Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.

(May 31)

An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate [More...]
Debian: 2480-2: request-tracker3.8: regression (May 29)

It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl. [More...]
(May 24)

Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082 [More...]
Mandriva: 2012:086: acpid (May 31)

A vulnerability has been discovered and corrected in acpid: acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon [More...]
Mandriva: 2012:085: tomcat5 (May 30)

A vulnerability has been discovered and corrected in tomcat5: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) [More...]
Mandriva: 2012:084: ncpfs (May 29)

Multiple vulnerabilities has been discovered and corrected in ncpfs: ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, [More...]
Mandriva: 2012:083: util-linux (May 29)

Multiple vulnerabilities has been discovered and corrected in util-linux: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits [More...]
Mandriva: 2012:082: pidgin (May 28)

Multiple vulnerabilities has been discovered and corrected in pidgin: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests (CVE-2012-2214). [More...]
Mandriva: 2012:081: firefox (May 24)

Security issues were identified and fixed in mozilla firefox: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption [More...]
Red Hat: 2012:0702-01: java-1.4.2-ibm: Critical Advisory (May 30)

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
Red Hat: 2012:0699-01: openssl: Moderate Advisory (May 29)

Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
Red Hat: 2012:0690-01: kernel: Important Advisory (May 29)

Updated kernel packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
Ubuntu: 1460-1: Linux kernel (OMAP4) vulnerabilities (May 31)

Several security issues were fixed in the kernel.
Ubuntu: 1459-1: Linux kernel (OMAP4) vulnerabilities (May 31)

Several security issues were fixed in the kernel.
Ubuntu: 1458-1: Linux kernel (OMAP4) vulnerabilities (May 31)

Several security issues were fixed in the kernel.
Ubuntu: 1457-1: Linux kernel vulnerabilities (May 31)

Several security issues were fixed in the kernel.
Ubuntu: 1455-1: Linux kernel (Oneiric backport) vulnerabilities (May 29)

Several security issues were fixed in the kernel.
Ubuntu: 1454-1: Linux kernel vulnerability (May 25)

The system could be made to crash or become unresponsive under certainconditions.
Ubuntu: 1453-1: Linux kernel (EC2) vulnerabilities (May 25)

Several security issues were fixed in the kernel.
Ubuntu: 1452-1: Linux kernel vulnerabilities (May 25)

Several security issues were fixed in the kernel.
Ubuntu: 1451-1: OpenSSL vulnerabilities (May 24)

Applications using OpenSSL in certain situations could be made tocrash or expose sensitive information.