Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Jun 12) |
|
Security Report Summary
|
|
(Jun 12) |
|
Security Report Summary
|
|
(Jun 11) |
|
Security Report Summary
|
|
(Jun 11) |
|
Security Report Summary
|
|
(Jun 9) |
|
Security Report Summary
|
|
(Jun 8) |
|
Security Report Summary
|
|
(Jun 5) |
|
Security Report Summary
|
|
(Jun 5) |
|
Security Report Summary
|
|
(Jun 5) |
|
Security Report Summary
|
|
(Jun 5) |
|
Security Report Summary
|
|
|
|
(Jun 10) |
|
Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code.
|
|
(Jun 6) |
|
A buffer overflow in Echoping might allow remote attackers to cause a Denial of Service condition.
|
|
(Jun 6) |
|
Multiple vulnerabilities have been found in Mumble, the worst of which could lead to arbitrary code execution.
|
|
|
|
Mandriva: 2014:124: kernel (Jun 13) |
|
Multiple vulnerabilities has been found and corrected in the Linux kernel: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows [More...]
|
|
Mandriva: 2014:123: tor (Jun 11) |
|
Updated tor packages fix multiple vulnerabilities: Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity [More...]
|
|
Mandriva: 2014:122: chkrootkit (Jun 11) |
|
Updated chkrootkit package fixes security vulnerability: The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit (usually root), allowing the attacker to escalate privileges [More...]
|
|
Mandriva: 2014:121: libgadu (Jun 10) |
|
Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to [More...]
|
|
Mandriva: 2014:120: miniupnpc (Jun 10) |
|
Updated miniupnpc packages fix security vulnerability: The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network. [More...]
|
|
Mandriva: 2014:119: mediawiki (Jun 10) |
|
Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed [More...]
|
|
Mandriva: 2014:118: emacs (Jun 10) |
|
Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs (CVE-2014-3421, CVE-2014-3422, [More...]
|
|
Mandriva: 2014:117: libcap-ng (Jun 10) |
|
Updated libcap-ng packages fix security vulnerability: capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, [More...]
|
|
Mandriva: 2014:116: file (Jun 10) |
|
Updated file packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the [More...]
|
|
Mandriva: 2014:115: php (Jun 10) |
|
Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read [More...]
|
|
Mandriva: 2014:114: squid (Jun 10) |
|
Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128). [More...]
|
|
Mandriva: 2014:113: python-django (Jun 10) |
|
Multiple vulnerabilities has been discovered and corrected in python-django: Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) [More...]
|
|
Mandriva: 2014:112: python-django (Jun 10) |
|
Multiple vulnerabilities has been discovered and corrected in python-django: Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) [More...]
|
|
Mandriva: 2014:111: otrs (Jun 10) |
|
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS (CVE-2014-2553). [More...]
|
|
Mandriva: 2014:110: curl (Jun 10) |
|
Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as [More...]
|
|
Mandriva: 2014:109: gnutls (Jun 9) |
|
Updated gnutls packages fix security vulnerability: A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a [More...]
|
|
Mandriva: 2014:108: gnutls (Jun 9) |
|
Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its [More...]
|
|
Mandriva: 2014:107: libtasn1 (Jun 9) |
|
Updated libtasn1 packages fix security vulnerabilities: Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library [More...]
|
|
Mandriva: 2014:106: openssl (Jun 9) |
|
Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, [More...]
|
|
Mandriva: 2014:105: openssl (Jun 9) |
|
Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) [More...]
|
|
|
|
Red Hat: 2014:0747-01: python-jinja2: Moderate Advisory (Jun 11) |
|
Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]
|
|
Red Hat: 2014:0745-01: flash-plugin: Critical Advisory (Jun 11) |
|
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical [More...]
|
|
Red Hat: 2014:0743-01: qemu-kvm: Moderate Advisory (Jun 10) |
|
Updated qemu-kvm packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]
|
|
Red Hat: 2014:0742-01: thunderbird: Important Advisory (Jun 10) |
|
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0741-01: firefox: Critical Advisory (Jun 10) |
|
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical [More...]
|
|
Red Hat: 2014:0740-01: kernel: Important Advisory (Jun 10) |
|
Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0704-01: qemu-kvm: Moderate Advisory (Jun 10) |
|
Updated qemu-kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
|
|
Red Hat: 2014:0684-01: gnutls: Important Advisory (Jun 10) |
|
Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0703-01: json-c: Moderate Advisory (Jun 10) |
|
Updated json-c packages that fix two security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
|
|
Red Hat: 2014:0680-01: openssl098e: Important Advisory (Jun 10) |
|
Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0687-01: libtasn1: Moderate Advisory (Jun 10) |
|
Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
|
|
Red Hat: 2014:0678-02: kernel: Important Advisory (Jun 10) |
|
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0686-01: tomcat: Important Advisory (Jun 10) |
|
Updated tomcat packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0702-01: mariadb: Moderate Advisory (Jun 10) |
|
Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
|
|
Red Hat: 2014:0685-01: java-1.6.0-openjdk: Important Advisory (Jun 10) |
|
Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0675-01: java-1.7.0-openjdk: Critical Advisory (Jun 10) |
|
Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Critical [More...]
|
|
Red Hat: 2014:0627-01: openssl: Important Advisory (Jun 5) |
|
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat [More...]
|
|
Red Hat: 2014:0626-01: openssl097a and openssl098e: Important Advisory (Jun 5) |
|
Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2014:0624-01: openssl: Important Advisory (Jun 5) |
|
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
|
|
|
|
(Jun 12) |
|
New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
|
|
(Jun 9) |
|
New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Jun 7) |
|
New mozilla-firefox packages are available for Slackware 14.1 to fix security issues. [More Info...]
|
|
(Jun 6) |
|
New libtasn1 packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Jun 6) |
|
New sendmail packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
|
|
(Jun 6) |
|
New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Jun 6) |
|
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
|
|
Ubuntu: 2232-2: OpenSSL regression (Jun 12) |
|
USN-2232-1 introduced a regression in OpenSSL.
|
|
Ubuntu: 2245-1: json-c vulnerabilities (Jun 12) |
|
json-c could be made to crash or consume CPU if it processed a speciallycrafted JSON document.
|
|
Ubuntu: 2244-1: Libav vulnerability (Jun 11) |
|
Libav could be made to crash or run programs as your login if it opened aspecially crafted file.
|
|
Ubuntu: 2243-1: Firefox vulnerabilities (Jun 11) |
|
Firefox could be made to crash or run programs as your login if itopened a malicious website.
|
|
Ubuntu: 2242-1: dpkg vulnerabilities (Jun 10) |
|
A malicious source package could write files outside the unpack directory.
|
|
Ubuntu: 2214-2: libxml2 regression (Jun 9) |
|
USN-2214-1 introduced a regression in libxml2.
|
|
Ubuntu: 2235-1: Linux kernel vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2234-1: Linux kernel (EC2) vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2239-1: Linux kernel (Saucy HWE) vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2241-1: Linux kernel vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2240-1: Linux kernel vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2237-1: Linux kernel (Quantal HWE) vulnerability (Jun 5) |
|
The system could be made to crash or run programs as an administrator.
|
|
Ubuntu: 2238-1: Linux kernel (Raring HWE) vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2236-1: Linux kernel (OMAP4) vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2233-1: Linux kernel vulnerabilities (Jun 5) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2232-1: OpenSSL vulnerabilities (Jun 5) |
|
Several security issues were fixed in OpenSSL.
|
