Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

(Nov 19)

Security Report Summary
(Nov 18)

Security Report Summary
(Nov 16)

Security Report Summary
(Nov 16)

An absolute path traversal vulnerability could lead to arbitrary code execution.
Mandriva: 2014:215: gnutls (Nov 19)

Updated gnutls package fix security vulnerability: An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a [More...]
Mandriva: 2014:214: dbus (Nov 18)

Updated dbus packages fixes the following security issues: Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon: [More...]
Mandriva: 2014:213: curl (Nov 18)

Updated curl packages fix security vulnerability: Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing [More...]
Red Hat: 2014:1873-01: libvirt: Moderate Advisory (Nov 18)

Updated libvirt packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security [More...]
Red Hat: 2014:1872-01: kernel: Important Advisory (Nov 18)

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2014:1870-01: libXfont: Important Advisory (Nov 18)

Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2014:1865-01: bash Shift_JIS: Important Advisory (Nov 17)

Updated bash Shift_JIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2014:1861-01: mariadb: Important Advisory (Nov 17)

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2014:1862-01: mariadb55-mariadb: Important Advisory (Nov 17)

Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2014:1859-01: mysql55-mysql: Important Advisory (Nov 17)

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
Red Hat: 2014:1860-01: mysql55-mysql: Important Advisory (Nov 17)

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security [More...]
(Nov 16)

New mozilla-thunderbird packages are available for Slackware 14.1 to fix security issues. [More Info...]
Ubuntu: 2411-1: mountall vulnerability (Nov 18)

mountall could mount certain filesystems with the wrong permissions.
Ubuntu: 2409-1: QEMU vulnerabilities (Nov 13)

Several security issues were fixed in QEMU.