Linux Advisory Watch: October 22nd, 2010

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| October 22nd, 2010                              Volume 11, Number 43 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.

http://www.linuxsecurity.com/content/view/153159


Review: Zabbix 1.8 Network Monitoring
-------------------------------------
If you have anything more than a small home network, you need to be
monitoring the status of your systems to ensure they are providing the
services they were designed to provide.

http://www.linuxsecurity.com/content/view/152990

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available!
   ----------------------------------------------
   Guardian Digital is happy to announce the release of EnGarde Secure
   Community 3.0.22 (Version 3.0, Release 22).  This release includes
   many updated packages and bug fixes and some feature enhancements to
   the EnGarde Secure Linux Installer and the SELinux policy.

   http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: 2121-1: typo3-src: Multiple vulnerabilities (Oct 19)
   ------------------------------------------------------------
   Several remote vulnerabilities have been discovered in TYPO3. The
   Common Vulnerabilities and Exposures project identifies the following
   problems: [More...]

   http://www.linuxsecurity.com/content/view/153516

------------------------------------------------------------------------

* Mandriva: 2010:208: pidgin (Oct 21)
   -----------------------------------
   A security vulnerability has been identified and fixed in pidgin: It
   has been discovered that eight denial of service conditions exist in
   libpurple all due to insufficient validation of the return value from
   purple_base64_decode(). Invalid or malformed data received in
   [More...]

   http://www.linuxsecurity.com/content/view/153536

* Mandriva: 2010:207: glibc (Oct 20)
   ----------------------------------
   A vulnerability in the GNU C library (glibc) was discovered which
   could escalate the privilegies for local users (CVE-2010-3847).
   Packages for 2009.0 are provided as of the Extended Maintenance
   Program. Please visit this link to learn more: [More...]

   http://www.linuxsecurity.com/content/view/153534

* Mandriva: 2010:205: freeciv (Oct 15)
   ------------------------------------
   A vulnerability was discovered and corrected in freeciv: freeciv 2.2
   before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary
   files or execute arbitrary commands via scenario that contains Lua
   functionality, related to the (1) os, (2) io, (3) [More...]

   http://www.linuxsecurity.com/content/view/153490

* Mandriva: 2010:204: avahi (Oct 14)
   ----------------------------------
   A vulnerability was discovered and corrected in avahi: The
   AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in
   Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of
   service (assertion failure and daemon exit) via a DNS packet with
   [More...]

   http://www.linuxsecurity.com/content/view/153488

------------------------------------------------------------------------

* Red Hat: 2010:0788-01: pidgin: Moderate Advisory (Oct 21)
   ---------------------------------------------------------
   Updated pidgin packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/153542

* Red Hat: 2010:0787-01: glibc: Important Advisory (Oct 20)
   ---------------------------------------------------------
   Updated glibc packages that fix one security issue are now available
   for Red Hat Enterprise Linux 5. The Red Hat Security Response Team
   has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/153535

* Red Hat: 2010:0785-01: quagga: Moderate Advisory (Oct 20)
   ---------------------------------------------------------
   Updated quagga packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/153531

* Red Hat: 2010:0786-01: java-1.4.2-ibm: Critical Advisory (Oct 20)
   -----------------------------------------------------------------
   Updated java-1.4.2-ibm packages that fix several security issues are
   now available for Red Hat Enterprise Linux 3 Extras, Red Hat
   Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5
   Supplementary. [More...]

   http://www.linuxsecurity.com/content/view/153530

* Red Hat: 2010:0782-01: firefox: Critical Advisory (Oct 19)
   ----------------------------------------------------------
   Updated firefox packages that fix several security issues are now
   available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/153522

* Red Hat: 2010:0781-01: seamonkey: Critical Advisory (Oct 19)
   ------------------------------------------------------------
   Updated seamonkey packages that fix several security issues are now
   available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/153521

* Red Hat: 2010:0780-01: thunderbird: Moderate Advisory (Oct 19)
   --------------------------------------------------------------
   An updated thunderbird package that fixes several security issues is
   now available for Red Hat Enterprise Linux 4 and 5. The Red Hat
   Security Response Team has rated this update as having moderate
   [More...]

   http://www.linuxsecurity.com/content/view/153520

* Red Hat: 2010:0779-01: kernel: Moderate Advisory (Oct 19)
   ---------------------------------------------------------
   Updated kernel packages that fix multiple security issues and several
   bugs are now available for Red Hat Enterprise Linux 4. The Red Hat
   Security Response Team has rated this update as having moderate
   [More...]

   http://www.linuxsecurity.com/content/view/153515

* Red Hat: 2010:0771-01: kernel-rt: Moderate Advisory (Oct 14)
   ------------------------------------------------------------
   Updated kernel-rt packages that fix multiple security issues and
   upgrade the kernel-rt kernel to version 2.6.33.7-rt29 are now
   available for Red Hat Enterprise MRG 1.3. [More...]

   http://www.linuxsecurity.com/content/view/153486

* Red Hat: 2010:0770-01: java-1.6.0-sun: Critical Advisory (Oct 14)
   -----------------------------------------------------------------
   Updated java-1.6.0-sun packages that fix several security issues are
   now available for Red Hat Enterprise Linux 4 Extras and 5
   Supplementary. The Red Hat Security Response Team has rated this
   update as having critical [More...]

   http://www.linuxsecurity.com/content/view/153487

------------------------------------------------------------------------

* SuSE: 2010-051: Linux kernel (Oct 15)
   -------------------------------------
   This updated openSUSE 11.3 kernel fixes the following security bugs:
   CVE-2010-3310: local users could corrupt kernel heap memory via ROSE
   sockets. CVE-2010-2962: local users could write to any kernel memory
   location via the i915 GEM ioctl interface. Exploitability requires
   the presence	[More...]

   http://www.linuxsecurity.com/content/view/153498

------------------------------------------------------------------------

* Ubuntu: 1007-1: NSS vulnerabilities (Oct 20)
   --------------------------------------------
   Richard Moore discovered that NSS would sometimes incorrectly match
   an SSLcertificate which had a Common Name that used a wildcard
   followed by a partialIP address. While it is very unlikely that a
   Certificate Authority would issuesuch a certificate, if an attacker
   were able to perform a man-in-the-middleattack, this flaw could be
   exploited to view sensitive information. [More...]

   http://www.linuxsecurity.com/content/view/153532

* Ubuntu: 997-1: Firefox and Xulrunner vulnerabilities (Oct 20)
   -------------------------------------------------------------
   Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh
   Soref, GaryKwong, Martijn Wargers, Siddharth Agarwal and Michal
   Zalewski discoveredvarious flaws in the browser engine. An attacker
   could exploit this tocrash the browser or possibly run arbitrary code
   as the user invoking theprogram. (CVE-2010-3175, CVE-2010-3176)
   [More...]

   http://www.linuxsecurity.com/content/view/153533

* Ubuntu: 1005-1: poppler vulnerabilities (Oct 19)
   ------------------------------------------------
   It was discovered that poppler contained multiple security issues
   whenparsing malformed PDF documents. If a user or automated system
   were trickedinto opening a crafted PDF file, an attacker could cause
   a denial ofservice or execute arbitrary code with privileges of the
   user invoking theprogram. [More...]

   http://www.linuxsecurity.com/content/view/153514

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux