Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Mar 1) |
|
Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
|
|
(Mar 1) |
|
Malcolm Scott discovered a remote-exploitable buffer overflow in the rfc1413 (ident) client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. [More...]
|
|
(Feb 26) |
|
Several vulnerabilities have been discovered in python-django, a high-level python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
|
|
(Feb 26) |
|
Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories. [More...]
|
|
(Feb 25) |
|
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
|
|
(Feb 25) |
|
CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. [More...]
|
|
(Feb 24) |
|
Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi: [More...]
|
|
|
|
Mandriva: 2013:016: php (Feb 28) |
|
Multiple vulnerabilities has been discovered and corrected in php: PHP does not validate the configration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations [More...]
|
|
Mandriva: 2013:015: apache (Feb 26) |
|
Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD): Various XSS (cross-site scripting vulnerability) flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, [More...]
|
|
Mandriva: 2013:014: java-1.6.0-openjdk (Feb 22) |
|
Multiple security issues were identified and fixed in OpenJDK (icedtea6): * S8006446: Restrict MBeanServer access * S8006777: Improve TLS handling of invalid messages [More...]
|
|
|
|
Red Hat: 2013:0581-01: libxml2: Moderate Advisory (Feb 28) |
|
Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0580-01: cups: Moderate Advisory (Feb 28) |
|
Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0574-01: flash-plugin: Critical Advisory (Feb 27) |
|
An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2013:0567-01: kernel: Important Advisory (Feb 26) |
|
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2013:0568-01: dbus-glib: Important Advisory (Feb 26) |
|
Updated dbus-glib packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2013:0551-01: acroread: Critical Advisory (Feb 21) |
|
Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2013:0550-01: bind: Moderate Advisory (Feb 21) |
|
Updated bind packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0522-02: gdb: Moderate Advisory (Feb 21) |
|
Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0528-02: ipa: Low Advisory (Feb 21) |
|
Updated ipa packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0516-02: evolution: Low Advisory (Feb 21) |
|
Updated evolution packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0525-02: pcsc-lite: Moderate Advisory (Feb 21) |
|
Updated pcsc-lite packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0521-02: pam: Moderate Advisory (Feb 21) |
|
Updated pam packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0526-02: automake: Low Advisory (Feb 21) |
|
An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0523-02: ccid: Low Advisory (Feb 21) |
|
An updated ccid package that fixes one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0514-02: php: Moderate Advisory (Feb 21) |
|
Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0512-02: httpd: Low Advisory (Feb 21) |
|
Updated httpd packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0519-02: openssh: Moderate Advisory (Feb 21) |
|
Updated openssh packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0520-02: dovecot: Low Advisory (Feb 21) |
|
Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0517-02: util-linux-ng: Low Advisory (Feb 21) |
|
Updated util-linux-ng packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2013:0515-02: openchange: Moderate Advisory (Feb 21) |
|
Updated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0504-02: dhcp: Low Advisory (Feb 21) |
|
Updated dhcp packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0511-02: pki-core: Moderate Advisory (Feb 21) |
|
Updated pki-core packages that fix multiple security issues, two bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0503-03: 389-ds-base: Moderate Advisory (Feb 21) |
|
Updated 389-ds-base packages that fix one security issue, numerous bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2013:0508-02: sssd: Low Advisory (Feb 21) |
|
Updated sssd packages that fix two security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0509-02: rdma: Low Advisory (Feb 21) |
|
Updated RDMA packages that fix multiple security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0502-02: Core X11 clients: Low Advisory (Feb 21) |
|
Updated core client packages for the X Window System that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2013:0500-02: hplip: Low Advisory (Feb 21) |
|
Updated hplip packages that fix several security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0499-02: xinetd: Low Advisory (Feb 21) |
|
An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:0506-02: samba4: Moderate Advisory (Feb 21) |
|
Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0277-02: dnsmasq: Moderate Advisory (Feb 21) |
|
Updated dnsmasq packages that fix one security issue, one bug, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:0276-02: libvirt: Moderate Advisory (Feb 21) |
|
Updated libvirt packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
|
|
(Feb 25) |
|
New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. [More Info...]
|
|
|
|
Ubuntu: 1729-2: Firefox regression (Feb 28) |
|
Due to a regression, Firefox might crash or freeze under normal use.
|
|
Ubuntu: 1732-2: OpenSSL regression (Feb 28) |
|
USN-1732-1 introduced a regression in OpenSSL.
|
|
Ubuntu: 1754-1: Sudo vulnerability (Feb 28) |
|
Sudo could be made to run programs as the administrator without a passwordprompt.
|
|
Ubuntu: 1753-1: DBus-GLib vulnerability (Feb 27) |
|
An attacker could send crafted input to applications using DBus-GLib andpossibly escalate privileges.
|
|
Ubuntu: 1752-1: GnuTLS vulnerability (Feb 27) |
|
GnuTLS could be made to expose sensitive information over the network.
|
|
Ubuntu: 1751-1: Linux kernel (OMAP4) vulnerability (Feb 27) |
|
The system could be made to crash or run programs as an administrator.
|
|
Ubuntu: 1750-1: Linux kernel vulnerabilities (Feb 26) |
|
The system could be made to crash or run programs as an administrator.
|
|
Ubuntu: 1749-1: Linux kernel (Quantal HWE) vulnerability (Feb 26) |
|
The system could be made to crash or run programs as an administrator.
|
|
Ubuntu: 1748-1: Thunderbird vulnerabilities (Feb 25) |
|
Several security issues were fixed in Thunderbird.
|
|
Ubuntu: 1747-1: Transmission vulnerability (Feb 25) |
|
Transmission could be made to crash or run programs if it receivedspecially crafted network traffic.
|
|
Ubuntu: 1746-1: Pidgin vulnerabilities (Feb 25) |
|
Several security issues were fixed in Pidgin.
|
|
Ubuntu: 1745-1: Linux kernel (OMAP4) vulnerability (Feb 22) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1744-1: Linux kernel vulnerability (Feb 22) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1743-1: Linux kernel (Quantal HWE) vulnerability (Feb 22) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1742-1: Linux kernel (OMAP4) vulnerability (Feb 22) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1741-1: Linux kernel vulnerability (Feb 22) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1740-1: Linux kernel (OMAP4) vulnerability (Feb 21) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1739-1: Linux kernel vulnerability (Feb 21) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1738-1: Linux kernel (Oneiric backport) vulnerability (Feb 21) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1737-1: Linux kernel (EC2) vulnerability (Feb 21) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1736-1: Linux kernel vulnerability (Feb 21) |
|
The system could be made to run programs as an administrator.
|
|
Ubuntu: 1735-1: OpenJDK vulnerabilities (Feb 21) |
|
Several security issues were fixed in OpenJDK.
|
|
Ubuntu: 1734-1: OpenStack Nova vulnerability (Feb 21) |
|
Nova could be made to crash if it received specially crafted input.
|
|
Ubuntu: 1733-1: Ruby vulnerabilities (Feb 21) |
|
Several security issues were fixed in Ruby.
|
|
Ubuntu: 1732-1: OpenSSL vulnerabilities (Feb 21) |
|
Several security issues were fixed in OpenSSL.
|
