Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(Mar 26)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
(Mar 26)

It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the [More...]
(Mar 25)

Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library. [More...]
(Mar 24)

Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS [More...]
(Mar 22)

Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. [More...]
(Mar 22)

It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure. [More...]
Mandriva: 2012:039: libtasn1 (Mar 27)

A vulnerability has been found and corrected in libtasn1: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote [More...]
Mandriva: 2012:038: openssl (Mar 26)

Multiple vulnerabilities has been found and corrected in openssl: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent [More...]
Mandriva: 2012:037: cyrus-imapd (Mar 23)

A vulnerability has been found and corrected in cyrus-imapd: The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and [More...]
Mandriva: 2012:036: libsoup (Mar 23)

A vulnerability has been found and corrected in libsoup: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \%2e\%2e (encoded dot dot) in a URI (CVE-2011-2524). [More...]
Mandriva: 2012:035: file (Mar 23)

Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format (CDF) files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim [More...]
Mandriva: 2012:034: libzip (Mar 23)

Multiple vulnerabilities has been found and corrected in libzip: libzip (version <= 0.10) uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files (CVE-2012-1162). [More...]
Red Hat: 2012:0411-01: openoffice.org: Important Advisory (Mar 22)

Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
Red Hat: 2012:0410-01: raptor: Important Advisory (Mar 22)

Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
Ubuntu: 1408-1: Linux kernel (FSL-IMX51) vulnerability (Mar 27)

The system could be made to crash under certain conditions.
Ubuntu: 1409-1: Linux kernel (Oneiric backport) vulnerabilities (Mar 27)

Several security issues were fixed in the kernel.
Ubuntu: 1406-1: Linux kernel vulnerabilities (Mar 27)

Several security issues were fixed in the kernel.
Ubuntu: 1405-1: Linux kernel vulnerabilities (Mar 27)

Several security issues were fixed in the kernel.
Ubuntu: 1407-1: Linux kernel vulnerabilities (Mar 27)

Several security issues were fixed in the kernel.
Ubuntu: 1410-1: Linux kernel (EC2) vulnerability (Mar 27)

The system could be made to crash under certain conditions.
Ubuntu: 1411-1: Linux kernel vulnerability (Mar 27)

The system could be made to crash under certain conditions.
Ubuntu: 1404-1: Linux kernel (OMAP4) vulnerability (Mar 27)

The system could be made to deny services if it received specially craftedlocal area network traffic.
Ubuntu: 1401-2: Thunderbird vulnerabilities (Mar 23)

Several security issues were fixed in Thunderbird.
Ubuntu: 1403-1: FreeType vulnerabilities (Mar 23)

FreeType could be made to crash or run programs as your login if it opened aspecially crafted font file.
Ubuntu: 1402-1: libpng vulnerability (Mar 22)

libpng could be made to crash or run programs as your login if itopened a specially crafted file.