Linux Advisory Watch: July 17th, 2010

vuln-newsletter-admins@xxxxxxxxxxxxxxxxx · Sat, 17 Jul 2010 08:58:19 -0400 (EDT)

+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| July 17th, 2010                                 Volume 11, Number 29 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

Meet the Anti-Nmap: PSAD
------------------------
Having a great defense involves proper detection and recognition of an
attack. In our security world we have great IDS tools to properly
recognize when we are being attacked as well as firewalls to prevent
such attacks from happening.

http://www.linuxsecurity.com/content/view/134248

Understand: Fork Bombing Attack
-------------------------------
As the variety of attacks and threats grow, you need to be prepared.  In 
this HOWTO, get a feeling for the Fork Bombing Attack, what it is, how it 
works, where it comes from, how to deal with it and more.

http://www.linuxsecurity.com/content/view/129220

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available!
   ----------------------------------------------
   Guardian Digital is happy to announce the release of EnGarde Secure
   Community 3.0.22 (Version 3.0, Release 22).  This release includes
   many updated packages and bug fixes and some feature enhancements to
   the EnGarde Secure Linux Installer and the SELinux policy.

   http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: 2071-1: libmikmod: buffer overflows (Jul 14)
   ----------------------------------------------------
   Dyon Balding discovered buffer overflows in the MikMod sound library,
   which could lead to the execution of arbitrary code if a user is
   tricked into opening malformed Impulse Tracker or Ultratracker sound
   files. [More...]

   http://www.linuxsecurity.com/content/view/152815

* Debian: 2070-1: freetype: Multiple vulnerabilities (Jul 14)
   -----------------------------------------------------------
   Robert Swiecki discovered several vulnerabilities in the FreeType
   font library, which could lead to the execution of arbitrary code if
   a malformed font file is processed. [More...]

   http://www.linuxsecurity.com/content/view/152814

* Debian: 2069-1: znc: denial of service (Jul 11)
   -----------------------------------------------
   It was discovered that znc, an IRC bouncer, is vulnerable to denial
   of service attacks via a NULL pointer dereference when traffic
   statistics are requested while there is an unauthenticated
   connection. [More...]

   http://www.linuxsecurity.com/content/view/152788

* Debian: 2068-1: python-cjson: buffer overflow (Jul 11)
   ------------------------------------------------------
   Matt Giuca discovered a buffer overflow in python-cjson, a fast JSON
   encoder/decoder for Python. This allows a remote attacker to cause a
   denial of service (application crash) [More...]

   http://www.linuxsecurity.com/content/view/152787

------------------------------------------------------------------------

* Mandriva: 2010:136: ghostscript (Jul 15)
   ----------------------------------------
   A vulnerability has been found and corrected in ghostscript:
   Ghostscript 8.64, 8.70, and possibly other versions allows
   context-dependent attackers to execute arbitrary code via a
   PostScript file containing unlimited recursive procedure invocations,
   [More...]

   http://www.linuxsecurity.com/content/view/152823

* Mandriva: 2010:135: ghostscript (Jul 15)
   ----------------------------------------
   A vulnerability has been found and corrected in ghostscript:
   Stack-based buffer overflow in the errprintf function in
   base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote
   attackers to cause a denial of service (crash) and possibly execute
   arbitrary code via a [More...]

   http://www.linuxsecurity.com/content/view/152822

* Mandriva: 2010:134: ghostscript (Jul 15)
   ----------------------------------------
   Multiple vulnerabilities has been found and corrected in ghostscript:
   Stack-based buffer overflow in the errprintf function in
   base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote
   attackers to cause a denial of service (crash) and possibly execute
   arbitrary code via a [More...]

   http://www.linuxsecurity.com/content/view/152821

* Mandriva: 2010:133: libpng (Jul 15)
   -----------------------------------
   Multiple vulnerabilities has been found and corrected in libpng:
   Memory leak in the png_handle_tEXt function in pngrutil.c in libpng
   before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent
   attackers to cause a denial of service (memory exhaustion) via a
   crafted PNG file [More...]

   http://www.linuxsecurity.com/content/view/152820

* Mandriva: 2010:132: python (Jul 14)
   -----------------------------------
   Multiple vulnerabilities has been found and corrected in python:
   Multiple integer overflows in audioop.c in the audioop module in
   Ptthon allow context-dependent attackers to cause a denial of service
   (application crash) via a large fragment, as demonstrated by a call
   [More...]

   http://www.linuxsecurity.com/content/view/152811

* Mandriva: 2010:131: iscsitarget (Jul 12)
   ----------------------------------------
   Multiple format string and buffer overflow vulnerabilities has been
   found and corrected in iscsitarget (CVE-2010-0743, CVE-2010-2221).
   The updated packages have been patched to correct these issues.
   [More...]
   ___________________________________________________________

   http://www.linuxsecurity.com/content/view/152796

------------------------------------------------------------------------

* Red Hat: 2010:0534-01: libpng: Important Advisory (Jul 14)
   ----------------------------------------------------------
   Updated libpng and libpng10 packages that fix multiple security
   issues are now available for Red Hat Enterprise Linux 3, 4, and 5.
   The Red Hat Security Response Team has rated this update as having
   [More...]

   http://www.linuxsecurity.com/content/view/152813

* Red Hat: 2010:0533-01: pcsc-lite: Moderate Advisory (Jul 14)
   ------------------------------------------------------------
   Updated pcsc-lite packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/152812

* Red Hat: 2010:0528-01: avahi: Moderate Advisory (Jul 13)
   --------------------------------------------------------
   Updated avahi packages that fix two security issues are now available
   for Red Hat Enterprise Linux 5. The Red Hat Security Response Team
   has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/152803

* Red Hat: 2010:0521-01: gfs-kmod: Moderate Advisory (Jul 13)
   -----------------------------------------------------------
   Updated gfs-kmod packages that fix one security issue are now
   available for Red Hat Enterprise Linux 5.4 Extended Update Support,
   kernel release 2.6.18-164.19.1.el5. [More...]

   http://www.linuxsecurity.com/content/view/152802

----------------------------------------------------------------

* SuSE: 2010-030: Mozilla Firefox (Jul 9)
   ---------------------------------------
   Mozilla Firefox was updated to version 3.5.10, fixing various bugs
   and security issues. MFSA 2010-33 / CVE-2008-5913: Security
   researcher Amit Klein reported that it was possible to reverse
   engineer the value used to seed Math.random(). Since the
   pseudo-random  [More...]

   http://www.linuxsecurity.com/content/view/152780

-----------------------------------------------------------------

* Ubuntu: 961-1: Ghostscript vulnerabilities (Jul 13)
   ---------------------------------------------------
   David Srbecky discovered that Ghostscript incorrectly handled
   debuglogging. If a user or automated system were tricked into opening
   a craftedPDF file, an attacker could cause a denial of service or
   execute arbitrarycode with privileges of the user invoking the
   program. [More...]

   http://www.linuxsecurity.com/content/view/152804

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------