Linux Advisory Watch: November 26th, 2010
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| November 26th, 2010 Volume 11, Number 48 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.
http://www.linuxsecurity.com/content/view/153159
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available!
----------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: 2125-1: openssl: buffer overflow (Nov 22)
-------------------------------------------------
A flaw has been found in the OpenSSL TLS server extension code
parsing which on affected servers can be exploited in a buffer
overrun attack. This allows an attacker to cause an appliation crash
or potentially to execute arbitrary code. [More...]
http://www.linuxsecurity.com/content/view/153780
------------------------------------------------------------------------
* Mandriva: 2010:241: gnucash (Nov 24)
------------------------------------
A vulnerability was discovered and corrected in gnucash: gnc-test-env
in GnuCash 2.3.15 and earlier places a zero-length directory name in
the LD_LIBRARY_PATH, which allows local users to gain privileges via
a Trojan horse shared library in the current [More...]
http://www.linuxsecurity.com/content/view/153795
* Mandriva: 2010:240: mono (Nov 24)
---------------------------------
A vulnerability was discovered and corrected in mono: Untrusted
search path vulnerability in metadata/loader.c in Mono 2.8 and
earlier allows local users to gain privileges via a Trojan horse
shared library in the current working directory (CVE-2010-4159).
[More...]
http://www.linuxsecurity.com/content/view/153794
* Mandriva: 2010:239: php (Nov 19)
--------------------------------
A possible double free flaw was found in the imap extension for php
(CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for
php-5.3.x that under certain circumstances could case a segmention
fault (crash). [More...]
http://www.linuxsecurity.com/content/view/153761
------------------------------------------------------------------------
* Red Hat: 2010:0907-01: kernel: Important Advisory (Nov 23)
----------------------------------------------------------
Updated kernel packages that fix one security issue and four bugs are
now available for Red Hat Enterprise Linux 5.4 Extended Update
Support. The Red Hat Security Response Team has rated this update as
having [More...]
http://www.linuxsecurity.com/content/view/153789
* Red Hat: 2010:0908-01: postgresql: Moderate Advisory (Nov 23)
-------------------------------------------------------------
Updated postgresql packages that fix one security issue are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/153788
------------------------------------------------------------------------
* Slackware: 2010-326-01: openssl: Security Update (Nov 22)
---------------------------------------------------------
New openssl packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, and -current to fix security issues. [More
Info...]
http://www.linuxsecurity.com/content/view/153775
* Slackware: 2010-324-01: xpdf: Security Update (Nov 20)
------------------------------------------------------
New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security
issues. [More Info...]
http://www.linuxsecurity.com/content/view/153773
* Slackware: 2010-324-02: poppler: Security Update (Nov 20)
---------------------------------------------------------
New poppler packages are available for Slackware 12.0, 12.1, 12.2,
13.0, 13.1, and -current to fix security issues. [More Info...]
http://www.linuxsecurity.com/content/view/153774
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
