Linux Advisory Watch: July 29th, 2011
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 29th, 2011 Volume 12, Number 31 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
--------------------------------------------------------------------------------
Mark Sobell again delivers the answers to common Linux administration
challenges, and provides thorough and step-by-step instructions to
configuring many of the common Linux Internet services in A Practical
Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.
http://www.linuxsecurity.com/content/view/152325
------------------------------------------------------------------------
* Debian: 2288-1: libsndfile: integer overflow (Jul 28)
-----------------------------------------------------
Hossein Lotfi discovered an integer overflow in libsndfile's code to
parse Paris Audio files, which could potentially lead to the
execution of arbitrary code. [More...]
http://www.linuxsecurity.com/content/view/155557
* Debian: 2287-1: libpng: Multiple vulnerabilities (Jul 28)
---------------------------------------------------------
The PNG library libpng has been affected by several vulnerabilities.
The most critical one is the identified as CVE-2011-2690. Using this
vulnerability, an attacker is able to overwrite memory with an
arbitrary amount of data controlled by her via a crafted PNG image.
[More...]
http://www.linuxsecurity.com/content/view/155551
* Debian: 2286-1: phpymadmin: Multiple vulnerabilities (Jul 26)
-------------------------------------------------------------
Several vulnerabilities were discovered in phpMyAdmin, a tool to
administrate MySQL over the web. The Common Vulnerabilities and
Exposures project identifies the following problems: [More...]
http://www.linuxsecurity.com/content/view/155539
* Debian: 2285-1: mapserver: Multiple vulnerabilities (Jul 25)
------------------------------------------------------------
Several vulnerabilities have been discovered in mapserver, a
CGI-based web framework to publish spatial data and interactive
mapping applications. The Common Vulnerabilities and Exposures
project identifies the following problems: [More...]
http://www.linuxsecurity.com/content/view/155530
* Debian: 2284-1: opensaml2: implementation error (Jul 25)
--------------------------------------------------------
Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco
Kampmann and Joerg Schwenk discovered that Shibboleth, a federated
web single sign-on system is vulnerable to XML signature wrapping
attacks. More details can be found in the Shibboleth [More...]
http://www.linuxsecurity.com/content/view/155527
* Debian: 2283-1: krb5-appl: programming error (Jul 25)
-----------------------------------------------------
Tim Zingelmann discovered that due an incorrect configure script the
kerborised FTP server failed to set the effective GID correctly,
resulting in privilege escalation. [More...]
http://www.linuxsecurity.com/content/view/155522
* Debian: 2282-1: qemu-kvm: Multiple vulnerabilities (Jul 25)
-----------------------------------------------------------
Two vulnerabilities have been discovered in KVM, a solution for full
virtualization on x86 hardware: CVE-2011-2212 [More...]
http://www.linuxsecurity.com/content/view/155521
* Debian: 2281-1: opie: Multiple vulnerabilities (Jul 21)
-------------------------------------------------------
Sebastian Krahmer discovered that opie, a system that makes it simple
to use One-Time passwords in applications, is prone to a privilege
escalation (CVE-2011-2490) and an off-by-one error, which can lead to
the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and
[More...]
http://www.linuxsecurity.com/content/view/155497
------------------------------------------------------------------------
* Mandriva: 2011:121: samba (Jul 27)
----------------------------------
Multiple vulnerabilities has been discovered and corrected in samba:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By
tricking a user who is authenticated with SWAT into clicking a
[More...]
http://www.linuxsecurity.com/content/view/155543
* Mandriva: 2011:120: freetype2 (Jul 27)
--------------------------------------
A vulnerability was discovered and corrected in freetype2: Integer
signedness error in psaux/t1decode.c in FreeType before 2.4.6, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted
[More...]
http://www.linuxsecurity.com/content/view/155542
* Mandriva: 2011:119: libsndfile (Jul 25)
---------------------------------------
A vulnerability was discovered and corrected in libsndfile: An
integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the libsndfile library processed certain Ensoniq
PARIS Audio Format (PAF) audio files. An attacker could [More...]
http://www.linuxsecurity.com/content/view/155528
* Mandriva: 2011:118: wireshark (Jul 24)
--------------------------------------
This advisory updates wireshark to the latest version (1.2.18),
fixing one security issue: The Lucent/Ascend file parser in Wireshark
1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote
attackers to cause a denial [More...]
http://www.linuxsecurity.com/content/view/155520
* Mandriva: 2011:117: krb5-appl (Jul 22)
--------------------------------------
A vulnerability was discovered and corrected in krb5-appl: ftpd.c in
the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka
krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return
value, which allows remote authenticated users to bypass [More...]
http://www.linuxsecurity.com/content/view/155512
* Mandriva: 2011:116: curl (Jul 22)
---------------------------------
A vulnerability was discovered and corrected in curl: The
Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6
through 7.21.6, as used in curl and other products, always performs
credential delegation during GSSAPI authentication, which allows
remote [More...]
