LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: August 17th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Debian: 2530-1: rssh: shell command injection (Aug 15)
 

Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. For the stable distribution (squeeze), this problem has been fixed in [More...]

  Debian: 2529-1: python-django: Multiple vulnerabilities (Aug 14)
 

Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. The Common Vulnerabilities and Exposures project defines the following issues: [More...]

  Debian: 2528-1: icedove: Multiple vulnerabilities (Aug 14)
 

Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 [More...]

  Debian: 2527-1: php5: Multiple vulnerabilities (Aug 13)
 

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: [More...]

  Debian: 2526-1: libotr: heap-based buffer overflows (Aug 12)
 

Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to [More...]


  Gentoo: 201208-06 libgdata: Man-in-the-Middle attack (Aug 14)
 

A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks.

  Gentoo: 201208-05 Perl Config-IniFiles Module: Insecure temporary file usage (Aug 14)
 

An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks.

  Gentoo: 201208-04 Gajim: Multiple vulnerabilities (Aug 14)
 

Multiple vulnerabilities have been found in Gajim, the worst of which may allow execution of arbitrary code.

  Gentoo: 201208-03 Chromium: Multiple vulnerabilities (Aug 14)
 

Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code.

  Gentoo: 201208-02 Puppet: Multiple vulnerabilities (Aug 14)
 

Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code.

  Gentoo: 201208-01 socat: Arbitrary code execution (Aug 14)
 

A buffer overflow in socat might allow remote attackers to execute arbitrary code.


  Mandriva: 2012:138: acpid (Aug 17)
 

A vulnerability has been discovered and corrected in acpid: Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI [More...]

  Mandriva: 2012:137: acpid (Aug 17)
 

Multiple vulnerabilities has been discovered and corrected in acpid: Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges (CVE-2011-2777). [More...]

  Mandriva: 2012:136: phpmyadmin (Aug 17)
 

Multiple cross-site scripting (XSS) vulnerabilities was discovered by using the Database structure page with a crafted table name (CVE-2012-4345). This upgrade provides the latest phpmyadmin version (3.4.11.1) to [More...]

  Mandriva: 2012:135: wireshark (Aug 16)
 

Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). [More...]

  Mandriva: 2012:134: wireshark (Aug 16)
 

Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). [More...]

  Mandriva: 2012:133: usbmuxd (Aug 16)
 

It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user (CVE-2012-0065). [More...]

  Mandriva: 2012:132: glpi (Aug 15)
 

Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) flaws has been found and corrected in GLPI (CVE-2012-4002, CVE-2012-4003). This advisory provides the latest version of GLPI (0.83.4) which are [More...]

  Mandriva: 2012:131: libotr (Aug 13)
 

A vulnerability was found and corrected in libotr: Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can [More...]

  Mandriva: 2012:130: openldap (Aug 11)
 

A vulnerability was found and corrected in openldap: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes [More...]

  Mandriva: 2012:129-1: busybox (Aug 10)
 

Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow (CVE-2006-1168). [More...]

  Mandriva: 2012:129: busybox (Aug 10)
 

Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow (CVE-2006-1168). [More...]

  Mandriva: 2012:128: bash (Aug 9)
 

A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names ('test' command) and evaluating /dev/fd file [More...]


  Red Hat: 2012:1173-01: flash-plugin: Critical Advisory (Aug 15)
 

An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:1169-01: condor: Important Advisory (Aug 14)
 

Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:1156-01: kernel: Moderate Advisory (Aug 14)
 

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:1168-01: condor: Important Advisory (Aug 14)
 

Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]


  Slackware: 2012-228-01: t1lib: Security Update (Aug 16)
 

New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. [More Info...]

  Slackware: 2012-228-02: emacs: Security Update (Aug 16)
 

New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. [More Info...]


  Ubuntu: 1482-3: ClamAV regression (Aug 16)
 

USN-1482-1 introduced a regression in ClamAV that could cause it to failto scan certain documents.

  Ubuntu: 1541-1: libotr vulnerability (Aug 16)
 

Applications using Off-the-Record messaging plugins could be madeto crash or run programs if it received specially crafted networkmessages.

  Ubuntu: 1539-1: Linux kernel (Oneiric backport) vulnerabilities (Aug 14)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1538-1: Linux kernel (Natty backport) vulnerabilities (Aug 14)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1537-1: OpenOffice.org vulnerability (Aug 13)
 

OpenOffice.org could be made to crash or run programs as your login if itopened a specially crafted file.

  Ubuntu: 1535-1: Linux kernel vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1534-1: Linux kernel (EC2) vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1533-1: Linux kernel vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1532-1: Linux kernel (OMAP4) vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1531-1: Linux kernel vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1530-1: Linux kernel (OMAP4) vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1529-1: Linux kernel vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1514-1: Linux kernel (OMAP4) vulnerabilities (Aug 10)
 

Several security issues were fixed in the kernel.

  Ubuntu: 1527-1: Expat vulnerabilities (Aug 10)
 

Expat could be made to cause a denial of service by consuming excessive CPUand memory resources.

  Ubuntu: 1525-1: Calligra vulnerability (Aug 9)
 

Calligra could be made to crash or run programs as your login if it openeda specially crafted file.

  Ubuntu: 1526-1: KOffice vulnerability (Aug 9)
 

KOffice could be made to crash or run programs as your login if it openeda specially crafted file.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Shellshock makes Heartbleed look insignificant
Hacker Group Lizard Squad Takes Down Destiny, Call of Duty, FIFA And More
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.