Linux Advisory Watch: September 9th, 2011
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 9th, 2011 Volume 12, Number 37 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux
---------------------------------------------------------------------
Mark Sobell again delivers the answers to common Linux administration
challenges, and provides thorough and step-by-step instructions to
configuring many of the common Linux Internet services in A Practical
Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.
http://www.linuxsecurity.com/content/view/152325
------------------------------------------------------------------------
* Debian: 2303-1: linux-2.6: privilege escalation/denial (Sep 8)
--------------------------------------------------------------
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems: [More...]
http://www.linuxsecurity.com/content/view/155793
* Debian: 2302-1: bcfg2: missing input sanitization (Sep 7)
---------------------------------------------------------
It has been discovered that the bcfg2 server, a configuration
management server for bcfg2 clients, is not properly sanitizing input
from bcfg2 clients before passing it to various shell commands. This
enables an attacker in control of a bcfg2 client to execute arbitrary
commands on [More...]
http://www.linuxsecurity.com/content/view/155786
* Debian: 2301-1: rails: Multiple vulnerabilities (Sep 5)
-------------------------------------------------------
Several vulnerabilities have been discovered in Rails, the Ruby web
application framework. The Common Vulnerabilities and Exposures
project identifies the following problems: [More...]
http://www.linuxsecurity.com/content/view/155768
* Debian: 2300-2: nss: comprimised certificate aut (Sep 5)
--------------------------------------------------------
Several unauthorised SSL certificates have been found in the wild
issued for the DigiNotar Certificate Authority, obtained through a
security compromise with said company. Debian, like other software
distributors, has as a precaution decided to disable the DigiNotar
[More...]
http://www.linuxsecurity.com/content/view/155767
* Debian: 2298-2: apache2: denial of service (Sep 5)
--------------------------------------------------
The apache2 Upgrade from DSA-2298-1 has caused a regression that
prevented some video players from seeking in video files served by
Apache HTTPD. This update fixes this bug. [More...]
http://www.linuxsecurity.com/content/view/155766
------------------------------------------------------------------------
* Mandriva: 2011:134: rsyslog (Sep 9)
-----------------------------------
A vulnerability was discovered and corrected in rsyslog: Stack-based
buffer overflow in the parseLegacySyslogMsg function in
tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0
through 5.8.4 might allow remote attackers to cause a denial of
[More...]
http://www.linuxsecurity.com/content/view/155795
* Mandriva: 2011:133: mozilla (Sep 7)
-----------------------------------
Security issues were identified and fixed in mozilla firefox and
thunderbird: As more information has come to light about the attack
on the DigiNotar Certificate Authority we have improved the
protections added in MFSA [More...]
http://www.linuxsecurity.com/content/view/155785
* Mandriva: 2011:132: pidgin (Sep 6)
----------------------------------
Multiple vulnerabilities has been identified and fixed in pidgin: It
was found that the gdk-pixbuf GIF image loader routine
gdk_pixbuf__gif_image_load() did not properly handle certain return
values from its subroutines. A remote attacker could provide a
[More...]
http://www.linuxsecurity.com/content/view/155771
* Mandriva: 2011:131: libxml (Sep 5)
----------------------------------
Multiple vulnerabilities has been discovered and corrected in
libxml/libxml2: Integer overflow in xpath.c in libxml2 2.6.x through
2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows
context-dependent [More...]
http://www.linuxsecurity.com/content/view/155758
* Mandriva: 2011:130: apache (Sep 4)
----------------------------------
Multiple vulnerabilities has been discovered and corrected in apache:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
denial of service (memory and CPU consumption) via a Range header
[More...]
http://www.linuxsecurity.com/content/view/155757
* Mandriva: 2011:129: mozilla (Sep 3)
-----------------------------------
Security issues were identified and fixed in mozilla firefox and
thunderbird: Google Chrome user alibo encountered an active man in
the middle (MITM) attack on secure SSL connections to Google servers.
The fraudulent [More...]
http://www.linuxsecurity.com/content/view/155756
------------------------------------------------------------------------
* Red Hat: 2011:1268-01: firefox: Important Advisory (Sep 6)
----------------------------------------------------------
Updated firefox packages that fix one security issue are now
available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155777
* Red Hat: 2011:1267-01: thunderbird: Important Advisory (Sep 6)
--------------------------------------------------------------
An updated thunderbird package that fixes one security issue is now
available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155776
* Red Hat: 2011:1266-01: seamonkey: Important Advisory (Sep 6)
------------------------------------------------------------
Updated seamonkey packages that fix one security issue are now
available for Red Hat Enterprise Linux 4. The Red Hat Security
Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155775
* Red Hat: 2011:1264-01: gstreamer-plugins: Important Advisory (Sep 6)
--------------------------------------------------------------------
Updated gstreamer-plugins packages that fix multiple security issues
are now available for Red Hat Enterprise Linux 4. The Red Hat
Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155773
* Red Hat: 2011:1212-01: kernel: Important Advisory (Sep 6)
---------------------------------------------------------
Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 5. The Red Hat
Security Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155774
* Red Hat: 2011:1248-01: ca-certificates: Important Advisory (Sep 2)
------------------------------------------------------------------
An updated ca-certificates package that fixes one security issue is
now available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/155749
* Red Hat: 2011:1247-01: rsyslog: Moderate Advisory (Sep 1)
---------------------------------------------------------
Updated rsyslog packages that fix one security issue are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/155745
------------------------------------------------------------------------
* Slackware: 2011-252-01: httpd: Security Update (Sep 9)
------------------------------------------------------
Not long ago, httpd package updates were issued to clamp down on a
denial of service bug that's seen some action in the wild. New
packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
13.37, and -current. [More Info...]
http://www.linuxsecurity.com/content/view/155796
* Slackware: 2011-249-03: seamonkey: Security Update (Sep 6)
----------------------------------------------------------
New seamonkey packages are available for Slackware 13.37 and -current
to fix security issues. [More Info...]
http://www.linuxsecurity.com/content/view/155778
* Slackware: 2011-249-02: mozilla-thunderbird: Security Update (Sep 6)
--------------------------------------------------------------------
New mozilla-thunderbird packages are available for Slackware 13.0,
13.1, 13.37, and -current to fix security issues. [More Info...]
http://www.linuxsecurity.com/content/view/155779
* Slackware: 2011-249-01: mozilla-firefox: Security Update (Sep 6)
----------------------------------------------------------------
New mozilla-firefox packages are available for Slackware 13.0, 13.1,
13.37, and -current to fix security issues. [More Info...]
http://www.linuxsecurity.com/content/view/155780
------------------------------------------------------------------------
* SuSE: 2011-038: Linux kernel (Sep 1)
------------------------------------
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to
2.6.32.45 and fixes various bugs and security issues. Following
security issues were fixed: CVE-2011-1776: Timo Warns reported an
issue in the Linux implementation for GUID partitions. Users with
physical access could gain access to [More...]
http://www.linuxsecurity.com/content/view/155743
------------------------------------------------------------------------
* Ubuntu: 1197-5: CA Certificates vulnerability (Sep 9)
-----------------------------------------------------
A certificate authority mis-issued fraudulent certificates.
http://www.linuxsecurity.com/content/view/155794
* Ubuntu: 1197-4: NSS vulnerability (Sep 8)
-----------------------------------------
A certificate authority mis-issued fraudulent certificates.
http://www.linuxsecurity.com/content/view/155792
* Ubuntu: 1197-3: Firefox and Xulrunner vulnerability (Sep 7)
-----------------------------------------------------------
A certificate authority issued fraudulent certificates.
http://www.linuxsecurity.com/content/view/155781
* Ubuntu: 1197-2: Thunderbird vulnerability (Sep 2)
-------------------------------------------------
A certificate authority issued fraudulent certificates.
http://www.linuxsecurity.com/content/view/155747
* Ubuntu: 1199-1: Apache vulnerability (Sep 1)
--------------------------------------------
A remote attacker could send crafted input to Apache and cause it to
crash.
http://www.linuxsecurity.com/content/view/155746
------------------------------------------------------------------------
* Pardus: 2011-113: dhcp: Multiple vulnerabilities (Sep 5)
--------------------------------------------------------
Multiple vulnerabilities have been fixed in dhcp.
http://www.linuxsecurity.com/content/view/155764
* Pardus: 2011-112: libmodplug: Multiple (Sep 5)
----------------------------------------------
Multiple vulnerabilities have been fixed in libmodplug.
http://www.linuxsecurity.com/content/view/155763
* Pardus: 2011-111: pidgin: Multiple Vulnerabilities (Sep 5)
----------------------------------------------------------
Multiple vulnerabilities have been fixed in pidgin.
http://www.linuxsecurity.com/content/view/155762
* Pardus: 2011-109: Subversion: Multible (Sep 5)
----------------------------------------------
Multiple vulnerabilties have been fixed in subversion.
http://www.linuxsecurity.com/content/view/155760
* Pardus: 2011-110: Samba: Multiple Vulnerabilities (Sep 5)
---------------------------------------------------------
Multiple vulnerabilities have been fixed in samba.
http://www.linuxsecurity.com/content/view/155761
* Pardus: 2011-108: libsoup: Directory Traversal (Sep 5)
------------------------------------------------------
A vulnerability has been fixed in libsoup.
http://www.linuxsecurity.com/content/view/155759
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
