Linux Advisory Watch - April 3rd 2009
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 3rd, 2009 Volume 10, Number 14 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for openswan, strongswan,
nss-ldapd, auth2db, xulrunner, seamonkey, kazehakase, gtmozembedmm,
miro, mugshot, yelp, totem, mcmanx-gtk2, ruby, epiphany, chmsee,
devhelp, gecko-sharp2, galeon, blam, krb5, libsoup, icu, xine,
ghostscript, gst, and lcms. The distributors include Debian, Fedora,
Red Hat, Ubuntu, and Pardus.
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond. But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?" The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.
http://www.linuxsecurity.com/content/view/145939
---
A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.
http://www.linuxsecurity.com/content/view/144088
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: New openswan packages fix denial of service (Mar 30)
------------------------------------------------------------
Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux.
http://www.linuxsecurity.com/content/view/148465
* Debian: New strongswan packages fix denial of service (Mar 30)
--------------------------------------------------------------
Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an
IPSec implementation for linux, is prone to a denial of service
attack via a malicious packet.
http://www.linuxsecurity.com/content/view/148464
* Debian: New nss-ldapd packages fix information disclosure (Mar 30)
------------------------------------------------------------------
Leigh James that discovered that nss-ldapd, an NSS module for using
LDAP as a naming service, by default creates the configuration file
/etc/nss-ldapd.conf world-readable which could leak the configured
LDAP password if one is used for connecting to the LDAP server.
http://www.linuxsecurity.com/content/view/148463
* Debian: New auth2db packages fix SQL injection (Mar 30)
-------------------------------------------------------
It was discovered that auth2db, an IDS logger, log viewer and alert
generator, is prone to an SQL injection vulnerability, when used with
multibyte character encodings.
http://www.linuxsecurity.com/content/view/148456
* Debian: New xulrunner packages fix multiple vulnerabilities (Mar 29)
--------------------------------------------------------------------
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser.
http://www.linuxsecurity.com/content/view/148454
------------------------------------------------------------------------
* Fedora 9 Update: seamonkey-1.1.15-3.fc9 (Mar 31)
------------------------------------------------
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm
l
http://www.linuxsecurity.com/content/view/148468
* Fedora 9 Update: glib2-2.16.6-3.fc9 (Mar 31)
--------------------------------------------
This update fixes possible integer overflows in the base64 handling
functions. This has been reported in CVE-2008-4316.
http://www.linuxsecurity.com/content/view/148467
* Fedora 10 Update: seamonkey-1.1.15-3.fc10 (Mar 31)
--------------------------------------------------
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm
l
http://www.linuxsecurity.com/content/view/148466
* Fedora 9 Update: seamonkey-1.1.15-3.fc9 (Mar 30)
------------------------------------------------
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm
l
http://www.linuxsecurity.com/content/view/148460
* Fedora 9 Update: google-gadgets-0.10.5-4.fc9 (Mar 28)
-----------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148445
* Fedora 9 Update: kazehakase-0.5.6-1.fc9.5 (Mar 28)
--------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148446
* Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-27.fc9 (Mar 28)
----------------------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148447
* Fedora 9 Update: Miro-2.0.3-2.fc9 (Mar 28)
------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148448
* Fedora 9 Update: gnome-web-photo-0.3-19.fc9 (Mar 28)
----------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148449
* Fedora 9 Update: mozvoikko-0.9.5-8.fc9 (Mar 28)
-----------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148450
* Fedora 9 Update: mugshot-1.2.2-7.fc9 (Mar 28)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148451
* Fedora 9 Update: yelp-2.22.1-10.fc9 (Mar 28)
--------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148452
* Fedora 9 Update: totem-2.23.2-13.fc9 (Mar 28)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148453
* Fedora 10 Update: mugshot-1.2.2-7.fc10 (Mar 28)
-----------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148431
* Fedora 10 Update: mozvoikko-0.9.5-8.fc10 (Mar 28)
-------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148432
* Fedora 10 Update: pcmanx-gtk2-0.3.8-7.fc10 (Mar 28)
---------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148433
* Fedora 10 Update: ruby-gnome2-0.18.1-5.fc10 (Mar 28)
----------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148434
* Fedora 10 Update: yelp-2.24.0-7.fc10 (Mar 28)
---------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148435
* Fedora 9 Update: firefox-3.0.8-1.fc9 (Mar 28)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148436
* Fedora 9 Update: epiphany-extensions-2.22.1-9.fc9 (Mar 28)
----------------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148437
* Fedora 9 Update: chmsee-1.0.1-10.fc9 (Mar 28)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148438
* Fedora 9 Update: xulrunner-1.9.0.8-1.fc9 (Mar 28)
-------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148439
* Fedora 9 Update: epiphany-2.22.2-9.fc9 (Mar 28)
-----------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148440