http://www.linuxsecurity.com/content/view/155511
------------------------------------------------------------------------
* Red Hat: 2011:1105-01: libpng: Moderate Advisory (Jul 28)
---------------------------------------------------------
Updated libpng packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155556
* Red Hat: 2011:1104-01: libpng: Moderate Advisory (Jul 28)
---------------------------------------------------------
Updated libpng packages that fix two security issues are now
available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155555
* Red Hat: 2011:1103-01: libpng: Moderate Advisory (Jul 28)
---------------------------------------------------------
Updated libpng and libpng10 packages that fix one security issue are
now available for Red Hat Enterprise Linux 4. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155553
* Red Hat: 2011:1102-01: libsoup: Moderate Advisory (Jul 28)
----------------------------------------------------------
Updated libsoup packages that fix one security issue are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155554
* Red Hat: 2011:1100-01: icedtea-web: Moderate Advisory (Jul 27)
--------------------------------------------------------------
Updated icedtea-web packages that fix two security issues are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155544
* Red Hat: 2011:1089-01: systemtap: Moderate Advisory (Jul 25)
------------------------------------------------------------
Updated systemtap packages that fix one security issue are now
available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155532
* Red Hat: 2011:1088-01: systemtap: Moderate Advisory (Jul 25)
------------------------------------------------------------
Updated systemtap packages that fix two security issues are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155531
* Red Hat: 2011:1087-01: java-1.5.0-ibm: Critical Advisory (Jul 22)
-----------------------------------------------------------------
Updated java-1.5.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 Extras, and Red Hat
Enterprise Linux 5 and 6 Supplementary. [More...]
http://www.linuxsecurity.com/content/view/155519
* Red Hat: 2011:1085-01: freetype: Important Advisory (Jul 21)
------------------------------------------------------------
Updated freetype packages that fix one security issue are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155509
* Red Hat: 2011:1073-01: bash: Low Advisory (Jul 21)
--------------------------------------------------
An updated bash package that fixes one security issue, several bugs,
and adds one enhancement is now available for Red Hat Enterprise
Linux 5. The Red Hat Security Response Team has rated this update as
having low [More...]
http://www.linuxsecurity.com/content/view/155506
* Red Hat: 2011:1005-01: sysstat: Low Advisory (Jul 21)
-----------------------------------------------------
An updated sysstat package that fixes one security issue, various
bugs, and adds one enhancement is now available for Red Hat
Enterprise Linux 5. The Red Hat Security Response Team has rated this
update as having low [More...]
http://www.linuxsecurity.com/content/view/155503
* Red Hat: 2011:1000-01: rgmanager: Low Advisory (Jul 21)
-------------------------------------------------------
An updated rgmanager package that fixes one security issue, several
bugs, and adds multiple enhancements is now available for Red Hat
Enterprise Linux 5. [More...]
http://www.linuxsecurity.com/content/view/155500
* Red Hat: 2011:0975-01: sssd: Low Advisory (Jul 21)
--------------------------------------------------
Updated sssd packages that fix one security issue, several bugs, and
add various enhancements are now available for Red Hat Enterprise
Linux 5. The Red Hat Security Response Team has rated this update as
having low [More...]
http://www.linuxsecurity.com/content/view/155498
* Red Hat: 2011:0999-01: rsync: Moderate Advisory (Jul 21)
--------------------------------------------------------
An updated rsync package that fixes one security issue, several bugs,
and adds enhancements is now available for Red Hat Enterprise Linux
5. The Red Hat Security Response Team has rated this update as having
moderate [More...]
http://www.linuxsecurity.com/content/view/155499
------------------------------------------------------------------------
* SuSE: 2011-031: Linux kernel (Jul 25)
-------------------------------------
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to
2.6.32.43 and fixes various bugs and security issues. Following
security issues were fixed: CVE-2011-2496: The normal mmap paths all
avoid creating a mapping where the pgoff inside the mapping could
wrap around due to [More...]
http://www.linuxsecurity.com/content/view/155523
------------------------------------------------------------------------
* Ubuntu: 1181-1: libsoup2.4 vulnerability (Jul 28)
-------------------------------------------------
An attacker could send crafted URLs to a SoupServer application and
obtainunintended access to files.
http://www.linuxsecurity.com/content/view/155558
* Ubuntu: 1180-1: libvirt vulnerability (Jul 28)
----------------------------------------------
An authenticated attacker could send crafted input to libvirt and
cause itto crash.
http://www.linuxsecurity.com/content/view/155552
* Ubuntu: 1179-1: ClamAV vulnerability (Jul 28)
---------------------------------------------
An attacker could send crafted input to ClamAV and cause it tocrash.
http://www.linuxsecurity.com/content/view/155546
* Ubuntu: 1177-1: QEMU vulnerability (Jul 27)
-------------------------------------------
QEMU could be made to run with adminstrator group privileges under
certaincircumstances.
http://www.linuxsecurity.com/content/view/155545
* Ubuntu: 1176-1: DBus vulnerability (Jul 26)
-------------------------------------------
DBus could be made to crash if it processed a specially crafted
message.
http://www.linuxsecurity.com/content/view/155540
* Ubuntu: 1175-1: libpng vulnerabilities (Jul 26)
-----------------------------------------------
Libpng could be made to run programs as your login if it opened
aspecially crafted file.
http://www.linuxsecurity.com/content/view/155538
* Ubuntu: 1174-1: libsndfile vulnerability (Jul 25)
-------------------------------------------------
An application using libsndfile could be made to crash or possibly
runprograms as your login if it opened a specially crafted file.
http://www.linuxsecurity.com/content/view/155533
* Ubuntu: 1173-1: FreeType vulnerability (Jul 25)
-----------------------------------------------
FreeType could be made to run programs as your login if it opened
aspecially crafted font file.
http://www.linuxsecurity.com/content/view/155529
* Ubuntu: 1172-1: logrotate vulnerabilities (Jul 21)
--------------------------------------------------
An attacker could cause logrotate to run programs, stop working, or
readand write arbitrary files.
http://www.linuxsecurity.com/content/view/155510
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
