LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: March 30th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Debian: 2443-1: linux-2.6: privilege escalation/denial (Mar 26)
 

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

  Debian: 2442-1: openarena: UDP traffic amplification (Mar 26)
 

It has been discovered that spoofed "getstatus" UDP requests are being sent by attackers to servers for use with games derived from the Quake 3 engine (such as openarena). These servers respond with a packet flood to the victim whose IP address was impersonated by the [More...]

  Debian: 2441-1: gnutls26: missing bounds check (Mar 25)
 

Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library. [More...]

  Debian: 2440-1: libtasn1-3: missing bounds check (Mar 24)
 

Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS [More...]

  Debian: 2439-1: libpng: buffer overflow (Mar 22)
 

Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. [More...]

  Debian: 2438-1: raptor: programming error (Mar 22)
 

It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure. [More...]


  Mandriva: 2012:039: libtasn1 (Mar 27)
 

A vulnerability has been found and corrected in libtasn1: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote [More...]

  Mandriva: 2012:038: openssl (Mar 26)
 

Multiple vulnerabilities has been found and corrected in openssl: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent [More...]

  Mandriva: 2012:037: cyrus-imapd (Mar 23)
 

A vulnerability has been found and corrected in cyrus-imapd: The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and [More...]

  Mandriva: 2012:036: libsoup (Mar 23)
 

A vulnerability has been found and corrected in libsoup: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \%2e\%2e (encoded dot dot) in a URI (CVE-2011-2524). [More...]

  Mandriva: 2012:035: file (Mar 23)
 

Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format (CDF) files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim [More...]

  Mandriva: 2012:034: libzip (Mar 23)
 

Multiple vulnerabilities has been found and corrected in libzip: libzip (version <= 0.10) uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files (CVE-2012-1162). [More...]


  Red Hat: 2012:0411-01: openoffice.org: Important Advisory (Mar 22)
 

Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:0410-01: raptor: Important Advisory (Mar 22)
 

Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]


  Ubuntu: 1408-1: Linux kernel (FSL-IMX51) vulnerability (Mar 27)
 

The system could be made to crash under certain conditions.

  Ubuntu: 1409-1: Linux kernel (Oneiric backport) vulnerabilities (Mar 27)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1406-1: Linux kernel vulnerabilities (Mar 27)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1405-1: Linux kernel vulnerabilities (Mar 27)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1407-1: Linux kernel vulnerabilities (Mar 27)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1410-1: Linux kernel (EC2) vulnerability (Mar 27)
 

The system could be made to crash under certain conditions.

  Ubuntu: 1411-1: Linux kernel vulnerability (Mar 27)
 

The system could be made to crash under certain conditions.

  Ubuntu: 1404-1: Linux kernel (OMAP4) vulnerability (Mar 27)
 

The system could be made to deny services if it received specially craftedlocal area network traffic.

  Ubuntu: 1401-2: Thunderbird vulnerabilities (Mar 23)
 

Several security issues were fixed in Thunderbird.

  Ubuntu: 1403-1: FreeType vulnerabilities (Mar 23)
 

FreeType could be made to crash or run programs as your login if it opened aspecially crafted font file.

  Ubuntu: 1402-1: libpng vulnerability (Mar 22)
 

libpng could be made to crash or run programs as your login if itopened a specially crafted file.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.