Linux Advisory Watch: September 9th, 2011

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| September 9th, 2011                             Volume 12, Number 37 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux
---------------------------------------------------------------------
Mark Sobell again delivers the answers to common Linux administration
challenges, and provides thorough and step-by-step instructions to
configuring many of the common Linux Internet services in A Practical
Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.

http://www.linuxsecurity.com/content/view/152325

------------------------------------------------------------------------
* Debian: 2303-1: linux-2.6: privilege escalation/denial (Sep 8)
   --------------------------------------------------------------
   Several vulnerabilities have been discovered in the Linux kernel that
   may lead to a denial of service or privilege escalation. The Common
   Vulnerabilities and Exposures project identifies the following
   problems: [More...]

   http://www.linuxsecurity.com/content/view/155793

* Debian: 2302-1: bcfg2: missing input sanitization (Sep 7)
   ---------------------------------------------------------
   It has been discovered that the bcfg2 server, a configuration
   management server for bcfg2 clients, is not properly sanitizing input
   from bcfg2 clients before passing it to various shell commands. This
   enables an attacker in control of a bcfg2 client to execute arbitrary
   commands on [More...]

   http://www.linuxsecurity.com/content/view/155786

* Debian: 2301-1: rails: Multiple vulnerabilities (Sep 5)
   -------------------------------------------------------
   Several vulnerabilities have been discovered in Rails, the Ruby web
   application framework. The Common Vulnerabilities and Exposures
   project identifies the following problems: [More...]

   http://www.linuxsecurity.com/content/view/155768

* Debian: 2300-2: nss: comprimised certificate aut (Sep 5)
   --------------------------------------------------------
   Several unauthorised SSL certificates have been found in the wild
   issued for the DigiNotar Certificate Authority, obtained through a
   security compromise with said company. Debian, like other software
   distributors, has as a precaution decided to disable the DigiNotar
   [More...]

   http://www.linuxsecurity.com/content/view/155767

* Debian: 2298-2: apache2: denial of service (Sep 5)
   --------------------------------------------------
   The apache2 Upgrade from DSA-2298-1 has caused a regression that
   prevented some video players from seeking in video files served by
   Apache HTTPD. This update fixes this bug. [More...]

   http://www.linuxsecurity.com/content/view/155766

------------------------------------------------------------------------

* Mandriva: 2011:134: rsyslog (Sep 9)
   -----------------------------------
   A vulnerability was discovered and corrected in rsyslog: Stack-based
   buffer overflow in the parseLegacySyslogMsg function in
   tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0
   through 5.8.4 might allow remote attackers to cause a denial of
   [More...]

   http://www.linuxsecurity.com/content/view/155795

* Mandriva: 2011:133: mozilla (Sep 7)
   -----------------------------------
   Security issues were identified and fixed in mozilla firefox and
   thunderbird: As more information has come to light about the attack
   on the DigiNotar Certificate Authority we have improved the
   protections added in MFSA [More...]

   http://www.linuxsecurity.com/content/view/155785

* Mandriva: 2011:132: pidgin (Sep 6)
   ----------------------------------
   Multiple vulnerabilities has been identified and fixed in pidgin: It
   was found that the gdk-pixbuf GIF image loader routine
   gdk_pixbuf__gif_image_load() did not properly handle certain return
   values from its subroutines. A remote attacker could provide a
   [More...]

   http://www.linuxsecurity.com/content/view/155771

* Mandriva: 2011:131: libxml (Sep 5)
   ----------------------------------
   Multiple vulnerabilities has been discovered and corrected in
   libxml/libxml2: Integer overflow in xpath.c in libxml2 2.6.x through
   2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows
   context-dependent [More...]

   http://www.linuxsecurity.com/content/view/155758

* Mandriva: 2011:130: apache (Sep 4)
   ----------------------------------
   Multiple vulnerabilities has been discovered and corrected in apache:
   The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
   2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
   denial of service (memory and CPU consumption) via a Range header
   [More...]

   http://www.linuxsecurity.com/content/view/155757

* Mandriva: 2011:129: mozilla (Sep 3)
   -----------------------------------
   Security issues were identified and fixed in mozilla firefox and
   thunderbird: Google Chrome user alibo encountered an active man in
   the middle (MITM) attack on secure SSL connections to Google servers.
   The fraudulent [More...]

   http://www.linuxsecurity.com/content/view/155756

------------------------------------------------------------------------

* Red Hat: 2011:1268-01: firefox: Important Advisory (Sep 6)
   ----------------------------------------------------------
   Updated firefox packages that fix one security issue are now
   available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155777

* Red Hat: 2011:1267-01: thunderbird: Important Advisory (Sep 6)
   --------------------------------------------------------------
   An updated thunderbird package that fixes one security issue is now
   available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155776

* Red Hat: 2011:1266-01: seamonkey: Important Advisory (Sep 6)
   ------------------------------------------------------------
   Updated seamonkey packages that fix one security issue are now
   available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155775

