Linux Advisory Watch - June 22nd 2007

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  June 22nd 2007                                Volume 8, Number 25a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for the Linux kernel, postgreSQL,
libexif, libeapache, ClamAV, Firefox, and mod_perl. The distributors
include Debian, Gentoo, Mandriva, and Red Hat.

---

Hakin9 Magazine - Hacking, IT Security and More

Subscribe today and get 10% off! Covers all things hackers need
including techniques about breaking into computer systems, defense and
protection methods. A great new magazine that'll be sure to keep you on
the cutting edge. Want to learn more about the magazine?

Get 10% the regular subscription price if you sign up by
the end of June!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=30&zoneid=1

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

Review: Practical Packet Analysis

In the introduction, McIlwraith points out that security awareness
training properly consists of communication, raising of issues, and
encouragement to modify behaviour. (This will come as no surprise
to those who recall the definition of training as the modification
of attitudes and behaviour.) He also notes that security professionals
frequently concentrate solely on presentation of problems. The
remainder of the introduction looks at other major security
activities, and the part that awareness plays in ensuring that
they actually work.

http://www.linuxsecurity.com/content/view/128459/171/

---


Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/128404/171/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New Linux kernel 2.6.8 packages fix several
  16th, June, 2007

Several local and remote vulnerabilities have been discovered in
the Linux kernel that may lead to a denial of service or the execution
of arbitrary code.Doug Chapman discovered a potential local DoS (deadlock)
in the mincore function caused by improper lock handling.

http://www.linuxsecurity.com/content/view/128557


* Debian: New PostgreSQL 8.1 packages fix privilege escalation
  16th, June, 2007

It was discovered that the PostgreSQL database performs insufficient
validation of variables passed to privileged SQL statements, so
called "security definers", which could lead to SQL privilege
escalation.

http://www.linuxsecurity.com/content/view/128565


* Debian: New libexif packages fix integer overflow
  16th, June, 2007

A vulnerability has been discovered in libexif, a library to parse
EXIF files, which allows denial of service and possible execution
of arbitary code via malformed EXIF data.


http://www.linuxsecurity.com/content/view/128567


* Debian: New libexif packages fix integer overflow
  16th, June, 2007

A vulnerability has been discovered in libexif, a library to parse
EXIF files, which allows denial of service and possible execution of
arbitary code via malformed EXIF data.

http://www.linuxsecurity.com/content/view/128568


* Debian: New PostgreSQL 7.4 packages fix privilege escalation
  17th, June, 2007

It was discovered that the PostgreSQL database performs insufficient
validation of variables passed to privileged SQL statement called
"security definers", which could lead to SQL privilege escalation.

http://www.linuxsecurity.com/content/view/128570


* Debian: New libapache-mod-jk packages fix information disclosure
  17th, June, 2007

It was discovered that the Apache 1.3 connector for the Tomcat Java
servlet engine decoded request URLs multiple times, which can lead
to information disclosure.

http://www.linuxsecurity.com/content/view/128571



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: ClamAV Multiple Denials of Service
  15th, June, 2007

ClamAV contains several vulnerabilities leading to a Denial of
Service. A remote attacker could send a specially crafted file to the
scanner, possibly triggering one of the vulnerabilities. The two
buffer overflows are reported to only cause Denial of Service. This
would lead to a Denial of Service by CPU consumption or a crash of
the scanner. The insecure temporary file creation vulnerability could
be used by a local user to access sensitive data.

http://www.linuxsecurity.com/content/view/128554



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated Firefox packages fix multiple
  15th, June, 2007

 A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Firefox program, version 2.0.0.4.
This update provides the latest Firefox to correct these issues.

http://www.linuxsecurity.com/content/view/128556


* Mandriva: Updated Firefox packages fix multiple
  16th, June, 2007

 A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Firefox program, version 2.0.0.4.
This update provides the latest Firefox to correct these issues.

http://www.linuxsecurity.com/content/view/128566



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: mod_perl security update
  18th, June, 2007

Updated mod_perl packages that fix a security issue are now available
for Red Hat Enterprise Linux 2.1. This update has been rated as
having moderate security impact by the Red Hat Security Response
Team.

http://www.linuxsecurity.com/content/view/128573

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux