Linux Advisory Watch: August 19th, 2011
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 19th, 2011 Volume 12, Number 34 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
------------------------------------------------------------------------
* Debian: 2296-1: iceweasel: Multiple vulnerabilities (Aug 17)
------------------------------------------------------------
Several vulnerabilities have been discovered in Iceweasel, a web
browser based on Firefox. The included XULRunner library provides
rendering services for several other applications included in Debian.
[More...]
http://www.linuxsecurity.com/content/view/155671
* Debian: 2295-1: iceape: Multiple vulnerabilities (Aug 17)
---------------------------------------------------------
Several vulnerabilities have been found in the Iceape internet suite,
an unbranded version of Seamonkey: CVE-2011-0084 [More...]
http://www.linuxsecurity.com/content/view/155668
* Debian: 2294-1: freetype: missing input sanisiting (Aug 14)
-----------------------------------------------------------
It was discovered that insufficient input saniting in Freetype's code
to parse Type1 could lead to the execution of arbitrary code. For the
oldstable distribution (lenny), this problem has been fixed in
[More...]
http://www.linuxsecurity.com/content/view/155642
* Debian: 2293-1: libxfont: buffer overflow (Aug 12)
--------------------------------------------------
Tomas Hoger found a buffer overflow in the X.Org libXfont library,
which may allow for a local privilege escalation through crafted font
files. [More...]
http://www.linuxsecurity.com/content/view/155633
* Debian: 2292-1: isc-dhcp: denial of service (Aug 11)
----------------------------------------------------
David Zych discovered that the ISC DHCP crashes when processing
certain packets, leading to a denial of service. For the oldstable
distribution (lenny), this problem has been fixed in [More...]
http://www.linuxsecurity.com/content/view/155624
------------------------------------------------------------------------
* Mandriva: 2011:128: dhcp (Aug 18)
---------------------------------
Multiple vulnerabilities has been discovered and corrected in dhcp:
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to
cause a denial of service (daemon exit) via a crafted DHCP packet
[More...]
http://www.linuxsecurity.com/content/view/155674
* Mandriva: 2011:127: mozilla (Aug 17)
------------------------------------
Security issues were identified and fixed in mozilla firefox and
thunderbird: Mozilla developers and community members identified and
fixed several memory safety bugs in the browser engine used in
Firefox 3.6 and [More...]
http://www.linuxsecurity.com/content/view/155667
* Mandriva: 2011:126: java-1.6.0-openjdk (Aug 15)
-----------------------------------------------
Multiple vulnerabilities were discovered and corrected in
java-1.6.0-openjdk: Unspecified vulnerability in the Java Runtime
Environment (JRE) component in Oracle Java SE 6 Update 25 and
earlier, 5.0 Update 29 [More...]
http://www.linuxsecurity.com/content/view/155645
* Mandriva: 2011:125: foomatic-filters (Aug 14)
---------------------------------------------
A vulnerability has been discovered and corrected in
foomatic-filters: foomatic-rip allows remote attackers to execute
arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd
file (CVE-2011-2697, CVE-2011-2964). [More...]
http://www.linuxsecurity.com/content/view/155641
* Mandriva: 2011:124: phpmyadmin (Aug 14)
---------------------------------------
Multiple vulnerabilities has been discovered and corrected in
phpmyadmin: libraries/auth/swekey/swekey.auth.lib.php in the Swekey
authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x
before 3.4.3.1 [More...]
http://www.linuxsecurity.com/content/view/155640
* Mandriva: 2011:123: squirrelmail (Aug 13)
-----------------------------------------
Multiple vulnerabilities has been discovered and corrected in
squirrelmail: functions/page_header.php in SquirrelMail 1.4.21 and
earlier does not prevent page rendering inside a frame in a
third-party HTML document, [More...]
http://www.linuxsecurity.com/content/view/155639
* Mandriva: 2011:122: clamav (Aug 13)
-----------------------------------
A vulnerability has been discovered and corrected in clamav:
Off-by-one error in the cli_hm_scan function in matcher-hash.c in
libclamav in ClamAV before 0.97.2 allows remote attackers to cause a
denial of service (daemon crash) via an e-mail message that is not
[More...]
http://www.linuxsecurity.com/content/view/155638
------------------------------------------------------------------------
* Red Hat: 2011:1187-01: dovecot: Moderate Advisory (Aug 18)
----------------------------------------------------------
Updated dovecot packages that fix one security issue are now
available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
Security Response Team has rated this update as having moderate
[More...]
