-01: httpd: Moderate Advisory (Feb 21)
 

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:0303-03: xorg-x11-server: Low Advisory (Feb 21)
 

Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0301-03: ImageMagick: Low Advisory (Feb 21)
 

Updated ImageMagick packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0151-03: conga: Moderate Advisory (Feb 21)
 

Updated conga packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:0302-03: cups: Low Advisory (Feb 21)
 

Updated cups packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0149-03: kvm: Moderate Advisory (Feb 21)
 

Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:0304-03: vixie-cron: Low Advisory (Feb 21)
 

An updated vixie-cron package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0152-03: kexec-tools: Moderate Advisory (Feb 21)
 

An updated kexec-tools package that resolves three security issues, fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5. [More...]

  Red Hat: 2012:0307-03: util-linux: Low Advisory (Feb 21)
 

An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. [More...]

  Red Hat: 2012:0306-03: krb5: Low Advisory (Feb 21)
 

Updated krb5 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0305-03: boost: Low Advisory (Feb 21)
 

Updated boost packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0308-03: busybox: Low Advisory (Feb 21)
 

Updated busybox packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0312-03: initscripts: Low Advisory (Feb 21)
 

An updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0311-03: ibutils: Low Advisory (Feb 21)
 

Updated ibutils packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0309-03: sudo: Low Advisory (Feb 21)
 

An updated sudo package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0310-03: nfs-utils: Low Advisory (Feb 21)
 

An updated nfs-utils package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0153-03: sos: Low Advisory (Feb 21)
 

An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0313-03: samba: Low Advisory (Feb 21)
 

Updated samba packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2012:0317-01: libpng: Important Advisory (Feb 20)
 

Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:0144-01: flash-plugin: Critical Advisory (Feb 17)
 

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:0143-01: xulrunner: Critical Advisory (Feb 16)
 

Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:0141-01: seamonkey: Critical Advisory (Feb 16)
 

Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:0140-01: thunderbird: Critical Advisory (Feb 16)
 

An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:0142-01: firefox: Critical Advisory (Feb 16)
 

An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:0139-01: java-1.6.0-sun: Critical Advisory (Feb 16)
 

Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...]


  Ubuntu: 1374-1: Samba vulnerability (Feb 24)
 

Samba could be made to crash or run programs if it received speciallycrafted network traffic.

  Ubuntu: 1373-1: OpenJDK 6 vulnerabilities (Feb 24)
 

Multiple OpenJDK 6 vulnerabilities have been fixed.

  Ubuntu: 1372-1: Puppet vulnerabilities (Feb 23)
 

Puppet could be made to overwrite files and run programs with administratorprivileges.

  Ubuntu: 1371-1: cvs vulnerability (Feb 22)
 

cvs could be made to crash or run programs as your login if it connected toa malicious proxy server.

  Ubuntu: 1370-1: libvorbis vulnerability (Feb 20)
 

libvorbis could be made to crash or run programs as your login if itopened a specially crafted file.

  Ubuntu: 1367-4: Xulrunner vulnerability (Feb 17)
 

Xulrunner based applications could be made to crash or run programs as yourlogin if they opened a specially crafted file.

  Ubuntu: 1369-1: Thunderbird vulnerabilities (Feb 17)
 

Several security issues were fixed in Thunderbird.

  Ubuntu: 1367-2: Firefox vulnerability (Feb 17)
 

Firefox could be made to crash or run programs as your login if it opened aspecially crafted file.

  Ubuntu: 1367-3: Thunderbird vulnerability (Feb 17)
 

Thunderbird could be made to crash or run programs as your login if itopened a specially crafted file.

  Ubuntu: 1367-1: libpng vulnerabilities (Feb 16)
 

libpng could be made to crash or run programs as your login if it opened aspecially crafted file.

  Ubuntu: 1284-2: Update Manager regression (Feb 16)
 

USN-1284-1 introduced a regression in Update Manager.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.