LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: November 22nd, 2013 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit http://www.foofus.net/jmk/medusa/changelog


  Debian: 2798-2: curl: unchecked ssl certificate h (Nov 20)
 

The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour (#729965). This update disables host verification too when using the --insecure option. [More...]

  Debian: 2798-1: curl: unchecked ssl certificate h (Nov 17)
 

Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust [More...]

  Debian: 2797-1: chromium-browser: Multiple vulnerabilities (Nov 17)
 

Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 [More...]

  Debian: 2795-2: lighttpd: regression (Nov 16)
 

It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification. [More...]


  Gentoo: 201311-13 OpenVPN: Multiple vulnerabilities (Nov 20)
 

Multiple vulnerabilities have been found in OpenVPN, allowing remote attackers to read encrypted traffic.

  Gentoo: 201311-12 Open DC Hub: Arbitrary code execution (Nov 20)
 

A vulnerability in Open DC Hub could result in execution of arbitrary code.

  Gentoo: 201311-11 CTorrent: User-assisted arbitrary code execution (Nov 20)
 

A stack-based buffer overflow in CTorrent might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition.

  Gentoo: 201311-10 GraphicsMagick: Multiple vulnerabilities (Nov 18)
 

Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.


  Mandriva: 2013:278: samba (Nov 21)
 

A vulnerability has been found and corrected in samba: Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL [More...]

  Mandriva: 2013:277: lighttpd (Nov 21)
 

Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain [More...]

  Mandriva: 2013:276: curl (Nov 21)
 

Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host [More...]

  Mandriva: 2013:271: pmake (Nov 21)
 

Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related [More...]

  Mandriva: 2013:273: libjpeg (Nov 21)
 

Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). [More...]

  Mandriva: 2013:275: krb5 (Nov 21)
 

Updated krb5 package fixes security vulnerabily: If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user [More...]

  Mandriva: 2013:272: poppler (Nov 21)
 

Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in [More...]

  Mandriva: 2013:274: libjpeg (Nov 21)
 

Updated libjpeg packages fix security vulnerabilities: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create [More...]

  Mandriva: 2013:270: nss (Nov 21)
 

Multiple security issues was identified and fixed in mozilla NSPR and NSS: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which [More...]

  Mandriva: 2013:268: torque (Nov 21)
 

Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the [More...]

  Mandriva: 2013:269: firefox (Nov 21)
 

Multiple security issues was identified and fixed in mozilla NSPR, NSS and firefox: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which [More...]

  Mandriva: 2013:267: java-1.7.0-openjdk (Nov 21)
 

Updated java-1.7.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to [More...]

  Mandriva: 2013:266: java-1.6.0-openjdk (Nov 21)
 

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to [More...]


  Red Hat: 2013:1752-01: 389-ds-base: Important Advisory (Nov 21)
 

Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2013:1661-02: RDMA stack: Moderate Advisory (Nov 21)
 

Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]

  Red Hat: 2013:1701-02: sudo: Low Advisory (Nov 21)
 

An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2013:1732-02: busybox: Low Advisory (Nov 21)
 

Updated busybox packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2013:1674-02: dracut: Moderate Advisory (Nov 21)
 

Updated dracut packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1615-02: php: Moderate Advisory (Nov 20)
 

Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1620-02: xorg-x11-server: Low Advisory (Nov 20)
 

Updated xorg-x11-server packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2013:1652-02: coreutils: Low Advisory (Nov 20)
 

Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2013:1605-02: glibc: Moderate Advisory (Nov 20)
 

Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1635-02: pacemaker: Low Advisory (Nov 20)
 

Updated pacemaker packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2013:1591-02: openssh: Low Advisory (Nov 20)
 

Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2013:1553-02: qemu-kvm: Important Advisory (Nov 20)
 

Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2013:1569-02: wireshark: Moderate Advisory (Nov 20)
 

Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]

  Red Hat: 2013:1582-02: python: Moderate Advisory (Nov 20)
 

Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1542-02: samba: Moderate Advisory (Nov 20)
 

Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1543-02: samba4: Moderate Advisory (Nov 20)
 

Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2013:1537-02: augeas: Low Advisory (Nov 20)
 

Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]

  Red Hat: 2013:1536-02: libguestfs: Moderate Advisory (Nov 20)
 

Updated libguestfs packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1525-01: openstack-glance: Moderate Advisory (Nov 18)
 

Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1524-01: openstack-keystone: Moderate Advisory (Nov 18)
 

Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1526-01: nagios: Moderate Advisory (Nov 18)
 

Updated nagios packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1523-01: ruby193-ruby: Moderate Advisory (Nov 14)
 

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1521-01: python-django: Moderate Advisory (Nov 14)
 

Updated python-django packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1522-01: Foreman: Moderate Advisory (Nov 14)
 

Updated Foreman packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]

  Red Hat: 2013:1520-01: kernel: Moderate Advisory (Nov 14)
 

Updated kernel packages that fix two security issues, one bug, and add two enhancements are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]


  Slackware: 2013-322-01: mozilla-firefox: Security Update (Nov 18)
 

New mozilla-firefox packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]

  Slackware: 2013-322-03: samba: Security Update (Nov 18)
 

New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]

  Slackware: 2013-322-04: seamonkey: Security Update (Nov 18)
 

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]

  Slackware: 2013-322-02: openssh: Security Update (Nov 18)
 

New openssh packages are available for Slackware 14.1 and -current to fix a security issue. [More Info...]


  Ubuntu: 2032-1: Thunderbird vulnerabilities (Nov 21)
 

Several security issues were fixed in Thunderbird.

  Ubuntu: 2031-1: Firefox vulnerabilities (Nov 20)
 

Several security issues were fixed in Firefox.

  Ubuntu: 2030-1: NSS vulnerabilities (Nov 18)
 

Several security issues were fixed in NSS.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.