Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  (Jan 30)
 

Security Report Summary
  (Jan 30)
 

Security Report Summary
  (Jan 30)
 

Security Report Summary
  (Jan 29)
 

Security Report Summary
  (Jan 28)
 

Security Report Summary
  (Jan 27)
 

Security Report Summary
  (Jan 27)
 

Security Report Summary
  (Jan 27)
 

Security Report Summary
  (Jan 25)
 

Security Report Summary
  (Jan 25)
 

Security Report Summary
  (Jan 24)
 

Security Report Summary
  (Jan 24)
 

Security Report Summary
  (Jan 23)
 

Security Report Summary
  Red Hat: 2015:0104-01: ntp: Important Advisory (Jan 28)
 

Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:0102-01: kernel: Important Advisory (Jan 28)
 

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:0100-01: libyaml: Moderate Advisory (Jan 28)
 

Updated libyaml packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
  Red Hat: 2015:0101-01: glibc: Critical Advisory (Jan 28)
 

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security [More...]
  Red Hat: 2015:0099-01: glibc: Critical Advisory (Jan 28)
 

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. [More...]
  Red Hat: 2015:0094-01: flash-plugin: Critical Advisory (Jan 27)
 

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
  Red Hat: 2015:0093-01: chromium-browser: Important Advisory (Jan 27)
 

Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:0087-01: kernel: Important Advisory (Jan 27)
 

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:0092-01: glibc: Critical Advisory (Jan 27)
 

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security [More...]
  Red Hat: 2015:0090-01: glibc: Critical Advisory (Jan 27)
 

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security [More...]
  Red Hat: 2015:0085-01: java-1.6.0-openjdk: Important Advisory (Jan 26)
 

Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:0086-01: java-1.6.0-sun: Important Advisory (Jan 26)
 

Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:0080-01: java-1.8.0-oracle: Critical Advisory (Jan 22)
 

Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security [More...]
  Red Hat: 2015:0079-01: java-1.7.0-oracle: Critical Advisory (Jan 22)
 

Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]
  Red Hat: 2015:0074-01: jasper: Important Advisory (Jan 22)
 

Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
  (Jan 28)
 

New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue. [More Info...]
  Ubuntu: 2487-1: OpenJDK 7 vulnerabilities (Jan 27)
 

Several security issues were fixed in OpenJDK 7.
  Ubuntu: 2486-1: OpenJDK 6 vulnerabilities (Jan 27)
 

Several security issues were fixed in OpenJDK 6.
  Ubuntu: 2458-3: Firefox regression (Jan 27)
 

USN-2458-1 introduced a regression in Firefox
  Ubuntu: 2476-1: Oxide vulnerabilities (Jan 26)
 

Several security issues were fixed in Oxide.
  Ubuntu: 2484-1: Unbound vulnerability (Jan 26)
 

Unbound could be made to consume resources if it received specially craftednetwork traffic.
  Ubuntu: 2483-1: JasPer vulnerabilities (Jan 26)
 

JasPer could be made to crash or run programs as your login if itopened a specially crafted file.
  Ubuntu: 2483-2: Ghostscript vulnerabilities (Jan 26)
 

Ghostscript could be made to crash or run programs as your login if itopened a specially crafted file.
  Ubuntu: 2482-1: elfutils vulnerability (Jan 22)
 

elfutils could be made to overwrite files in the root directory if it receiveda specially crafted file.
  Ubuntu: 2480-1: MySQL vulnerabilities (Jan 22)
 

Several security issues were fixed in MySQL.
  Ubuntu: 2481-1: Samba vulnerability (Jan 22)
 

A security issue was fixed in Samba.