Linux Advisory Watch: February 4th, 2011
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| February 4th, 2011 Volume 12, Number 6 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.
http://www.linuxsecurity.com/content/view/153159
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available!
----------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: 2157-1: postgresql-8.3, postgresql-8.4, postgresql-9.0: buffer overflow (Feb 3)
---------------------------------------------------------------------------------------
It was discovered that PostgreSQL's intarray contrib module does not
properly handle integers with a large number of digits, leading to a
server crash and potentially arbitary code execution. [More...]
http://www.linuxsecurity.com/content/view/154301
* Debian: 2156-1: pcscd: buffer overflow (Jan 31)
-----------------------------------------------
MWR InfoSecurity identified a buffer overflow in pcscd, middleware to
access a smart card via PC/SC, which could lead to the execution of
arbitrary code. [More...]
http://www.linuxsecurity.com/content/view/154263
* Debian: 2154-2: exim4: privilege escalation / regr (Jan 30)
-----------------------------------------------------------
The updated packages from DSA-2154-1 introduced a regression which
prevented unprivileged users from using 'exim4 -bf' to test filter
configurations. This update fixes this problem. [More...]
http://www.linuxsecurity.com/content/view/154262
* Debian: 2155-1: freetype: Multiple vulnerabilities (Jan 30)
-----------------------------------------------------------
Two buffer overflows were found in the Freetype font library, which
could lead to the execution of arbitrary code. For the stable
distribution (lenny), this problem has been fixed in [More...]
http://www.linuxsecurity.com/content/view/154261
* Debian: 2154-1: exim4: privilege escalation (Jan 30)
----------------------------------------------------
A design flaw (CVE-2010-4345) in exim4 allowed the loal Debian-exim
user to obtain root privileges by specifying an alternate
configuration file using the -C option or by using the macro override
facility (-D option). Unfortunately, fixing this vulnerability is not
[More...]
http://www.linuxsecurity.com/content/view/154260
* Debian: 2153-1: linux-2.6: privilege escalation/denial (Jan 30)
---------------------------------------------------------------
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leak. The Common Vulnerabilities and Exposures project identifies the
following problems: [More...]
http://www.linuxsecurity.com/content/view/154259
* Debian: 2152-1: hplip: buffer overflow (Jan 27)
-----------------------------------------------
Sebastian Krahmer discovered a buffer overflow in the SNMP discovery
code of the HP Linux Printing and Imaging System, which could result
in the execution of arbitrary code. [More...]
http://www.linuxsecurity.com/content/view/154249
------------------------------------------------------------------------
* Red Hat: 2011:0198-01: postgresql84: Moderate Advisory (Feb 3)
--------------------------------------------------------------
Updated postgresql84 packages that fix one security issue are now
available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154305
* Red Hat: 2011:0197-01: postgresql: Moderate Advisory (Feb 3)
------------------------------------------------------------
Updated postgresql packages that fix one security issue are now
available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
Security Response Team has rated this update as having moderate
[More...]
http://www.linuxsecurity.com/content/view/154304
* Red Hat: 2011:0195-01: php: Moderate Advisory (Feb 3)
-----------------------------------------------------
Updated php packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154302
* Red Hat: 2011:0196-01: php53: Moderate Advisory (Feb 3)
-------------------------------------------------------
Updated php53 packages that fix three security issues are now
available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154303
* Red Hat: 2011:0182-01: openoffice.org: Important Advisory (Jan 28)
------------------------------------------------------------------
Updated openoffice.org packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/154256
* Red Hat: 2011:0183-01: openoffice.org: Important Advisory (Jan 28)
------------------------------------------------------------------
Updated openoffice.org packages that fix multiple security issues and
one bug are now available for Red Hat Enterprise Linux 6. The Red Hat
Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/154257
* Red Hat: 2011:0180-01: pango: Moderate Advisory (Jan 27)
--------------------------------------------------------
Updated pango and evolution28-pango packages that fix one security
issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The
Red Hat Security Response Team has rated this update as having
moderate [More...]
http://www.linuxsecurity.com/content/view/154246
------------------------------------------------------------------------
* Ubuntu: 1058-1: PostgreSQL vulnerability (Feb 3)
------------------------------------------------
Geoff Keating reported that a buffer overflow exists in the
intarraymodule's input function for the query_int type. This could
allow anattacker to cause a denial of service or possibly execute
arbitrarycode as the postgres user. [More...]
http://www.linuxsecurity.com/content/view/154306
* Ubuntu: 1057-1: Linux kernel vulnerabilities (Feb 3)
----------------------------------------------------
Dave Chinner discovered that the XFS filesystem did not correctly
orderinode lookups when exported by NFS. A remote attacker could
exploit this toread or write disk blocks that had changed file
assignment or had becomeunlinked, leading to a loss of privacy.
(CVE-2010-2943) [More...]
http://www.linuxsecurity.com/content/view/154300
* Ubuntu: 1056-1: OpenOffice.org vulnerabilities (Feb 2)
------------------------------------------------------
Charlie Miller discovered several heap overflows in PPT processing.
Ifa user or automated system were tricked into opening a specially
craftedPPT document, a remote attacker could execute arbitrary code
with userprivileges. Ubuntu 10.10 was not affected. (CVE-2010-2935,
CVE-2010-2936) [More...]
http://www.linuxsecurity.com/content/view/154291
* Ubuntu: 1055-1: OpenJDK vulnerabilities (Feb 1)
-----------------------------------------------
It was discovered that IcedTea for Java did not properly
verifysignatures when handling multiply signed or partially signed
JAR files,allowing an attacker to cause code to execute that appeared
to comefrom a verified source. (CVE-2011-0025) [More...]
http://www.linuxsecurity.com/content/view/154283
* Ubuntu: 1053-1: Subversion vulnerabilities (Feb 1)
--------------------------------------------------
It was discovered that Subversion incorrectly handled certain
'partialaccess' privileges in rare scenarios. Remote authenticated
users could usethis flaw to obtain sensitive information (revision
properties). This issueonly applied to Ubuntu 6.06 LTS.
(CVE-2007-2448) [More...]
http://www.linuxsecurity.com/content/view/154282
------------------------------------------------------------------------
* Pardus: 2011-22: CCID: Integer Overflow (Feb 2)
-----------------------------------------------
A flaw was fixed in ccid, which could be exploited by physically
proximate attackers to execute arbitrary code .
http://www.linuxsecurity.com/content/view/154288
* Pardus: 2011-23: VLC: Heap Corruption (Feb 2)
---------------------------------------------
Two vulnerabilities have been identified in VLC Media Player, which
could be exploited by attackers.
http://www.linuxsecurity.com/content/view/154289
* Pardus: 2011-24: pcsc-lite: Buffer Overflow (Feb 2)
---------------------------------------------------
Multiple vulnerabilities have been fixed in pcsclite.
http://www.linuxsecurity.com/content/view/154290
* Pardus: 2011-19: Phpmyadmin: XSS Vulnerability (Jan 31)
-------------------------------------------------------
Cross-site scripting XSS vulnerability has been fixed in phpmyadmin.
http://www.linuxsecurity.com/content/view/154271
* Pardus: 2011-21: Wireshark: Multiple Vulnerabilities (Jan 31)
-------------------------------------------------------------
Multiple vulnerabilities have been fixed in wireshark.
http://www.linuxsecurity.com/content/view/154272
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