* Fedora 9 Update: devhelp-0.19.1-10.fc9 (Mar 28)
-----------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148441
* Fedora 9 Update: blam-1.8.5-7.fc9.1 (Mar 28)
--------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148442
* Fedora 9 Update: gnome-python2-extras-2.19.1-25.fc9 (Mar 28)
------------------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148443
* Fedora 9 Update: galeon-2.0.7-8.fc9 (Mar 28)
--------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148444
* Fedora 10 Update: gecko-sharp2-0.13-6.fc10 (Mar 28)
---------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148425
* Fedora 10 Update: gnome-python2-extras-2.19.1-28.fc10 (Mar 28)
--------------------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148426
* Fedora 10 Update: gnome-web-photo-0.3-16.fc10 (Mar 28)
------------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148427
* Fedora 10 Update: google-gadgets-0.10.5-4.fc10 (Mar 28)
-------------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148428
* Fedora 10 Update: kazehakase-0.5.6-1.fc10.5 (Mar 28)
----------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148429
* Fedora 10 Update: Miro-2.0.3-2.fc10 (Mar 28)
--------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148430
* Fedora 10 Update: firefox-3.0.8-1.fc10 (Mar 28)
-----------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148417
* Fedora 10 Update: xulrunner-1.9.0.8-1.fc10 (Mar 28)
---------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148418
* Fedora 10 Update: galeon-2.0.7-8.fc10 (Mar 28)
----------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148419
* Fedora 10 Update: devhelp-0.22-6.fc10 (Mar 28)
----------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148420
* Fedora 10 Update: epiphany-2.24.3-4.fc10 (Mar 28)
-------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148421
* Fedora 10 Update: epiphany-extensions-2.24.0-6.fc10 (Mar 28)
------------------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148422
* Fedora 10 Update: blam-1.8.5-8.fc10 (Mar 28)
--------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148423
* Fedora 10 Update: evolution-rss-0.1.2-6.fc10 (Mar 28)
-----------------------------------------------------
A memory corruption flaw was discovered in the way Firefox handles
XML files containing an XSLT transform. A remote attacker could use
this flaw to crash Firefox or, potentially, execute arbitrary code as
the user running Firefox. (CVE-2009-1169) A flaw was discovered in
the way Firefox handles certain XUL garbage collection events. A
remote attacker could use this flaw to crash Firefox or, potentially,
execute arbitrary code as the user running Firefox. (CVE-2009-1044)
http://www.linuxsecurity.com/content/view/148424
* Fedora 9 Update: Miro-2.0.3-2.fc9 (Mar 27)
------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148411
* Fedora 9 Update: mugshot-1.2.2-7.fc9 (Mar 27)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148412
* Fedora 9 Update: yelp-2.22.1-10.fc9 (Mar 27)
--------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148413
* Fedora 9 Update: totem-2.23.2-13.fc9 (Mar 27)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148414
* Fedora 9 Update: xulrunner-1.9.0.8-1.fc9 (Mar 27)
-------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148398
* Fedora 9 Update: epiphany-extensions-2.22.1-9.fc9 (Mar 27)
----------------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148399
* Fedora 9 Update: epiphany-2.22.2-9.fc9 (Mar 27)
-----------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148400
* Fedora 9 Update: blam-1.8.5-7.fc9.1 (Mar 27)
--------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148401
* Fedora 9 Update: chmsee-1.0.1-10.fc9 (Mar 27)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148402
* Fedora 9 Update: devhelp-0.19.1-10.fc9 (Mar 27)
-----------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148403
* Fedora 9 Update: galeon-2.0.7-8.fc9 (Mar 27)
--------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148404
* Fedora 9 Update: gnome-python2-extras-2.19.1-25.fc9 (Mar 27)
------------------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148405
* Fedora 9 Update: gnome-web-photo-0.3-19.fc9 (Mar 27)
----------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148406
* Fedora 9 Update: google-gadgets-0.10.5-4.fc9 (Mar 27)
-----------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148407
* Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-27.fc9 (Mar 27)
----------------------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148408
* Fedora 9 Update: mozvoikko-0.9.5-8.fc9 (Mar 27)
-----------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148409
* Fedora 9 Update: kazehakase-0.5.6-1.fc9.5 (Mar 27)
--------------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148410
* Fedora 9 Update: firefox-3.0.8-1.fc9 (Mar 27)
---------------------------------------------
Mozilla Firefox is an open source Web browser. XULRunner provides the
XUL Runtime environment for Mozilla Firefox. A memory corruption
flaw was discovered in the way Firefox handles XML files containing
an XSLT transform. A remote attacker could use this flaw to crash
Firefox or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox
handles certain XUL garbage collection events. A remote attacker
could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044) This
update also provides depending packages rebuilt against new Firefox
version. Miro updates to upstream 2.0.3. Provides new features
and fixes various bugs in 1.2.x series
http://www.linuxsecurity.com/content/view/148397
* Fedora 10 Update: netatalk-2.0.3-23.fc10 (Mar 26)
-------------------------------------------------
The bug fixes backporting from upstream.
