Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Sep 13) |
|
Severel vulnerabilities have been discovered in Tor, an online privacy tool. CVE-2012-3518 [More...]
|
|
(Sep 13) |
|
Security Report Summary
|
|
(Sep 12) |
|
It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. [More...]
|
|
(Sep 11) |
|
Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this [More...]
|
|
(Sep 8) |
|
Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
|
|
(Sep 8) |
|
Multiple denial of service vulnerabilities have been discovered in xen, an hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
|
|
(Sep 8) |
|
Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen Qemu Device Model virtual machine hardware emulator. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
|
|
(Sep 8) |
|
Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
|
|
(Sep 7) |
|
It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. [More...]
|
|
(Sep 7) |
|
Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data. [More...]
|
|
(Sep 6) |
|
It was discovered that Zabbix, a network monitoring solution, does not properly validate user input used as a part of an SQL query. This may allow unauthenticated attackers to execute arbitrary SQL commands (SQL injection) and possibly escalate privileges. [More...]
|
|
|
|
Mandriva: 2012:152: bind (Sep 13) |
|
A vulnerability was discovered and corrected in bind: A nameserver can be caused to exit with a REQUIRE exception if it can be induced to load a specially crafted resource record (CVE-2012-4244). [More...]
|
|
Mandriva: 2012:151: ghostscript (Sep 12) |
|
A security issue was identified and fixed in ghostscript: An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or [More...]
|
|
Mandriva: 2012:150: java-1.6.0-openjdk (Sep 10) |
|
Multiple security issues were identified and fixed in OpenJDK (icedtea6): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 [More...]
|
|
|
|
Red Hat: 2012:1267-01: bind: Important Advisory (Sep 14) |
|
Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:1268-01: bind: Important Advisory (Sep 14) |
|
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:1266-01: bind97: Important Advisory (Sep 14) |
|
Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:1265-01: libxslt: Important Advisory (Sep 13) |
|
Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:1264-01: postgresql: Moderate Advisory (Sep 13) |
|
Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:1261-01: dbus: Moderate Advisory (Sep 13) |
|
Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:1263-01: postgresql and postgresql84: Moderate Advisory (Sep 13) |
|
Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:1255-01: libexif: Moderate Advisory (Sep 11) |
|
Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:1243-01: java-1.4.2-ibm: Critical Advisory (Sep 7) |
|
Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:1245-01: java-1.5.0-ibm: Critical Advisory (Sep 7) |
|
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:1238-01: java-1.6.0-ibm: Critical Advisory (Sep 6) |
|
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
|
|
(Sep 14) |
|
New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. [More Info...]
|
|
(Sep 14) |
|
New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. [More Info...]
|
|
|
|
Ubuntu: 1565-1: OpenStack Horizon vulnerability (Sep 13) |
|
OpenStack Horizon could help expose sensitive information.
|
|
Ubuntu: 1548-2: Firefox regression (Sep 11) |
|
USN-1548-1 introduced a regression in Firefox.
|
|
Ubuntu: 1563-1: Linux kernel (Oneiric backport) vulnerability (Sep 10) |
|
The system could be made to crash under certain conditions.
|
|
Ubuntu: 1562-1: Linux kernel (Natty backport) vulnerability (Sep 10) |
|
The system could be made to crash under certain conditions.
|
|
Ubuntu: 1527-2: XML-RPC for C and C++ vulnerabilities (Sep 10) |
|
XML-RPC for C and C++ could be made to cause a denial of service by consumingexcessive CPU and memory resources.
|
|
Ubuntu: 1561-1: ubiquity-slideshow-ubuntu vulnerability (Sep 10) |
|
ubiquity-slideshow-ubuntu would allow unintended access to files over thenetwork during system installation.
|
|
Ubuntu: 1559-1: GIMP vulnerabilities (Sep 10) |
|
GIMP could be made to crash or run programs as your login if it opened aspecially crafted file.
|
|
Ubuntu: 1560-1: Django vulnerabilities (Sep 10) |
|
Applications using Django could be made to crash or expose sensitiveinformation.
|
|
Ubuntu: 1558-1: Linux kernel (OMAP4) vulnerability (Sep 6) |
|
The system could be made to crash under certain conditions.
|
|
Ubuntu: 1557-1: Linux kernel vulnerability (Sep 6) |
|
The system could be made to crash under certain conditions.
|
|
Ubuntu: 1556-1: Linux kernel (EC2) vulnerabilities (Sep 6) |
|
Several security issues were fixed in the kernel.
|
