Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Sep 4) |
|
Security Report Summary
|
|
(Sep 3) |
|
Security Report Summary
|
|
(Sep 2) |
|
Security Report Summary
|
|
(Sep 1) |
|
Security Report Summary
|
|
Debian: 3015-1: lua5.1: Summary (Sep 1) |
|
Security Report Summary
|
|
(Aug 31) |
|
Security Report Summary
|
|
(Aug 28) |
|
Security Report Summary
|
|
|
|
(Sep 4) |
|
Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges.
|
|
(Sep 3) |
|
A vulnerability in dhcpcd can lead to a Denial of Service condition.
|
|
(Sep 1) |
|
Multiple vulnerabilities have been found in Net-SNMP which could allow remote attackers to cause Denial of Service.
|
|
(Sep 1) |
|
Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service.
|
|
(Aug 31) |
|
Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.
|
|
(Aug 29) |
|
Multiple vulnerabilities have been found in NRPE, the worst of which can allow execution of arbitrary code.
|
|
(Aug 29) |
|
Multiple vulnerabilities have been found in QEMU, worst of which allows local attackers to execute arbitrary code.
|
|
(Aug 29) |
|
Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code.
|
|
(Aug 29) |
|
Multiple vulnerabilities have been found in PostgreSQL, the worst of which may allow remote Denial of Service.
|
|
(Aug 29) |
|
A vulnerability in stunnel might allow remote attackers to gain access to private key information.
|
|
(Aug 29) |
|
Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges.
|
|
(Aug 29) |
|
Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition
|
|
(Aug 29) |
|
Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code.
|
|
(Aug 29) |
|
A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information.
|
|
(Aug 29) |
|
Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition.
|
|
(Aug 29) |
|
A vulnerability in file could result in Denial of Service.
|
|
|
|
Mandriva: 2014:175: glibc (Sep 5) |
|
Multiple vulnerabilities has been found and corrected in glibc: When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults (CVE-2012-6656). [More...]
|
|
Mandriva: 2014:174: apache (Sep 4) |
|
A vulnerability has been found and corrected in apache (ASF HTTPD): The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer [More...]
|
|
Mandriva: 2014:173: busybox (Sep 3) |
|
Updated busybox packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker [More...]
|
|
Mandriva: 2014:172: php (Sep 3) |
|
Multiple vulnerabilities has been discovered and corrected in php: The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a [More...]
|
|
Mandriva: 2014:171: dhcpcd (Sep 2) |
|
Updated dhcpcd package fixes security vulnerability: In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service. [More...]
|
|
Mandriva: 2014:170: jakarta-commons-httpclient (Sep 2) |
|
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due [More...]
|
|
Mandriva: 2014:169: bugzilla (Sep 2) |
|
Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug [More...]
|
|
Mandriva: 2014:168: libvncserver (Sep 2) |
|
An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607). [More...]
|
|
Mandriva: 2014:167: file (Sep 2) |
|
Updated file packages fix security vulnerability: A flaw was found in the way file uses cdf_read_property_info function when checks stream offsets for certain Composite Document Format (CDF). An insufficient input validation flaw for p and q minimal and [More...]
|
|
Mandriva: 2014:166: serf (Sep 2) |
|
Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in [More...]
|
|
Mandriva: 2014:165: krb5 (Sep 2) |
|
Updated krb5 package fixes security vulnerabilities: MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session (CVE-2014-4341, [More...]
|
|
Mandriva: 2014:164: phpmyadmin (Sep 2) |
|
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages (CVE-2014-5273). [More...]
|
|
Mandriva: 2014:163: python-imaging (Sep 2) |
|
Updated python-imaging packages fix security vulnerability: The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin (CVE-2014-3589). [More...] _______________________________________________________________________
|
|
Mandriva: 2014:162: catfish (Sep 2) |
|
Updated catfish package fixes security vulnerability: Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory (CVE-2014-2093). [More...]
