Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  (Jun 25)
 

Security Report Summary
  (Jun 23)
 

Security Report Summary
  (Jun 22)
 

Security Report Summary
  (Jun 21)
 

Security Report Summary
  (Jun 25)
 

Multiple vulnerabilities have been discovered in Asterisk, the worst of which could allow privileged users to execute arbitrary system shell commands.
  (Jun 25)
 

A vulnerability in Dnsmasq can lead to a Denial of Service condition.
  (Jun 25)
 

A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition.
  (Jun 25)
 

Multiple vulnerabilities have been found in Network Audio System, the worst of which allows remote attackers to execute arbitrary code.
  (Jun 22)
 

Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks.
  (Jun 22)
 

A vulnerability has been found in nginx which may allow execution of arbitrary code.
  (Jun 21)
 

Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service.
  (Jun 19)
 

A vulnerability in rxvt-unicode may allow a remote attacker to execute arbitrary code.
  Red Hat: 2014:0790-01: dovecot: Moderate Advisory (Jun 25)
 

Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
  Red Hat: 2014:0786-01: kernel: Important Advisory (Jun 24)
 

Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]
  Red Hat: 2014:0772-01: kernel: Important Advisory (Jun 19)
 

Updated kernel packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]
  Red Hat: 2014:0771-01: kernel: Important Advisory (Jun 19)
 

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
  Red Hat: 2014:0770-01: foreman-proxy: Critical Advisory (Jun 19)
 

An updated foreman-proxy package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 3.0 and 4.0. The Red Hat Security Response Team has rated this update as having Critical [More...]
  (Jun 24)
 

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
  (Jun 24)
 

New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
  (Jun 24)
 

New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
  (Jun 24)
 

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
  (Jun 24)
 

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
  Ubuntu: 2256-1: Swift vulnerability (Jun 25)
 

Swift did not properly perform input validation of certain HTTP headers.
  Ubuntu: 2255-1: OpenStack Neutron vulnerabilities (Jun 25)
 

Several security issues were fixed in OpenStack Neutron.
  Ubuntu: 2254-2: PHP updates (Jun 25)
 

An improvement was made for PHP FPM environments.
  Ubuntu: 2232-3: OpenSSL regression (Jun 23)
 

USN-2232-1 introduced a regression in OpenSSL.
  Ubuntu: 2254-1: PHP vulnerabilities (Jun 23)
 

Several security issues were fixed in PHP.
  Ubuntu: 2253-1: LibreOffice vulnerability (Jun 23)
 

LibreOffice would unconditionally execute certain VBA macros.
  Ubuntu: 2252-1: Linux kernel (EC2) vulnerabilities (Jun 20)
 

Several security issues were fixed in the kernel.
  Ubuntu: 2251-1: Linux kernel vulnerabilities (Jun 20)
 

Several security issues were fixed in the kernel.
  Ubuntu: 2250-1: Thunderbird vulnerabilities (Jun 19)
 

Several security issues were fixed in Thunderbird.