Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

Password guessing with Medusa 2.0 - Medusa was created by the fine folks at foofus.net, in fact the much awaited Medusa 2.0 update was released in February of 2010. For a complete change log please visit

(Jan 1)

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. [More...]
(Jan 1)

Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see [More...]
(Jan 1)

Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following issues: [More...]
(Dec 31)

An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. [More...]
(Dec 30)

Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by [More...]
(Dec 28)

Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled. [More...]
(Dec 28)

Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. [More...]
(Dec 27)

A vulnerability in Xfig could result in execution of arbitrary code or Denial of Service.
Mandriva: 2013:302: pixman (Dec 26)

Updated pixman package fixes security vulnerability: Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash (CVE-2013-6425). [More...]
Ubuntu: 2076-1: Linux kernel (OMAP4) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2072-1: Linux kernel (OMAP4) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2075-1: Linux kernel vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2074-1: Linux kernel (OMAP4) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2073-1: Linux kernel vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2071-1: Linux kernel vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2070-1: Linux kernel (Saucy HWE) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2067-1: Linux kernel (OMAP4) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2066-1: Linux kernel vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2068-1: Linux kernel (Quantal HWE) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2064-1: Linux kernel vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2069-1: Linux kernel (Raring HWE) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.
Ubuntu: 2065-1: Linux kernel (EC2) vulnerabilities (Jan 3)

Several security issues were fixed in the kernel.