|
|
Mandriva: 2014:161: subversion (Sep 2) |
|
Updated subversion packages fix security vulnerability: Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server (CVE-2014-3528). [More...]
|
|
Mandriva: 2014:160: gpgme (Sep 2) |
|
Updated gpgme packages fix security vulnerability: A heap-based buffer overflow in gpgme before 1.5.1 could allow a specially crafted certificate to cause crashes or potentially cause arbitrary code execution (CVE-2014-3564). [More...]
|
|
|
|
Red Hat: 2014:1144-01: firefox: Critical Advisory (Sep 3) |
|
Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
Red Hat: 2014:1148-01: squid: Important Advisory (Sep 3) |
|
An updated squid package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1147-01: squid: Important Advisory (Sep 3) |
|
Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1146-01: httpcomponents-client: Important Advisory (Sep 3) |
|
Updated httpcomponents-client packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1145-01: thunderbird: Important Advisory (Sep 3) |
|
An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1143-01: kernel: Moderate Advisory (Sep 3) |
|
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1119-01: openstack-neutron: Moderate Advisory (Sep 2) |
|
Updated openstack-neutron packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]
|
|
Red Hat: 2014:1122-01: openstack-keystone: Low Advisory (Sep 2) |
|
Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2014:1123-01: devtoolset-2-axis: Moderate Advisory (Sep 2) |
|
An updated devtoolset-2-axis package that fixes one security issue is now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1118-01: glibc: Important Advisory (Sep 2) |
|
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. [More...]
|
|
Red Hat: 2014:1121-01: openstack-keystone: Low Advisory (Sep 2) |
|
Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]
|
|
Red Hat: 2014:1120-01: openstack-neutron: Moderate Advisory (Sep 2) |
|
Updated openstack-neutron packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2014:1110-01: glibc: Important Advisory (Aug 29) |
|
Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
|
|
(Sep 4) |
|
New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
|
|
(Sep 4) |
|
New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
|
|
(Sep 4) |
|
New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
|
|
Ubuntu: 2340-1: procmail vulnerability (Sep 4) |
|
formail could be made to crash or run programs if it processed speciallycrafted mail.
|
|
Ubuntu: 2339-1: GnuPG vulnerability (Sep 3) |
|
GnuPG could expose sensitive information when performing decryption.
|
|
Ubuntu: 2339-2: Libgcrypt vulnerability (Sep 3) |
|
Libgcrypt could expose sensitive information when performing decryption.
|
|
Ubuntu: 2338-1: Lua vulnerability (Sep 3) |
|
Lua could be made to crash or run programs.
|
|
Ubuntu: 2326-1: Oxide vulnerabilities (Sep 2) |
|
Several security issues were fixed in Oxide.
|
|
Ubuntu: 2329-1: Firefox vulnerabilities (Sep 2) |
|
Firefox could be made to crash or run programs as your login if itopened a malicious website.
|
|
Ubuntu: 2335-1: Linux kernel (OMAP4) vulnerabilities (Sep 2) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2332-1: Linux kernel vulnerabilities (Sep 2) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2336-1: Linux kernel (Trusty HWE) vulnerabilities (Sep 2) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2333-1: Linux kernel (EC2) vulnerabilities (Sep 2) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2337-1: Linux kernel vulnerabilities (Sep 2) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2331-1: LibreOffice vulnerability (Sep 2) |
|
LibreOffice Calc could be made to crash or run programs as your login if itopened a specially crafted file.
|
|
Ubuntu: 2334-1: Linux kernel vulnerabilities (Sep 2) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2331-1: LibreOffice vulnerability (Sep 2) |
|
LibreOffice Calc could be made to crash or run programs as your login if itopened a specially crafted file.
|
|
Ubuntu: 2328-1: GNU C Library vulnerability (Aug 28) |
|
Certain applications could be made to crash or run programs as anadministrator.
|
|
Ubuntu: 2327-1: Squid 3 vulnerability (Aug 28) |
|
Squid could be made to crash if it received specially crafted networktraffic.
|
