Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

(Jan 20)

Security Report Summary
(Jan 20)

Security Report Summary
(Jan 19)

Security Report Summary
(Jan 18)

Security Report Summary
(Jan 16)

Security Report Summary
(Jan 15)

Security Report Summary
(Jan 15)

Security Report Summary
Mandriva: 2015:027: kernel (Jan 16)

Multiple vulnerabilities has been found and corrected in the Linux kernel: The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by [More...]
Mandriva: 2015:026: untrf (Jan 15)

[More...] _______________________________________________________________________
Mandriva: 2015:025: mpfr (Jan 15)

Updated mpfr packages fix security vulnerability: A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (CVE-2014-9474). [More...]
Mandriva: 2015:024: libsndfile (Jan 15)

Updated libsndfile packages fix security vulnerabilities: libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause [More...]
Mandriva: 2015:023: libvirt (Jan 15)

Updated libvirt packages fix security vulnerability: The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service [More...]
Red Hat: 2015:0080-01: java-1.8.0-oracle: Critical Advisory (Jan 22)

Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security [More...]
Red Hat: 2015:0079-01: java-1.7.0-oracle: Critical Advisory (Jan 22)

Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
Red Hat: 2015:0074-01: jasper: Important Advisory (Jan 22)

Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2015:0069-01: java-1.8.0-openjdk: Important Advisory (Jan 21)

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2015:0066-01: openssl: Moderate Advisory (Jan 21)

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
Red Hat: 2015:0067-01: java-1.7.0-openjdk: Critical Advisory (Jan 21)

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security [More...]
Red Hat: 2015:0062-01: kernel: Important Advisory (Jan 21)

Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. [More...]
Red Hat: 2015:0068-01: java-1.7.0-openjdk: Important Advisory (Jan 21)

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
(Jan 21)

New samba packages are available for Slackware 14.1 and -current to fix a security issue. [More Info...]
(Jan 17)

New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
(Jan 17)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
(Jan 17)

New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
(Jan 17)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
Ubuntu: 2482-1: elfutils vulnerability (Jan 22)

elfutils could be made to overwrite files in the root directory if it receiveda specially crafted file.
Ubuntu: 2480-1: MySQL vulnerabilities (Jan 22)

Several security issues were fixed in MySQL.
Ubuntu: 2481-1: Samba vulnerability (Jan 22)

A security issue was fixed in Samba.
Ubuntu: 2460-1: Thunderbird vulnerabilities (Jan 19)

Several security issues were fixed in Thunderbird.
Ubuntu: 2479-1: RPM vulnerabilities (Jan 19)

Several security issues were fixed in RPM.
Ubuntu: 2477-1: libevent vulnerability (Jan 19)

libevent could be made to crash or run programs if it processed speciallycrafted data.
Ubuntu: 2478-1: libssh vulnerability (Jan 19)

libssh could be made to crash if it received specially crafted networktraffic.
Ubuntu: 2475-1: GTK+ update (Jan 15)

GTK+ improperly handled the menu key, possibly allowing lock screen bypass.
Ubuntu: 2474-1: curl vulnerability (Jan 15)

curl could be tricked into adding arbitrary requests when following certainURLs.