Linux Advisory Watch: March 18th, 2011
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 18th, 2011 Volume 12, Number 12 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.
http://www.linuxsecurity.com/content/view/153159
------------------------------------------------------------------------
* Debian: 2186-2: Security Summary: Summary (Mar 18)
--------------------------------------------------
Security Report Summary
http://www.linuxsecurity.com/content/view/154647
* Debian: 2194-1: libvirt: insufficient checks (Mar 18)
-----------------------------------------------------
It was discovered that libvirt, a library for interfacing with
different virtualization systems, did not properly check for
read-only connections. This allowed a local attacker to perform a
denial of service (crash) or possibly escalate privileges. [More...]
http://www.linuxsecurity.com/content/view/154643
* Debian: 2193-1: libcgroup: Multiple vulnerabilities (Mar 16)
------------------------------------------------------------
Several issues have been discovered in libcgroup, a library to
control and monitor control groups: CVE-2011-1006 [More...]
http://www.linuxsecurity.com/content/view/154636
* Debian: 2192-1: chromium-browser: Multiple vulnerabilities (Mar 15)
-------------------------------------------------------------------
Several vulnerabilities were discovered in the Chromium browser. The
Common Vulnerabilities and Exposures project identifies the following
problems: [More...]
http://www.linuxsecurity.com/content/view/154627
* Debian: 2191-1: proftpd-dfsg: Multiple vulnerabilities (Mar 14)
---------------------------------------------------------------
Several vulnerabilities have been discovered in ProFTPD, a versatile,
virtual-hosting FTP daemon: CVE-2008-7265 [More...]
http://www.linuxsecurity.com/content/view/154621
* Debian: 2190-1: wordpress: Multiple vulnerabilities (Mar 11)
------------------------------------------------------------
Two XSS bugs and one potential information disclosure issue were
discovered in wordpress, a weblog manager. The Common Vulnerabilities
and Exposures project identifies the [More...]
http://www.linuxsecurity.com/content/view/154611
* Debian: 2189-1: chromium-browser: Multiple vulnerabilities (Mar 10)
-------------------------------------------------------------------
Several vulnerabilities were discovered in the Chromium browser. The
Common Vulnerabilities and Exposures project identifies the following
problems: [More...]
http://www.linuxsecurity.com/content/view/154602
* Debian: 2188-1: webkit: Multiple vulnerabilities (Mar 10)
---------------------------------------------------------
Several vulnerabilities have been discovered in webkit, a Web content
engine library for Gtk+. The Common Vulnerabilities and Exposures
project identifies the following problems: [More...]
http://www.linuxsecurity.com/content/view/154598
* Debian: 2187-1: icedove: Multiple vulnerabilities (Mar 10)
----------------------------------------------------------
Several vulnerabilities have been discovered in Icedove, an unbranded
version of the Thunderbird mail/news client. CVE-2010-1585 [More...]
http://www.linuxsecurity.com/content/view/154597
* Debian: 2186-1: iceweasel: Multiple vulnerabilities (Mar 10)
------------------------------------------------------------
Several vulnerabilities have been discovered in Iceweasel, a web
browser based on Firefox. The included XULRunner library provides
rendering services for several other applications included in Debian.
[More...]
http://www.linuxsecurity.com/content/view/154596
------------------------------------------------------------------------
* Red Hat: 2011:0364-01: java-1.5.0-ibm: Critical Advisory (Mar 17)
-----------------------------------------------------------------
Updated java-1.5.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 Extras, and Red Hat
Enterprise Linux 5 and 6 Supplementary. [More...]
http://www.linuxsecurity.com/content/view/154641
* Red Hat: 2011:0357-01: java-1.6.0-ibm: Critical Advisory (Mar 16)
-----------------------------------------------------------------
Updated java-1.6.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 Extras, and Red Hat
Enterprise Linux 5 and 6 Supplementary. [More...]
http://www.linuxsecurity.com/content/view/154631
* Red Hat: 2011:0356-01: krb5: Important Advisory (Mar 16)
--------------------------------------------------------
Updated krb5 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6. The Red Hat Security Response Team
has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/154630
* Red Hat: 2011:0347-01: openldap: Moderate Advisory (Mar 10)
-----------------------------------------------------------
Updated openldap packages that fix three security issues are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154606
* Red Hat: 2011:0330-01: kernel-rt: Important Advisory (Mar 10)
-------------------------------------------------------------
Updated kernel-rt packages that fix multiple security issues and
three bugs are now available for Red Hat Enterprise MRG 1.3. The Red
Hat Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/154605
* Red Hat: 2011:0346-01: openldap: Moderate Advisory (Mar 10)
-----------------------------------------------------------
Updated openldap packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154604
* Red Hat: 2011:0345-01: qemu-kvm: Moderate Advisory (Mar 10)
-----------------------------------------------------------
Updated qemu-kvm packages that fix one security issue are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154603
------------------------------------------------------------------------
* Slackware: 2011-070-01: subversion: Security Update (Mar 11)
------------------------------------------------------------
New subversion packages are available for Slackware 12.0, 12.1, 12.2,
13.0, 13.1, and -current to fix a security issue. [More Info...]
http://www.linuxsecurity.com/content/view/154608
------------------------------------------------------------------------
* SuSE: 2011-013: Mozilla Firefox (Mar 15)
----------------------------------------
The MozillaFirefox browser was updated to version 3.6.15, fixing
various security issues. Additionally Mozilla Seamonkey was updated
to version 2.0.12 and Mozilla Thunderbird was updated to version
3.1.8 on openSUSE 11.2-11.4. The SUSE Linux Enterprise 10 SP3 release
of MozillaFirefox is still [More...]
http://www.linuxsecurity.com/content/view/154624
------------------------------------------------------------------------
* Ubuntu: 1079-3: OpenJDK 6 vulnerabilities (Mar 17)
--------------------------------------------------
USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel
(ARM)architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update
fixesvulnerabilities in OpenJDK 6 for armel (ARM) architectures for
Ubuntu10.10. [More...]
http://www.linuxsecurity.com/content/view/154640
* Ubuntu: 1085-2: tiff regression (Mar 14)
----------------------------------------
USN-1085-1 fixed vulnerabilities in the system TIFF library. The
upstreamfixes were incomplete and created problems for certain
CCITTFAX4 files.This update fixes the problem. [More...]
http://www.linuxsecurity.com/content/view/154623
* Ubuntu: 1087-1: libvpx vulnerability (Mar 11)
---------------------------------------------
Chris Evans discovered that libvpx did not properly perform
boundschecking. If an application using libvpx opened a specially
crafted WebMfile, an attacker could cause a denial of service.
[More...]
http://www.linuxsecurity.com/content/view/154612
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