* Red Hat: 2011:1264-01: gstreamer-plugins: Important Advisory (Sep 6)
   --------------------------------------------------------------------
   Updated gstreamer-plugins packages that fix multiple security issues
   are now available for Red Hat Enterprise Linux 4. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155773

* Red Hat: 2011:1212-01: kernel: Important Advisory (Sep 6)
   ---------------------------------------------------------
   Updated kernel packages that fix multiple security issues and several
   bugs are now available for Red Hat Enterprise Linux 5. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155774

* Red Hat: 2011:1248-01: ca-certificates: Important Advisory (Sep 2)
   ------------------------------------------------------------------
   An updated ca-certificates package that fixes one security issue is
   now available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155749

* Red Hat: 2011:1247-01: rsyslog: Moderate Advisory (Sep 1)
   ---------------------------------------------------------
   Updated rsyslog packages that fix one security issue are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155745

------------------------------------------------------------------------

* Slackware: 2011-252-01: httpd: Security Update (Sep 9)
   ------------------------------------------------------
   Not long ago, httpd package updates were issued to clamp down on a
   denial of  service bug that's seen some action in the wild.  New
   packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
   13.37, and -current.	[More Info...]

   http://www.linuxsecurity.com/content/view/155796

* Slackware: 2011-249-03: seamonkey: Security Update (Sep 6)
   ----------------------------------------------------------
   New seamonkey packages are available for Slackware 13.37 and -current
   to fix security issues.  [More Info...]

   http://www.linuxsecurity.com/content/view/155778

* Slackware: 2011-249-02: mozilla-thunderbird: Security Update (Sep 6)
   --------------------------------------------------------------------
   New mozilla-thunderbird packages are available for Slackware 13.0,
   13.1, 13.37, and -current to fix security issues.  [More Info...]

   http://www.linuxsecurity.com/content/view/155779

* Slackware: 2011-249-01: mozilla-firefox: Security Update (Sep 6)
   ----------------------------------------------------------------
   New mozilla-firefox packages are available for Slackware 13.0, 13.1,
   13.37, and -current to fix security issues.  [More Info...]

   http://www.linuxsecurity.com/content/view/155780

------------------------------------------------------------------------

* SuSE: 2011-038: Linux kernel (Sep 1)
   ------------------------------------
   The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to
   2.6.32.45 and fixes various bugs and security issues. Following
   security issues were fixed: CVE-2011-1776: Timo Warns reported an
   issue in the Linux implementation for GUID partitions. Users with
   physical access could gain access to	[More...]

   http://www.linuxsecurity.com/content/view/155743

------------------------------------------------------------------------

* Ubuntu: 1197-5: CA Certificates vulnerability (Sep 9)
   -----------------------------------------------------
   A certificate authority mis-issued fraudulent certificates.

   http://www.linuxsecurity.com/content/view/155794

* Ubuntu: 1197-4: NSS vulnerability (Sep 8)
   -----------------------------------------
   A certificate authority mis-issued fraudulent certificates.

   http://www.linuxsecurity.com/content/view/155792

* Ubuntu: 1197-3: Firefox and Xulrunner vulnerability (Sep 7)
   -----------------------------------------------------------
   A certificate authority issued fraudulent certificates.

   http://www.linuxsecurity.com/content/view/155781

* Ubuntu: 1197-2: Thunderbird vulnerability (Sep 2)
   -------------------------------------------------
   A certificate authority issued fraudulent certificates.

   http://www.linuxsecurity.com/content/view/155747

* Ubuntu: 1199-1: Apache vulnerability (Sep 1)
   --------------------------------------------
   A remote attacker could send crafted input to Apache and cause it to
   crash.

   http://www.linuxsecurity.com/content/view/155746

------------------------------------------------------------------------

* Pardus: 2011-113: dhcp: Multiple vulnerabilities (Sep 5)
   --------------------------------------------------------
   Multiple vulnerabilities have been fixed in dhcp.

   http://www.linuxsecurity.com/content/view/155764

* Pardus: 2011-112: libmodplug: Multiple (Sep 5)
   ----------------------------------------------
   Multiple vulnerabilities have been fixed in libmodplug.

   http://www.linuxsecurity.com/content/view/155763

* Pardus: 2011-111: pidgin: Multiple Vulnerabilities (Sep 5)
   ----------------------------------------------------------
   Multiple vulnerabilities have been fixed in pidgin.

   http://www.linuxsecurity.com/content/view/155762

* Pardus: 2011-109: Subversion: Multible (Sep 5)
   ----------------------------------------------
   Multiple vulnerabilties have been fixed in subversion.

   http://www.linuxsecurity.com/content/view/155760

* Pardus: 2011-110: Samba: Multiple Vulnerabilities (Sep 5)
   ---------------------------------------------------------
   Multiple vulnerabilities have been fixed in samba.

   http://www.linuxsecurity.com/content/view/155761

* Pardus: 2011-108: libsoup: Directory Traversal (Sep 5)
   ------------------------------------------------------
   A vulnerability has been fixed in libsoup.

   http://www.linuxsecurity.com/content/view/155759

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux