LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: June 13th, 2014 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.


  Debian: 2958-1: apt: Summary (Jun 12)
 

Security Report Summary

  Debian: 2957-1: mediawiki: Summary (Jun 12)
 

Security Report Summary

  Debian: 2956-1: icinga: Summary (Jun 11)
 

Security Report Summary

  Debian: 2955-1: iceweasel: Summary (Jun 11)
 

Security Report Summary

  Debian: 2954-1: dovecot: Summary (Jun 9)
 

Security Report Summary

  Debian: 2953-1: dpkg: Summary (Jun 8)
 

Security Report Summary

  Debian: 2952-1: kfreebsd-9: Summary (Jun 5)
 

Security Report Summary

  Debian: 2951-1: mupdf: Summary (Jun 5)
 

Security Report Summary

  Debian: 2949-1: linux: Summary (Jun 5)
 

Security Report Summary

  Debian: 2950-1: openssl: Summary (Jun 5)
 

Security Report Summary


  Gentoo: 201406-08 Adobe Flash Player: Multiple vulnerabilities (Jun 10)
 

Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code.

  Gentoo: 201406-07 Echoping: Buffer Overflow Vulnerabilities (Jun 6)
 

A buffer overflow in Echoping might allow remote attackers to cause a Denial of Service condition.

  Gentoo: 201406-06 Mumble: Multiple vulnerabilities (Jun 6)
 

Multiple vulnerabilities have been found in Mumble, the worst of which could lead to arbitrary code execution.


  Mandriva: 2014:124: kernel (Jun 13)
 

Multiple vulnerabilities has been found and corrected in the Linux kernel: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows [More...]

  Mandriva: 2014:123: tor (Jun 11)
 

Updated tor packages fix multiple vulnerabilities: Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity [More...]

  Mandriva: 2014:122: chkrootkit (Jun 11)
 

Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit (usually root), allowing the attacker to escalate privileges [More...]

  Mandriva: 2014:121: libgadu (Jun 10)
 

Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to [More...]

  Mandriva: 2014:120: miniupnpc (Jun 10)
 

Updated miniupnpc packages fix security vulnerability: The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network. [More...]

  Mandriva: 2014:119: mediawiki (Jun 10)
 

Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed [More...]

  Mandriva: 2014:118: emacs (Jun 10)
 

Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs (CVE-2014-3421, CVE-2014-3422, [More...]

  Mandriva: 2014:117: libcap-ng (Jun 10)
 

Updated libcap-ng packages fix security vulnerability: capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, [More...]

  Mandriva: 2014:116: file (Jun 10)
 

Updated file packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the [More...]

  Mandriva: 2014:115: php (Jun 10)
 

Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read [More...]

  Mandriva: 2014:114: squid (Jun 10)
 

Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128). [More...]

  Mandriva: 2014:113: python-django (Jun 10)
 

Multiple vulnerabilities has been discovered and corrected in python-django: Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) [More...]

  Mandriva: 2014:112: python-django (Jun 10)
 

Multiple vulnerabilities has been discovered and corrected in python-django: Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) [More...]

  Mandriva: 2014:111: otrs (Jun 10)
 

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS (CVE-2014-2553). [More...]

  Mandriva: 2014:110: curl (Jun 10)
 

Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as [More...]

  Mandriva: 2014:109: gnutls (Jun 9)
 

Updated gnutls packages fix security vulnerability: A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a [More...]

  Mandriva: 2014:108: gnutls (Jun 9)
 

Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its [More...]

  Mandriva: 2014:107: libtasn1 (Jun 9)
 

Updated libtasn1 packages fix security vulnerabilities: Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library [More...]

  Mandriva: 2014:106: openssl (Jun 9)
 

Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, [More...]

  Mandriva: 2014:105: openssl (Jun 9)
 

Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) [More...]


  Red Hat: 2014:0747-01: python-jinja2: Moderate Advisory (Jun 11)
 

Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]

  Red Hat: 2014:0745-01: flash-plugin: Critical Advisory (Jun 11)
 

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical [More...]

