Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Dec 16) |
|
Security Report Summary
|
|
(Dec 16) |
|
Security Report Summary
|
|
(Dec 13) |
|
Security Report Summary
|
|
(Dec 13) |
|
Security Report Summary
|
|
(Dec 13) |
|
Security Report Summary
|
|
(Dec 13) |
|
Security Report Summary
|
|
(Dec 11) |
|
Security Report Summary
|
|
(Dec 11) |
|
Security Report Summary
|
|
(Dec 11) |
|
Security Report Summary
|
|
|
|
(Dec 18) |
|
Multiple vulnerabilities in ZNC could lead to Denial of Service.
|
|
(Dec 15) |
|
Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition.
|
|
(Dec 14) |
|
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service.
|
|
(Dec 14) |
|
Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code.
|
|
(Dec 13) |
|
Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.
|
|
(Dec 13) |
|
Two vulnerabilities have been found in strongSwan, possibly resulting in Denial of Service or a bypass in authentication restrictions.
|
|
(Dec 13) |
|
A NULL pointer dereference in QtGui could lead to Denial of Service.
|
|
(Dec 13) |
|
Multiple vulnerabilities have been found in OpenJPEG, the worst of which may result in execution of arbitrary code.
|
|
(Dec 13) |
|
Multiple vulnerabilities have been found in Nagios, the worst of which may allow remote code execution.
|
|
(Dec 13) |
|
Multiple vulnerabilities have been found in Django, the worst of which may lead to Denial of Service.
|
|
(Dec 13) |
|
Two vulnerabilities have been found in mod_wsgi, the worst of which could result in local privilege escalation.
|
|
(Dec 13) |
|
A vulnerability in GNUstep Base library could lead to Denial of Service.
|
|
(Dec 13) |
|
An integer overflow in PPP might allow local attackers to obtain sensitive information.
|
|
(Dec 13) |
|
An integer overflow in FreeRDP couuld result in execution of arbitrary code or Denial of Service.
|
|
(Dec 13) |
|
Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code.
|
|
(Dec 13) |
|
A vulnerability in CouchDB could result in Denial of Service.
|
|
(Dec 13) |
|
Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation.
|
|
(Dec 13) |
|
Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service.
|
|
(Dec 13) |
|
Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code.
|
|
(Dec 13) |
|
Multiple vulnerabilities have been found in D-Bus, possibly resulting in local Denial of Service.
|
|
(Dec 11) |
|
Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code.
|
|
(Dec 11) |
|
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2013. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE [More...]
|
|
(Dec 11) |
|
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE [More...]
|
|
(Dec 11) |
|
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE [More...]
|
|
(Dec 11) |
|
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
|
|
(Dec 11) |
|
A vulnerability in libxml2 could result in Denial of Service.
|
|
(Dec 11) |
|
A vulnerability in Clam AntiVirus can lead to a Denial of Service condition.
|
|
|
|
Mandriva: 2014:253: apache-mod_wsgi (Dec 15) |
|
Updated apache-mod_wsgi package fixes security vulnerability: It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege [More...]
|
|
Mandriva: 2014:252: nss (Dec 15) |
|
Updated nss packages fix security vulnerabilities: In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data (CVE-2014-1569). [More...]
|
|
Mandriva: 2014:251: rpm (Dec 14) |
|
Updated rpm packages fix security vulnerabilities: It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been [More...]
|
|
Mandriva: 2014:250: cpio (Dec 14) |
|
Updated cpio package fixes security vulnerability: Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive (CVE-2014-9112). [More...]
|
|
Mandriva: 2014:249: qemu (Dec 14) |
|
Updated qemu packages fix security vulnerabilities: During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A [More...]
|
|
Mandriva: 2014:248: graphviz (Dec 14) |
|
Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, [More...]
|
|
Mandriva: 2014:247: jasper (Dec 14) |
|
Updated jasper packages fix security vulnerability: Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service (application crash) or the execution of arbitrary code (CVE-2014-9029). [More...]
|
|
Mandriva: 2014:246: openvpn (Dec 14) |
|
Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of [More...]
|
|
Mandriva: 2014:245: mutt (Dec 14) |
|
Updated mutt packages fix security vulnerability: A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition (CVE-2014-9116). [More...]
|
|
Mandriva: 2014:244: openafs (Dec 14) |
|
Multiple vulnerabilities has been found and corrected in openafs: Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry [More...]
|
|
Mandriva: 2014:243: phpmyadmin (Dec 14) |
|
Multiple vulnerabilities has been discovered and corrected in phpmyadmin: libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to [More...]
|
|
Mandriva: 2014:242: yaml (Dec 14) |
|
Updated yaml and perl-YAML-LibYAML packages fix security vulnerability: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash [More...]
|
|
Mandriva: 2014:241: mediawiki (Dec 14) |
|
Updated mediawiki packages fix security vulnerabilies: In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML (CVE-2014-9276). [More...]
|
|
Mandriva: 2014:240: tcpdump (Dec 14) |
|
Updated tcpdump package fixes security vulnerabilities: The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767). [More...]
|
|
Mandriva: 2014:239: flac (Dec 14) |
|
Updated flac packages fix security vulnerabilities: In libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap overflow (CVE-2014-9028), which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the [More...]
|
|
Mandriva: 2014:238: bind (Dec 13) |
|
Updated bind packages fix security vulnerability: By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue [More...]
|
|
|
|
Red Hat: 2014:2023-01: glibc: Moderate Advisory (Dec 18) |
|
Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:2021-01: jasper: Important Advisory (Dec 18) |
|
Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:2010-01: kernel: Important Advisory (Dec 18) |
|
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:2009-01: kernel: Important Advisory (Dec 17) |
|
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:2008-01: kernel: Important Advisory (Dec 17) |
|
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:2000-01: thermostat1-thermostat: Important Advisory (Dec 16) |
|
Updated thermostat1-thermostat packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1999-01: mailx: Moderate Advisory (Dec 16) |
|
Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1998-01: kernel-rt: Important Advisory (Dec 16) |
|
Updated kernel-rt packages that fix one security issue are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1997-01: kernel: Important Advisory (Dec 16) |
|
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1985-01: bind97: Important Advisory (Dec 11) |
|
Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1984-01: bind: Important Advisory (Dec 11) |
|
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1983-01: xorg-x11-server: Important Advisory (Dec 11) |
|
Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1982-01: xorg-x11-server: Important Advisory (Dec 11) |
|
Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
|
|
|
(Dec 11) |
|
New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
|
|
(Dec 11) |
|
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Dec 11) |
|
New openssh packages are available for Slackware 14.0, 14.1, and -current. [More Info...]
|
|
(Dec 11) |
|
New wpa_supplicant packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Dec 11) |
|
New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current. [More Info...]
|
|
(Dec 11) |
|
New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Dec 11) |
|
New mozilla-firefox packages are available for Slackware 14.1 to fix security issues. [More Info...]
|
|
|
|
Ubuntu: 2447-2: Linux kernel (Utopic HWE) regression (Dec 19) |
|
USN-2447-1 introduced a regression in the Linux kernel.
|
|
Ubuntu: 2448-2: Linux kernel regression (Dec 19) |
|
USN-2448-1 introduced a regression in the Linux kernel.
|
|
Ubuntu: 2448-1: Linux kernel vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2442-1: Linux kernel (EC2) vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2444-1: Linux kernel (OMAP4) vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2446-1: Linux kernel vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2447-1: Linux kernel (Utopic HWE) vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2441-1: Linux kernel vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2443-1: Linux kernel vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2445-1: Linux kernel (Trusty HWE) vulnerabilities (Dec 12) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2439-1: QEMU vulnerabilities (Dec 11) |
|
Several security issues were fixed in QEMU.
|
