Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Feb 23) |
|
It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing [More...]
|
|
(Feb 22) |
|
It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large [More...]
|
|
(Feb 21) |
|
Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following issues: [More...]
|
|
(Feb 21) |
|
Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters. [More...]
|
|
(Feb 20) |
|
Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary [More...]
|
|
(Feb 19) |
|
It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. [More...]
|
|
(Feb 19) |
|
It was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them. [More...]
|
|
|
|
Mandriva: 2012:022: mozilla (Feb 23) |
|
Security issues were identified and fixed in mozilla firefox and thunderbird: An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, [More...]
|
|
Mandriva: 2012:023: libxml2 (Feb 22) |
|
A vulnerability has been found and corrected in libxml2: It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, [More...]
|
|
Mandriva: 2012:022: libpng (Feb 22) |
|
A vulnerability has been found and corrected in libpng: Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation (CVE-2011-3026). [More...]
|
|
Mandriva: 2012:021: java-1.6.0-openjdk (Feb 17) |
|
Multiple security issues were identified and fixed in OpenJDK (icedtea6): Fix issues in java sound (CVE-2011-3563). [More...]
|
|
|
|
Red Hat: 2012:0333-01: kernel-rt: Important Advisory (Feb 23) |
|
Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:0332-01: samba: Critical Advisory (Feb 23) |
|
Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5, and Red Hat Enterprise Linux 5.3 Long Life, and 5.6 Extended Update Support. [More...]
|
|
Red Hat: 2012:0324-01: libxml2: Moderate Advisory (Feb 21) |
|
Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:0322-01: java-1.6.0-openjdk: Important Advisory (Feb 21) |
|
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:0321-01: cvs: Moderate Advisory (Feb 21) |
|
Updated cvs packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:0323-01: httpd: Moderate Advisory (Feb 21) |
|
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:0303-03: xorg-x11-server: Low Advisory (Feb 21) |
|
Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0301-03: ImageMagick: Low Advisory (Feb 21) |
|
Updated ImageMagick packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0151-03: conga: Moderate Advisory (Feb 21) |
|
Updated conga packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:0302-03: cups: Low Advisory (Feb 21) |
|
Updated cups packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0149-03: kvm: Moderate Advisory (Feb 21) |
|
Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:0304-03: vixie-cron: Low Advisory (Feb 21) |
|
An updated vixie-cron package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0152-03: kexec-tools: Moderate Advisory (Feb 21) |
|
An updated kexec-tools package that resolves three security issues, fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 5. [More...]
|
|
Red Hat: 2012:0307-03: util-linux: Low Advisory (Feb 21) |
|
An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. [More...]
|
|
Red Hat: 2012:0306-03: krb5: Low Advisory (Feb 21) |
|
Updated krb5 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0305-03: boost: Low Advisory (Feb 21) |
|
Updated boost packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0308-03: busybox: Low Advisory (Feb 21) |
|
Updated busybox packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0312-03: initscripts: Low Advisory (Feb 21) |
|
An updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0311-03: ibutils: Low Advisory (Feb 21) |
|
Updated ibutils packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0309-03: sudo: Low Advisory (Feb 21) |
|
An updated sudo package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0310-03: nfs-utils: Low Advisory (Feb 21) |
|
An updated nfs-utils package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0153-03: sos: Low Advisory (Feb 21) |
|
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0313-03: samba: Low Advisory (Feb 21) |
|
Updated samba packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2012:0317-01: libpng: Important Advisory (Feb 20) |
|
Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:0144-01: flash-plugin: Critical Advisory (Feb 17) |
|
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:0143-01: xulrunner: Critical Advisory (Feb 16) |
|
Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:0141-01: seamonkey: Critical Advisory (Feb 16) |
|
Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:0140-01: thunderbird: Critical Advisory (Feb 16) |
|
An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:0142-01: firefox: Critical Advisory (Feb 16) |
|
An updated firefox package that fixes one security issue is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:0139-01: java-1.6.0-sun: Critical Advisory (Feb 16) |
|
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...]
|
|
|
|
Ubuntu: 1374-1: Samba vulnerability (Feb 24) |
|
Samba could be made to crash or run programs if it received speciallycrafted network traffic.
|
|
Ubuntu: 1373-1: OpenJDK 6 vulnerabilities (Feb 24) |
|
Multiple OpenJDK 6 vulnerabilities have been fixed.
|
|
Ubuntu: 1372-1: Puppet vulnerabilities (Feb 23) |
|
Puppet could be made to overwrite files and run programs with administratorprivileges.
|
|
Ubuntu: 1371-1: cvs vulnerability (Feb 22) |
|
cvs could be made to crash or run programs as your login if it connected toa malicious proxy server.
|
|
Ubuntu: 1370-1: libvorbis vulnerability (Feb 20) |
|
libvorbis could be made to crash or run programs as your login if itopened a specially crafted file.
|
|
Ubuntu: 1367-4: Xulrunner vulnerability (Feb 17) |
|
Xulrunner based applications could be made to crash or run programs as yourlogin if they opened a specially crafted file.
|
|
Ubuntu: 1369-1: Thunderbird vulnerabilities (Feb 17) |
|
Several security issues were fixed in Thunderbird.
|
|
Ubuntu: 1367-2: Firefox vulnerability (Feb 17) |
|
Firefox could be made to crash or run programs as your login if it opened aspecially crafted file.
|
|
Ubuntu: 1367-3: Thunderbird vulnerability (Feb 17) |
|
Thunderbird could be made to crash or run programs as your login if itopened a specially crafted file.
|
|
Ubuntu: 1367-1: libpng vulnerabilities (Feb 16) |
|
libpng could be made to crash or run programs as your login if it opened aspecially crafted file.
|
|
Ubuntu: 1284-2: Update Manager regression (Feb 16) |
|
USN-1284-1 introduced a regression in Update Manager.
|
