LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: September 14th, 2012 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog

Password guessing as an attack vector - Using password guessing as an attack vector. Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password.


  Debian: 2548-1: tor: Multiple vulnerabilities (Sep 13)
 

Severel vulnerabilities have been discovered in Tor, an online privacy tool. CVE-2012-3518 [More...]

  Debian: 2548-1: Security Summary: Summary (Sep 13)
 

Security Report Summary

  Debian: 2547-1: bind9: improper assert (Sep 12)
 

It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. [More...]

  Debian: 2546-1: freeradius: stack-based buffer overflow (Sep 11)
 

Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this [More...]

  Debian: 2545-1: qemu: Multiple vulnerabilities (Sep 8)
 

Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

  Debian: 2544-1: xen: denial of service (Sep 8)
 

Multiple denial of service vulnerabilities have been discovered in xen, an hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

  Debian: 2543-1: xen-qemu-dm-4.0: Multiple vulnerabilities (Sep 8)
 

Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen Qemu Device Model virtual machine hardware emulator. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

  Debian: 2542-1: qemu-kvm: Multiple vulnerabilities (Sep 8)
 

Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

  Debian: 2541-1: beaker: information disclosure (Sep 7)
 

It was discovered that Beaker, a cache and session library for Python, when using the python-crypto backend, is vulnerable to information disclosure due to a cryptographic weakness related to the use of the AES cipher in ECB mode. [More...]

  Debian: 2540-1: mahara: cross-site scripting (Sep 7)
 

Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data. [More...]

  Debian: 2539-1: zabbix: SQL injection (Sep 6)
 

It was discovered that Zabbix, a network monitoring solution, does not properly validate user input used as a part of an SQL query. This may allow unauthenticated attackers to execute arbitrary SQL commands (SQL injection) and possibly escalate privileges. [More...]


  Mandriva: 2012:152: bind (Sep 13)
 

A vulnerability was discovered and corrected in bind: A nameserver can be caused to exit with a REQUIRE exception if it can be induced to load a specially crafted resource record (CVE-2012-4244). [More...]

  Mandriva: 2012:151: ghostscript (Sep 12)
 

A security issue was identified and fixed in ghostscript: An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or [More...]

  Mandriva: 2012:150: java-1.6.0-openjdk (Sep 10)
 

Multiple security issues were identified and fixed in OpenJDK (icedtea6): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 [More...]


  Red Hat: 2012:1267-01: bind: Important Advisory (Sep 14)
 

Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:1268-01: bind: Important Advisory (Sep 14)
 

Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:1266-01: bind97: Important Advisory (Sep 14)
 

Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:1265-01: libxslt: Important Advisory (Sep 13)
 

Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2012:1264-01: postgresql: Moderate Advisory (Sep 13)
 

Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:1261-01: dbus: Moderate Advisory (Sep 13)
 

Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:1263-01: postgresql and postgresql84: Moderate Advisory (Sep 13)
 

Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:1255-01: libexif: Moderate Advisory (Sep 11)
 

Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2012:1243-01: java-1.4.2-ibm: Critical Advisory (Sep 7)
 

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:1245-01: java-1.5.0-ibm: Critical Advisory (Sep 7)
 

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]

  Red Hat: 2012:1238-01: java-1.6.0-ibm: Critical Advisory (Sep 6)
 

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]


  Slackware: 2012-257-01: bind: Security Update (Sep 14)
 

New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. [More Info...]

  Slackware: 2012-257-02: patch: Security Update (Sep 14)
 

New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. [More Info...]


  Ubuntu: 1565-1: OpenStack Horizon vulnerability (Sep 13)
 

OpenStack Horizon could help expose sensitive information.

  Ubuntu: 1548-2: Firefox regression (Sep 11)
 

USN-1548-1 introduced a regression in Firefox.

  Ubuntu: 1563-1: Linux kernel (Oneiric backport) vulnerability (Sep 10)
 

The system could be made to crash under certain conditions.

  Ubuntu: 1562-1: Linux kernel (Natty backport) vulnerability (Sep 10)
 

The system could be made to crash under certain conditions.

  Ubuntu: 1527-2: XML-RPC for C and C++ vulnerabilities (Sep 10)
 

XML-RPC for C and C++ could be made to cause a denial of service by consumingexcessive CPU and memory resources.

  Ubuntu: 1561-1: ubiquity-slideshow-ubuntu vulnerability (Sep 10)
 

ubiquity-slideshow-ubuntu would allow unintended access to files over thenetwork during system installation.

  Ubuntu: 1559-1: GIMP vulnerabilities (Sep 10)
 

GIMP could be made to crash or run programs as your login if it opened aspecially crafted file.

  Ubuntu: 1560-1: Django vulnerabilities (Sep 10)
 

Applications using Django could be made to crash or expose sensitiveinformation.

  Ubuntu: 1558-1: Linux kernel (OMAP4) vulnerability (Sep 6)
 

The system could be made to crash under certain conditions.

  Ubuntu: 1557-1: Linux kernel vulnerability (Sep 6)
 

The system could be made to crash under certain conditions.

  Ubuntu: 1556-1: Linux kernel (EC2) vulnerabilities (Sep 6)
 

Several security issues were fixed in the kernel.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.