Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Nov 25) |
|
Security Report Summary
|
|
(Nov 20) |
|
Security Report Summary
|
|
|
|
(Nov 23) |
|
Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service.
|
|
(Nov 23) |
|
Multiple vulnerabilities has been found in Ansible which may allow local privilege escalation.
|
|
(Nov 23) |
|
Multiple vulnerabilities have been found in Aircrack-ng, possibly resulting in local privilege escalation, remote code execution, or Denial of Service.
|
|
(Nov 23) |
|
A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service.
|
|
(Nov 21) |
|
Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
|
|
|
|
Mandriva: 2014:229: libvncserver (Nov 26) |
|
Updated libvncserver packages fix security vulnerabilities: A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote [More...]
|
|
Mandriva: 2014:228: phpmyadmin (Nov 26) |
|
Multiple vulnerabilities has been discovered and corrected in phpmyadmin: * Multiple XSS vulnerabilities (CVE-2014-8958). [More...]
|
|
Mandriva: 2014:227: ffmpeg (Nov 25) |
|
Multiple vulnerabilities has been discovered and corrected in ffmpeg: The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and [More...]
|
|
Mandriva: 2014:226: imagemagick (Nov 25) |
|
Updated imagemagick packages fix security vulnerabilities: ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder [More...]
|
|
Mandriva: 2014:225: ruby (Nov 25) |
|
Updated ruby packages fix security vulnerabilities: Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary [More...]
|
|
Mandriva: 2014:224: krb5 (Nov 21) |
|
Updated krb5 packages fix security vulnerability: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote [More...]
|
|
Mandriva: 2014:223: wireshark (Nov 21) |
|
Updated wireshark packages fix security vulnerabilities: SigComp UDVM buffer overflow (CVE-2014-8710). AMQP crash (CVE-2014-8711). [More...]
|
|
Mandriva: 2014:222: libvirt (Nov 21) |
|
Updated libvirt packages fix security vulnerability: Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain [More...]
|
|
Mandriva: 2014:221: php-smarty (Nov 21) |
|
[More...] _______________________________________________________________________
|
|
Mandriva: 2014:220: qemu (Nov 21) |
|
Updated qemu packages fix security vulnerabilities: Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host [More...]
|
|
Mandriva: 2014:219: srtp (Nov 21) |
|
Updated srtp package fixes security vulnerability: Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how [More...]
|
|
Mandriva: 2014:218: asterisk (Nov 21) |
|
Multiple vulnerabilities has been discovered and corrected in asterisk: Remote crash when handling out of call message in certain dialplan configurations (CVE-2014-6610). [More...]
|
|
Mandriva: 2014:217: clamav (Nov 20) |
|
ClamAV 0.98.5 addresses several reported potential security bugs. Certain javascript files causes ClamAV to segfault when scanned with the -a (list archived files) (CVE-2013-6497). [More...] _______________________________________________________________________
|
|
Mandriva: 2014:216: php-ZendFramework (Nov 20) |
|
A vulnerability has been found and corrected in php-ZendFramework: The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with [More...]
|
|
|
|
Red Hat: 2014:1894-01: chromium-browser: Important Advisory (Nov 24) |
|
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1893-01: libXfont: Important Advisory (Nov 24) |
|
Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1885-01: libxml2: Moderate Advisory (Nov 20) |
|
Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2014:1882-01: java-1.7.0-ibm: Critical Advisory (Nov 20) |
|
Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
Red Hat: 2014:1881-01: java-1.5.0-ibm: Important Advisory (Nov 20) |
|
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2014:1880-01: java-1.7.1-ibm: Critical Advisory (Nov 20) |
|
Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
|
|
Ubuntu: 2422-1: Squid vulnerabilities (Nov 25) |
|
Squid could be made to crash if it received specially crafted networktraffic.
|
|
Ubuntu: 2420-1: Linux kernel vulnerabilities (Nov 24) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2421-1: Linux kernel vulnerabilities (Nov 24) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2415-1: Linux kernel vulnerability (Nov 24) |
|
The system could be made to deny write access to files.
|
|
Ubuntu: 2418-1: Linux kernel (OMAP4) vulnerabilities (Nov 24) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2417-1: Linux kernel vulnerabilities (Nov 24) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2416-1: Linux kernel (EC2) vulnerabilities (Nov 24) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2419-1: Linux kernel (Trusty HWE) vulnerabilities (Nov 24) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2414-1: KDE-Runtime vulnerability (Nov 24) |
|
KDE-Runtime could be made to run arbitrary javascript.
|
|
Ubuntu: 2413-1: AppArmor vulnerability (Nov 20) |
|
apparmor_parser could allow applications that are confined by AppArmor to gainunintended access to resources.
|
|
Ubuntu: 2412-1: Ruby vulnerability (Nov 20) |
|
Ruby could be made to consume resources.
|