  Red Hat: 2014:0743-01: qemu-kvm: Moderate Advisory (Jun 10)
 

Updated qemu-kvm packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]

  Red Hat: 2014:0742-01: thunderbird: Important Advisory (Jun 10)
 

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0741-01: firefox: Critical Advisory (Jun 10)
 

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical [More...]

  Red Hat: 2014:0740-01: kernel: Important Advisory (Jun 10)
 

Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0704-01: qemu-kvm: Moderate Advisory (Jun 10)
 

Updated qemu-kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]

  Red Hat: 2014:0684-01: gnutls: Important Advisory (Jun 10)
 

Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0703-01: json-c: Moderate Advisory (Jun 10)
 

Updated json-c packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]

  Red Hat: 2014:0680-01: openssl098e: Important Advisory (Jun 10)
 

Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0687-01: libtasn1: Moderate Advisory (Jun 10)
 

Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]

  Red Hat: 2014:0678-02: kernel: Important Advisory (Jun 10)
 

Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0686-01: tomcat: Important Advisory (Jun 10)
 

Updated tomcat packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0702-01: mariadb: Moderate Advisory (Jun 10)
 

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]

  Red Hat: 2014:0685-01: java-1.6.0-openjdk: Important Advisory (Jun 10)
 

Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0675-01: java-1.7.0-openjdk: Critical Advisory (Jun 10)
 

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Critical [More...]

  Red Hat: 2014:0627-01: openssl: Important Advisory (Jun 5)
 

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat [More...]

  Red Hat: 2014:0626-01: openssl097a and openssl098e: Important Advisory (Jun 5)
 

Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having [More...]

  Red Hat: 2014:0624-01: openssl: Important Advisory (Jun 5)
 

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]


  Slackware: 2014-163-01: mozilla-thunderbird: Security Update (Jun 12)
 

New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]

  Slackware: 2014-160-01: php: Security Update (Jun 9)
 

New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]

  Slackware: 2014-157-01: mozilla-firefox: Security Update (Jun 7)
 

New mozilla-firefox packages are available for Slackware 14.1 to fix security issues. [More Info...]

  Slackware: 2014-156-02: libtasn1: Security Update (Jun 6)
 

New libtasn1 packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]

  Slackware: 2014-156-04: sendmail: Security Update (Jun 6)
 

New sendmail packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]

  Slackware: 2014-156-01: gnutls: Security Update (Jun 6)
 

New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]

  Slackware: 2014-156-03: openssl: Security Update (Jun 6)
 

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]


  Ubuntu: 2232-2: OpenSSL regression (Jun 12)
 

USN-2232-1 introduced a regression in OpenSSL.

  Ubuntu: 2245-1: json-c vulnerabilities (Jun 12)
 

json-c could be made to crash or consume CPU if it processed a speciallycrafted JSON document.

  Ubuntu: 2244-1: Libav vulnerability (Jun 11)
 

Libav could be made to crash or run programs as your login if it opened aspecially crafted file.

  Ubuntu: 2243-1: Firefox vulnerabilities (Jun 11)
 

Firefox could be made to crash or run programs as your login if itopened a malicious website.

  Ubuntu: 2242-1: dpkg vulnerabilities (Jun 10)
 

A malicious source package could write files outside the unpack directory.

  Ubuntu: 2214-2: libxml2 regression (Jun 9)
 

USN-2214-1 introduced a regression in libxml2.

  Ubuntu: 2235-1: Linux kernel vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2234-1: Linux kernel (EC2) vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2239-1: Linux kernel (Saucy HWE) vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2241-1: Linux kernel vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2240-1: Linux kernel vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2237-1: Linux kernel (Quantal HWE) vulnerability (Jun 5)
 

The system could be made to crash or run programs as an administrator.

  Ubuntu: 2238-1: Linux kernel (Raring HWE) vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2236-1: Linux kernel (OMAP4) vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2233-1: Linux kernel vulnerabilities (Jun 5)
 

Several security issues were fixed in the kernel.

  Ubuntu: 2232-1: OpenSSL vulnerabilities (Jun 5)
 

Several security issues were fixed in OpenSSL.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.