Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
Essential tools for hardening and securing Unix based Environments - System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services.
Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.
| |
(Sep 15) |
| |
Security Report Summary
|
| |
(Sep 13) |
| |
Security Report Summary
|
| |
(Sep 13) |
| |
Security Report Summary
|
| |
(Sep 13) |
| |
Security Report Summary
|
| |
(Sep 12) |
| |
Security Report Summary
|
| |
(Sep 10) |
| |
Security Report Summary
|
|
|
| |
(Sep 17) |
| |
Add upstream patch to fix XSS vulnerability (bug #1259405)
|
| |
(Sep 17) |
| |
Add upstream patch to fix XSS vulnerability (bug #1259405)
|
| |
(Sep 16) |
| |
This is an update to the set of CA certificates version 2.5 as released with NSSversion 3.19.3 However, as in previous versions of the ca-certificatespackage, the CA list has been modified to keep several legacy CAs still trustedfor compatibility reasons. Please refer to the project URL for details. Ifyou prefer to use the unchanged list provided by Mozilla, and if you accept anycompatibility issues it may cause, an administrator may configure the system byexecuting the "ca-legacy disable" command.
|
| |
(Sep 16) |
| |
- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)
|
| |
(Sep 15) |
| |
moodle-2.7.9-1.fc21 - 2.7.9.
|
| |
(Sep 15) |
| |
moodle-2.8.7-1.fc22 - Latest upstream release.
|
| |
(Sep 14) |
| |
03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout onpipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixedbug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, AnatolBelski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).(Stas) * Fixed bug #70219 (Use after free vulnerability in sessiondeserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data withTIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation faultwith opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixedbug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) inspl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-freevulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen aticloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails forvery large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug#69782 (NULL pointer dereference). (Stas)
|
| |
(Sep 14) |
| |
## 1.5.2 (2015-08-31) ### Security: * Fix Security MisconfigurationVulnerability, allowing potential local arbitrary code execution *CVE-2015-5723 * https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12)### Bugfix: * Fixed the JS expanding all queries in the profiler in case ofmultiple connections * Fixed the retrieval of the namespace inDisconnectedMetadataFactory * Changed the composer constraint to allow Symfony3.0 for people wanting to do early testing
|
| |
(Sep 14) |
| |
CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
|
| |
(Sep 14) |
| |
CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
|
| |
(Sep 14) |
| |
CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
|
| |
(Sep 14) |
| |
## 1.5.2 (2015-08-31) ### Security: * Fix Security MisconfigurationVulnerability, allowing potential local arbitrary code execution *CVE-2015-5723 * https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12)### Bugfix: * Fixed the JS expanding all queries in the profiler in case ofmultiple connections * Fixed the retrieval of the namespace inDisconnectedMetadataFactory * Changed the composer constraint to allow Symfony3.0 for people wanting to do early testing
|
| |
(Sep 14) |
| |
03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout onpipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixedbug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, AnatolBelski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).(Stas) * Fixed bug #70219 (Use after free vulnerability in sessiondeserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data withTIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation faultwith opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixedbug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) inspl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-freevulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen aticloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails forvery large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug#69782 (NULL pointer dereference). (Stas)
|
| |
(Sep 14) |
| |
CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
|
| |
(Sep 12) |
| |
phpMyAdmin 4.4.14.1 (2015-09-08) ================================ - [security]reCaptcha bypass
|
| |
(Sep 12) |
| |
phpMyAdmin 4.4.14.1 (2015-09-08) ================================ - [security]reCaptcha bypass
|
| |
(Sep 11) |
| |
This release fixes a heap overflow when compiling certain regular expressionswith named refecences. This release fixes buffer overflows when compilingcertain expressions.
|
| |
(Sep 11) |
| |
This release fixes a heap overflow when compiling certain regular expressionswith named refecences.
|
| |
(Sep 11) |
| |
A number of bug fixes across the 4.1.6 kernel tree
|
| |
(Sep 10) |
| |
Upstream release v0.7.1-1
|
| |
(Sep 10) |
| |
Upstream release v0.7.1-1
|
|
|
| |
Red Hat: 2015:1788-01: kernel-rt: Important Advisory (Sep 15) |
| |
Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]
|
| |
Red Hat: 2015:1793-01: qemu-kvm: Moderate Advisory (Sep 15) |
| |
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1778-01: kernel: Important Advisory (Sep 15) |
| |
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1787-01: kernel-rt: Important Advisory (Sep 15) |
| |
Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]
|
| |
Red Hat: 2015:1772-01: qemu-kvm-rhev: Important Advisory (Sep 14) |
| |
Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0 and 7.0, for Red Hat Enterprise Linux 7. [More...]
|
| |
Red Hat: 2015:1766-01: python-django: Moderate Advisory (Sep 10) |
| |
Updated python-django packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
|
| |
Red Hat: 2015:1767-01: python-django: Moderate Advisory (Sep 10) |
| |
Updated python-django packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]
|
| |
Red Hat: 2015:1769-01: libunwind: Low Advisory (Sep 10) |
| |
Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]
|
| |
Red Hat: 2015:1768-01: libunwind: Low Advisory (Sep 10) |
| |
Updated libunwind packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
|
|
|
| |
Ubuntu: 2741-1: Unity Settings Daemon vulnerability (Sep 16) |
| |
Unity Settings Daemon would allow mounting removable media while the screenis locked.
|
| |
Ubuntu: 2740-1: ICU vulnerabilities (Sep 16) |
| |
Several security issues were fixed in ICU.
|
| |
Ubuntu: 2742-1: OpenLDAP vulnerabilities (Sep 16) |
| |
Several security issues were fixed in OpenLDAP.
|
| |
Ubuntu: 2739-1: FreeType vulnerabilities (Sep 10) |
| |
Several security issues were fixed in FreeType.
|
