LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: June 1st, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Debian: 2483-1: strongswan: authentication bypass (May 31)
 

An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate [More...]

  Debian: 2480-2: request-tracker3.8: regression (May 29)
 

It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl. [More...]

  Debian: 2480-1: request-tracker3.8: Multiple vulnerabilities (May 24)
 

Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082 [More...]


  Mandriva: 2012:086: acpid (May 31)
 

A vulnerability has been discovered and corrected in acpid: acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon [More...]

  Mandriva: 2012:085: tomcat5 (May 30)
 

A vulnerability has been discovered and corrected in tomcat5: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) [More...]

  Mandriva: 2012:084: ncpfs (May 29)
 

Multiple vulnerabilities has been discovered and corrected in ncpfs: ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, [More...]

  Mandriva: 2012:083: util-linux (May 29)
 

Multiple vulnerabilities has been discovered and corrected in util-linux: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits [More...]

  Mandriva: 2012:082: pidgin (May 28)
 

Multiple vulnerabilities has been discovered and corrected in pidgin: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests (CVE-2012-2214). [More...]

  Mandriva: 2012:081: firefox (May 24)
 

Security issues were identified and fixed in mozilla firefox: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption [More...]


  Red Hat: 2012:0702-01: java-1.4.2-ibm: Critical Advisory (May 30)
 

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:0699-01: openssl: Moderate Advisory (May 29)
 

Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:0690-01: kernel: Important Advisory (May 29)
 

Updated kernel packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]


  Ubuntu: 1460-1: Linux kernel (OMAP4) vulnerabilities (May 31)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1459-1: Linux kernel (OMAP4) vulnerabilities (May 31)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1458-1: Linux kernel (OMAP4) vulnerabilities (May 31)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1457-1: Linux kernel vulnerabilities (May 31)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1455-1: Linux kernel (Oneiric backport) vulnerabilities (May 29)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1454-1: Linux kernel vulnerability (May 25)
 

The system could be made to crash or become unresponsive under certainconditions.

  Ubuntu: 1453-1: Linux kernel (EC2) vulnerabilities (May 25)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1452-1: Linux kernel vulnerabilities (May 25)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1451-1: OpenSSL vulnerabilities (May 24)
 

Applications using OpenSSL in certain situations could be made tocrash or expose sensitive information.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Moving toward smart and secure continuous software delivery
Stealthy, Razor Thin ATM Insert Skimmers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.