Linux Advisory Watch: October 2nd, 2010
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 2nd, 2010 Volume 11, Number 40 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.
http://www.linuxsecurity.com/content/view/153159
Review: Zabbix 1.8 Network Monitoring
-------------------------------------
If you have anything more than a small home network, you need to be
monitoring the status of your systems to ensure they are providing the
services they were designed to provide.
http://www.linuxsecurity.com/content/view/152990
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available!
----------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: 2115-1: moodle: Multiple vulnerabilities (Sep 29)
---------------------------------------------------------
Several remote vulnerabilities have been discovered in Moodle, a
course management system. The Common Vulnerabilities and Exposures
project identifies the following problems: [More...]
http://www.linuxsecurity.com/content/view/153385
* Debian: 2114-1: git-core: buffer overflow (Sep 26)
--------------------------------------------------
The Debian stable point release 5.0.6 included updated packages of
the Git revision control system in order to fix a security issue.
Unfortunately, the update introduced a regression which could make it
impossible to clone or create git repositories. This upgrade
[More...]
http://www.linuxsecurity.com/content/view/153355
------------------------------------------------------------------------
* Gentoo: 201009-09: fence: Multiple symlink vulnerabilites (Sep 29)
------------------------------------------------------------------
fence contains multiple programs containing vulnerabilites that
mayallow local users to overwrite arbitrary files via a symlink
attack.
http://www.linuxsecurity.com/content/view/153384
------------------------------------------------------------------------
* Mandriva: 2010:191: mailman (Oct 1)
-----------------------------------
Multiple vulnerabilities has been found and corrected in mailman:
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman
before 2.1.14rc1 allow remote authenticated users to inject arbitrary
web script or HTML via vectors involving (1) the list information
[More...]
http://www.linuxsecurity.com/content/view/153397
* Mandriva: 2010:190: libtiff (Sep 30)
------------------------------------
A vulnerability has been found and corrected in libtiff: libtiff
allows remote attackers to cause a denial of service (memory
corruption) or possibly execute arbitrary code via a crafted TIFF
image (CVE-2010-3087). [More...]
http://www.linuxsecurity.com/content/view/153390
* Mandriva: 2010:189-1: pcsc-lite (Sep 24)
----------------------------------------
Multiple vulnerabilities has been found and corrected in pcsc-lite:
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC
Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might
allow local users to cause a denial of service (daemon crash) via
crafted [More...]
http://www.linuxsecurity.com/content/view/153351
* Mandriva: 2010:189: pcsc-lite (Sep 24)
--------------------------------------
Multiple vulnerabilities has been found and corrected in pcsc-lite:
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC
Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might
allow local users to cause a denial of service (daemon crash) via
crafted [More...]
http://www.linuxsecurity.com/content/view/153348
------------------------------------------------------------------------
* Red Hat: 2010:0723-01: kernel: Important Advisory (Sep 29)
----------------------------------------------------------
Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 5. The Red Hat
Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/153381
* Red Hat: 2010:0720-02: mikmod: Moderate Advisory (Sep 28)
---------------------------------------------------------
Updated mikmod packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat
Security Response Team has rated this update as having moderate
[More...]
http://www.linuxsecurity.com/content/view/153371
* Red Hat: 2010:0719-01: kernel: Important Advisory (Sep 28)
----------------------------------------------------------
Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 4.7 Extended Update Support. The Red Hat
Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/153370
* Red Hat: 2010:0718-01: kernel: Important Advisory (Sep 28)
----------------------------------------------------------
Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 4. The Red Hat Security Response Team
has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/153369
------------------------------------------------------------------------
* Ubuntu: 992-1: Avahi vulnerabilities (Sep 29)
---------------------------------------------
It was discovered that Avahi incorrectly handled certain mDNS query
packetswhen the reflector feature is enabled, which is not the
defaultconfiguration on Ubuntu. A remote attacker could send crafted
mDNS queriesand perform a denial of service on the server and on the
network. Thisissue only affected Ubuntu 8.04 LTS and 9.04.
(CVE-2009-0758) [More...]
http://www.linuxsecurity.com/content/view/153382
* Ubuntu: 994-1: libHX vulnerability (Sep 29)
-------------------------------------------
It was discovered that libHX incorrectly handled certain parameters
to theHX_split function. An attacker could use this flaw to cause a
denial ofservice or possibly execute arbitrary code with the
privileges of the user. [More...]
http://www.linuxsecurity.com/content/view/153383
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