http://www.linuxsecurity.com/content/view/155675
* Red Hat: 2011:1167-01: seamonkey: Critical Advisory (Aug 16)
------------------------------------------------------------
Updated seamonkey packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. The Red Hat Security
Response Team has rated this update as having critical [More...]
http://www.linuxsecurity.com/content/view/155661
* Red Hat: 2011:1165-01: thunderbird: Critical Advisory (Aug 16)
--------------------------------------------------------------
An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 4 and 5. The Red Hat
Security Response Team has rated this update as having critical
[More...]
http://www.linuxsecurity.com/content/view/155660
* Red Hat: 2011:1164-01: firefox: Critical Advisory (Aug 16)
----------------------------------------------------------
Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
Security Response Team has rated this update as having critical
[More...]
http://www.linuxsecurity.com/content/view/155659
* Red Hat: 2011:1166-01: thunderbird: Critical Advisory (Aug 16)
--------------------------------------------------------------
An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having critical [More...]
http://www.linuxsecurity.com/content/view/155657
* Red Hat: 2011:1163-01: kernel: Important Advisory (Aug 16)
----------------------------------------------------------
Updated kernel packages that fix two security issues and three bugs
are now available for Red Hat Enterprise Linux 5.6 Extended Update
Support. The Red Hat Security Response Team has rated this update as
having [More...]
http://www.linuxsecurity.com/content/view/155658
* Red Hat: 2011:1161-01: freetype: Moderate Advisory (Aug 15)
-----------------------------------------------------------
Updated freetype packages that fix one security issue are now
available for Red Hat Enterprise Linux 4. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155648
* Red Hat: 2011:1159-01: java-1.4.2-ibm: Critical Advisory (Aug 15)
-----------------------------------------------------------------
Updated java-1.4.2-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 Extras and Red Hat
Enterprise Linux 5 Supplementary. [More...]
http://www.linuxsecurity.com/content/view/155647
* Red Hat: 2011:1160-01: dhcp: Moderate Advisory (Aug 15)
-------------------------------------------------------
Updated dhcp packages that fix two security issues are now available
for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155646
* Red Hat: 2011:1155-01: xorg-x11: Important Advisory (Aug 11)
------------------------------------------------------------
Updated xorg-x11 packages that fix one security issue are now
available for Red Hat Enterprise Linux 4. The Red Hat Security
Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155628
* Red Hat: 2011:1154-01: libXfont: Important Advisory (Aug 11)
------------------------------------------------------------
Updated libXfont packages that fix one security issue are now
available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security
Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155629
------------------------------------------------------------------------
* Slackware: 2011-224-01: bind: Security Update (Aug 12)
------------------------------------------------------
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current
to fix security issues. [More Info...]
http://www.linuxsecurity.com/content/view/155637
------------------------------------------------------------------------
* SuSE: 2011-034: Linux kernel (Aug 12)
-------------------------------------
This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes
several security issues and bugs. Following security issues were
fixed: CVE-2011-1093: The dccp_rcv_state_process function in
net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP)
implementation [More...]
http://www.linuxsecurity.com/content/view/155631
------------------------------------------------------------------------
* Ubuntu: 1193-1: Linux kernel vulnerabilities (Aug 19)
-----------------------------------------------------
Multiple kernel flaws have been fixed.
http://www.linuxsecurity.com/content/view/155682
* Ubuntu: 1184-1: Firefox and Xulrunner vulnerabilities (Aug 19)
--------------------------------------------------------------
Multiple vulnerabilities have been fixed in Firefox and Xulrunner.
http://www.linuxsecurity.com/content/view/155676
* Ubuntu: 1192-2: Mozvoikko update (Aug 17)
-----------------------------------------
This update provides a compatible Mozvoikko for Firefox 6.
http://www.linuxsecurity.com/content/view/155670
* Ubuntu: 1192-1: Firefox vulnerabilities (Aug 17)
------------------------------------------------
Multiple Firefox vulnerabilities have been fixed
http://www.linuxsecurity.com/content/view/155669
* Ubuntu: 1190-1: DHCP vulnerabilities (Aug 15)
---------------------------------------------
An attacker could send crafted input to DHCP and cause it to crash.
http://www.linuxsecurity.com/content/view/155643
* Ubuntu: 1191-1: libXfont vulnerability (Aug 15)
-----------------------------------------------
libXfont could be made to run programs as an administrator if it
opened aspecially crafted file.
http://www.linuxsecurity.com/content/view/155644
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