http://www.linuxsecurity.com/content/view/148382
* Fedora 9 Update: netatalk-2.0.3-21.fc9 (Mar 26)
-----------------------------------------------
The bug fixes backporting from upstream.
http://www.linuxsecurity.com/content/view/148381
* Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-13.b14.fc10 (Mar 26)
-----------------------------------------------------------------
Updated lcms to 1.18 in openjdk. this fixes many security issues.
http://www.linuxsecurity.com/content/view/148380
------------------------------------------------------------------------
* Gentoo: gedit Untrusted search path (Mar 30)
--------------------------------------------
A vulnerability in gedit might allow local attackers to execute
arbitrary code.
http://www.linuxsecurity.com/content/view/148462
* Gentoo: Analog Denial of Service (Mar 29)
-----------------------------------------
A Denial of Service vulnerability was discovered in Analog.
http://www.linuxsecurity.com/content/view/148455
------------------------------------------------------------------------
* Mandriva: [ MDVSA-2009:084 ] firefox (Apr 1)
--------------------------------------------
Security vulnerabilities have been discovered in previous versions,
and corrected in the latest Mozilla Firefox 3.x, version 3.0.8
(CVE-2009-1044, CVE-2009-1169). This update provides the latest
Mozilla Firefox 3.x to correct these issues. Additionally, some
packages requiring it have also been rebuilt and are being provided
as updates.
http://www.linuxsecurity.com/content/view/148478
* Mandriva: [ MDVSA-2009:083 ] mozilla-thunderbird (Apr 1)
--------------------------------------------------------
A number of security vulnerabilities have been discovered in previous
versions, and corrected in the latest Mozilla Thunderbird program,
version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771,
CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352,
CVE-2009-0353). This update provides the latest Thunderbird to
correct these issues. Additionaly, Mozilla Thunderbird released with
Mandriva Linux 2009.0, when used with Enigmail extension on x86_64
architechture, would freeze whenever any Enigmail function was used
(bug #45001). Also, when used on i586 architecture, Thunderbird would
crash when sending an email, if a file with an unknown extension was
attached to it. (bug #46107) This update also fixes those issues.
http://www.linuxsecurity.com/content/view/148476
* Mandriva: [ MDVSA-2009:082 ] krb5 (Mar 30)
------------------------------------------
The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3,
when SPNEGO is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via invalid
ContextFlags data in the reqFlags field in a negTokenInit token
(CVE-2009-0845). This update provides the fix for that security
issue.
http://www.linuxsecurity.com/content/view/148458
* Mandriva: [ MDVSA-2009:081 ] libsoup (Mar 27)
---------------------------------------------
An integer overflow in libsoup Base64 encoding and decoding functions
enables attackers either to cause denial of service and to execute
arbitrary code (CVE-2009-0585). This update provides the fix for that
security issue.
http://www.linuxsecurity.com/content/view/148394
* Mandriva: [ MDVSA-2009:080 ] glib2.0 (Mar 26)
---------------------------------------------
Multiple integer overflows in GLib's Base64 encoding and decoding
functions enable attackers (possibly remote ones, depending on the
applications glib2 is linked against with - mostly GNOME ones) either
to cause denial of service and to execute arbitrary code via an
untrusted input (CVE-2008-4316).
http://www.linuxsecurity.com/content/view/148389
------------------------------------------------------------------------
* RedHat: Important: kernel security and bug fix update (Apr 1)
-------------------------------------------------------------
Updated kernel packages that fix several security issues and several
bugs are now available for Red Hat Enterprise Linux 5. This update
has been rated as having important security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/148475
* RedHat: Important: openswan security update (Mar 30)
----------------------------------------------------
Updated openswan packages that fix various security issues are now
available for Red Hat Enterprise Linux 5. This update has been rated
as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148459
* RedHat: Critical: firefox security update (Mar 27)
--------------------------------------------------
Updated firefox packages that fix two security issues are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having critical security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/148395
* RedHat: Critical: seamonkey security update (Mar 27)
----------------------------------------------------
Updated seamonkey packages that fix two security issues are now
available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has
been rated as having critical security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/148396
* RedHat: Important: kernel-rt security and bug fix update (Mar 27)
-----------------------------------------------------------------
Updated kernel-rt packages that fix several security issues and
several bugs are now available for Red Hat Enterprise MRG 1.1. This
update has been rated as having important security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148390
* RedHat: Critical: java-1.6.0-sun security update (Mar 26)
---------------------------------------------------------
Updated java-1.6.0-sun packages that correct several security issues
are now available for Red Hat Enterprise Linux 4 Extras and 5
Supplementary. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148385
* RedHat: Critical: java-1.5.0-sun security update (Mar 26)
---------------------------------------------------------
Updated java-1.5.0-sun packages that correct several security issues
are now available for Red Hat Enterprise Linux 4 Extras and 5
Supplementary. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148386
* RedHat: Moderate: net-snmp security update (Mar 26)
---------------------------------------------------
Updated net-snmp packages that fix a security issue are now available
for Red Hat Enterprise Linux 3. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148383
* RedHat: Moderate: systemtap security update (Mar 26)
----------------------------------------------------
Updated systemtap packages that fix a security issue are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/148384
------------------------------------------------------------------------
* Slackware: mozilla-firefox (Mar 28)
-------------------------------------
New mozilla-firefox packages are available for Slackware 12.2, and
-current to fix security issues. The new packages may also be used
with earlier versions of Slackware.
http://www.linuxsecurity.com/content/view/148416
* Slackware: glib2 (Mar 28)
---------------------------
New glib2 packages are available for Slackware 12.0, 12.1, 12.2, and
-current to fix overflows that may be security issues.
http://www.linuxsecurity.com/content/view/148415
------------------------------------------------------------------------
* SuSE: acroread (SUSE-SA:2009:014) (Mar 27)
------------------------------------------
Multiple flaws in the JBIG2 decoder and the JavaScript engine of the
Adobe Reader allowed attackers to crash acroread or even execute
arbitrary code by tricking users into opening specially crafted PDF
files.
http://www.linuxsecurity.com/content/view/148393
------------------------------------------------------------------------
* Ubuntu: libsndfile vulnerability (Mar 30)
------------------------------------------
It was discovered that libsndfile did not correctly handle
description chunks in CAF audio files. If a user or automated system
were tricked into opening a specially crafted CAF audio file, an
attacker could execute arbitrary code with the privileges of the user
invoking the program.
http://www.linuxsecurity.com/content/view/148461
* Ubuntu: ICU vulnerability (Mar 26)
-----------------------------------
It was discovered that libicu did not correctly handle certain
invalid encoded data. If a user or automated system were tricked into
processing specially crafted data with applications linked against
libicu, certain content filters could be bypassed.
http://www.linuxsecurity.com/content/view/148387
* Ubuntu: xine-lib vulnerability (Mar 26)
----------------------------------------
It was discovered that the 4xm demuxer in xine-lib did not correctly
handle a large current_track value in a 4xm file, resulting in an
integer overflow. If a user or automated system were tricked into
opening a specially crafted 4xm movie file, an attacker could crash
xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2009-0698)
http://www.linuxsecurity.com/content/view/148388
------------------------------------------------------------------------
* Pardus: Virtualbox: Privilege escalation (Apr 1)
------------------------------------------------
A vulnerability has been reported in Sun xVM VirtualBox, which can
be exploited by malicious, local users to gain escalated privileges.
http://www.linuxsecurity.com/content/view/148474
* Pardus: Firefox: Multiple Denial of Service (Apr 1)
---------------------------------------------------
Mozilla Firefox is prone to two remote code-execution
vulnerabilities. Attackers can exploit this issue to execute
arbitrary code in the context of the user running the browser.
Successful exploits will compromise the application and possibly
the computer.
http://www.linuxsecurity.com/content/view/148473
* Pardus: Sun-Java: Multiple Vulnerabilities (Apr 1)
--------------------------------------------------
Some vulnerabilities have been reported in Sun Java, which can
be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), or potentially
compromise a user's system.
http://www.linuxsecurity.com/content/view/148472
* Pardus: Ghostscript: Multiple Integer (Apr 1)
---------------------------------------------
The Ghostscript International Color Consortium Format
Library(icclib), implementing support for the cross-platform device
independent color profile format, is prone to multiple integer
overflows and lacks multiple upper-bounds checks on certain
variable sizes.
http://www.linuxsecurity.com/content/view/148470
* Pardus: Gst-plugins-base: Integer Overflow (Apr 1)
--------------------------------------------------
A vulnerability has been reported in GStreamer, which can potentially
by exploited by malicious people to compromise an application using
the library.
http://www.linuxsecurity.com/content/view/148471
* Pardus: Lcms: Multiple Vulnerabilities (Apr 1)
----------------------------------------------
LittleCMS, an open source color management engine, suffers from
several integer overflows resulting in stack based buffer
overflows, various heap errors and memory leaks.
http://www.linuxsecurity.com/content/view/148469
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
