+----------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 3rd, 2009 Volume 10, Number 14 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for openswan, strongswan, nss-ldapd, auth2db, xulrunner, seamonkey, kazehakase, gtmozembedmm, miro, mugshot, yelp, totem, mcmanx-gtk2, ruby, epiphany, chmsee, devhelp, gecko-sharp2, galeon, blam, krb5, libsoup, icu, xine, ghostscript, gst, and lcms. The distributors include Debian, Fedora, Red Hat, Ubuntu, and Pardus. --- >> Linux+DVD Magazine << In each issue you can find information concerning the best use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. Catch up with what professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software are doing! http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Review: Googling Security: How Much Does Google Know About You -------------------------------------------------------------- If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business and what you can do to protect yourself. http://www.linuxsecurity.com/content/view/145939 --- A Secure Nagios Server ---------------------- Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security. http://www.linuxsecurity.com/content/view/144088 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! (Dec 9) ------------------------------------------------------ Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: New openswan packages fix denial of service (Mar 30) ------------------------------------------------------------ Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. http://www.linuxsecurity.com/content/view/148465 * Debian: New strongswan packages fix denial of service (Mar 30) -------------------------------------------------------------- Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an IPSec implementation for linux, is prone to a denial of service attack via a malicious packet. http://www.linuxsecurity.com/content/view/148464 * Debian: New nss-ldapd packages fix information disclosure (Mar 30) ------------------------------------------------------------------ Leigh James that discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server. http://www.linuxsecurity.com/content/view/148463 * Debian: New auth2db packages fix SQL injection (Mar 30) ------------------------------------------------------- It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an SQL injection vulnerability, when used with multibyte character encodings. http://www.linuxsecurity.com/content/view/148456 * Debian: New xulrunner packages fix multiple vulnerabilities (Mar 29) -------------------------------------------------------------------- Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. http://www.linuxsecurity.com/content/view/148454 ------------------------------------------------------------------------ * Fedora 9 Update: seamonkey-1.1.15-3.fc9 (Mar 31) ------------------------------------------------ http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm l http://www.linuxsecurity.com/content/view/148468 * Fedora 9 Update: glib2-2.16.6-3.fc9 (Mar 31) -------------------------------------------- This update fixes possible integer overflows in the base64 handling functions. This has been reported in CVE-2008-4316. http://www.linuxsecurity.com/content/view/148467 * Fedora 10 Update: seamonkey-1.1.15-3.fc10 (Mar 31) -------------------------------------------------- http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm l http://www.linuxsecurity.com/content/view/148466 * Fedora 9 Update: seamonkey-1.1.15-3.fc9 (Mar 30) ------------------------------------------------ http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm l http://www.linuxsecurity.com/content/view/148460 * Fedora 9 Update: google-gadgets-0.10.5-4.fc9 (Mar 28) ----------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148445 * Fedora 9 Update: kazehakase-0.5.6-1.fc9.5 (Mar 28) -------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148446 * Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-27.fc9 (Mar 28) ---------------------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148447 * Fedora 9 Update: Miro-2.0.3-2.fc9 (Mar 28) ------------------------------------------ Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148448 * Fedora 9 Update: gnome-web-photo-0.3-19.fc9 (Mar 28) ---------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148449 * Fedora 9 Update: mozvoikko-0.9.5-8.fc9 (Mar 28) ----------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148450 * Fedora 9 Update: mugshot-1.2.2-7.fc9 (Mar 28) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148451 * Fedora 9 Update: yelp-2.22.1-10.fc9 (Mar 28) -------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148452 * Fedora 9 Update: totem-2.23.2-13.fc9 (Mar 28) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148453 * Fedora 10 Update: mugshot-1.2.2-7.fc10 (Mar 28) ----------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148431 * Fedora 10 Update: mozvoikko-0.9.5-8.fc10 (Mar 28) ------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148432 * Fedora 10 Update: pcmanx-gtk2-0.3.8-7.fc10 (Mar 28) --------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148433 * Fedora 10 Update: ruby-gnome2-0.18.1-5.fc10 (Mar 28) ---------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148434 * Fedora 10 Update: yelp-2.24.0-7.fc10 (Mar 28) --------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148435 * Fedora 9 Update: firefox-3.0.8-1.fc9 (Mar 28) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148436 * Fedora 9 Update: epiphany-extensions-2.22.1-9.fc9 (Mar 28) ---------------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148437 * Fedora 9 Update: chmsee-1.0.1-10.fc9 (Mar 28) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148438 * Fedora 9 Update: xulrunner-1.9.0.8-1.fc9 (Mar 28) ------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148439 * Fedora 9 Update: epiphany-2.22.2-9.fc9 (Mar 28) ----------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148440 * Fedora 9 Update: devhelp-0.19.1-10.fc9 (Mar 28) ----------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148441 * Fedora 9 Update: blam-1.8.5-7.fc9.1 (Mar 28) -------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148442 * Fedora 9 Update: gnome-python2-extras-2.19.1-25.fc9 (Mar 28) ------------------------------------------------------------ Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148443 * Fedora 9 Update: galeon-2.0.7-8.fc9 (Mar 28) -------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148444 * Fedora 10 Update: gecko-sharp2-0.13-6.fc10 (Mar 28) --------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148425 * Fedora 10 Update: gnome-python2-extras-2.19.1-28.fc10 (Mar 28) -------------------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148426 * Fedora 10 Update: gnome-web-photo-0.3-16.fc10 (Mar 28) ------------------------------------------------------ A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148427 * Fedora 10 Update: google-gadgets-0.10.5-4.fc10 (Mar 28) ------------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148428 * Fedora 10 Update: kazehakase-0.5.6-1.fc10.5 (Mar 28) ---------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148429 * Fedora 10 Update: Miro-2.0.3-2.fc10 (Mar 28) -------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148430 * Fedora 10 Update: firefox-3.0.8-1.fc10 (Mar 28) ----------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148417 * Fedora 10 Update: xulrunner-1.9.0.8-1.fc10 (Mar 28) --------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148418 * Fedora 10 Update: galeon-2.0.7-8.fc10 (Mar 28) ---------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148419 * Fedora 10 Update: devhelp-0.22-6.fc10 (Mar 28) ---------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148420 * Fedora 10 Update: epiphany-2.24.3-4.fc10 (Mar 28) ------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148421 * Fedora 10 Update: epiphany-extensions-2.24.0-6.fc10 (Mar 28) ------------------------------------------------------------ A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148422 * Fedora 10 Update: blam-1.8.5-8.fc10 (Mar 28) -------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148423 * Fedora 10 Update: evolution-rss-0.1.2-6.fc10 (Mar 28) ----------------------------------------------------- A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) http://www.linuxsecurity.com/content/view/148424 * Fedora 9 Update: Miro-2.0.3-2.fc9 (Mar 27) ------------------------------------------ Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148411 * Fedora 9 Update: mugshot-1.2.2-7.fc9 (Mar 27) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148412 * Fedora 9 Update: yelp-2.22.1-10.fc9 (Mar 27) -------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148413 * Fedora 9 Update: totem-2.23.2-13.fc9 (Mar 27) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148414 * Fedora 9 Update: xulrunner-1.9.0.8-1.fc9 (Mar 27) ------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148398 * Fedora 9 Update: epiphany-extensions-2.22.1-9.fc9 (Mar 27) ---------------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148399 * Fedora 9 Update: epiphany-2.22.2-9.fc9 (Mar 27) ----------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148400 * Fedora 9 Update: blam-1.8.5-7.fc9.1 (Mar 27) -------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148401 * Fedora 9 Update: chmsee-1.0.1-10.fc9 (Mar 27) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148402 * Fedora 9 Update: devhelp-0.19.1-10.fc9 (Mar 27) ----------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148403 * Fedora 9 Update: galeon-2.0.7-8.fc9 (Mar 27) -------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148404 * Fedora 9 Update: gnome-python2-extras-2.19.1-25.fc9 (Mar 27) ------------------------------------------------------------ Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148405 * Fedora 9 Update: gnome-web-photo-0.3-19.fc9 (Mar 27) ---------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148406 * Fedora 9 Update: google-gadgets-0.10.5-4.fc9 (Mar 27) ----------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148407 * Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-27.fc9 (Mar 27) ---------------------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148408 * Fedora 9 Update: mozvoikko-0.9.5-8.fc9 (Mar 27) ----------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148409 * Fedora 9 Update: kazehakase-0.5.6-1.fc9.5 (Mar 27) -------------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148410 * Fedora 9 Update: firefox-3.0.8-1.fc9 (Mar 27) --------------------------------------------- Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series http://www.linuxsecurity.com/content/view/148397 * Fedora 10 Update: netatalk-2.0.3-23.fc10 (Mar 26) ------------------------------------------------- The bug fixes backporting from upstream. http://www.linuxsecurity.com/content/view/148382 * Fedora 9 Update: netatalk-2.0.3-21.fc9 (Mar 26) ----------------------------------------------- The bug fixes backporting from upstream. http://www.linuxsecurity.com/content/view/148381 * Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-13.b14.fc10 (Mar 26) ----------------------------------------------------------------- Updated lcms to 1.18 in openjdk. this fixes many security issues. http://www.linuxsecurity.com/content/view/148380 ------------------------------------------------------------------------ * Gentoo: gedit Untrusted search path (Mar 30) -------------------------------------------- A vulnerability in gedit might allow local attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/148462 * Gentoo: Analog Denial of Service (Mar 29) ----------------------------------------- A Denial of Service vulnerability was discovered in Analog. http://www.linuxsecurity.com/content/view/148455 ------------------------------------------------------------------------ * Mandriva: [ MDVSA-2009:084 ] firefox (Apr 1) -------------------------------------------- Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 (CVE-2009-1044, CVE-2009-1169). This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates. http://www.linuxsecurity.com/content/view/148478 * Mandriva: [ MDVSA-2009:083 ] mozilla-thunderbird (Apr 1) -------------------------------------------------------- A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionaly, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architechture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues. http://www.linuxsecurity.com/content/view/148476 * Mandriva: [ MDVSA-2009:082 ] krb5 (Mar 30) ------------------------------------------ The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845). This update provides the fix for that security issue. http://www.linuxsecurity.com/content/view/148458 * Mandriva: [ MDVSA-2009:081 ] libsoup (Mar 27) --------------------------------------------- An integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code (CVE-2009-0585). This update provides the fix for that security issue. http://www.linuxsecurity.com/content/view/148394 * Mandriva: [ MDVSA-2009:080 ] glib2.0 (Mar 26) --------------------------------------------- Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input (CVE-2008-4316). http://www.linuxsecurity.com/content/view/148389 ------------------------------------------------------------------------ * RedHat: Important: kernel security and bug fix update (Apr 1) ------------------------------------------------------------- Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148475 * RedHat: Important: openswan security update (Mar 30) ---------------------------------------------------- Updated openswan packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148459 * RedHat: Critical: firefox security update (Mar 27) -------------------------------------------------- Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148395 * RedHat: Critical: seamonkey security update (Mar 27) ---------------------------------------------------- Updated seamonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148396 * RedHat: Important: kernel-rt security and bug fix update (Mar 27) ----------------------------------------------------------------- Updated kernel-rt packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148390 * RedHat: Critical: java-1.6.0-sun security update (Mar 26) --------------------------------------------------------- Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148385 * RedHat: Critical: java-1.5.0-sun security update (Mar 26) --------------------------------------------------------- Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148386 * RedHat: Moderate: net-snmp security update (Mar 26) --------------------------------------------------- Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148383 * RedHat: Moderate: systemtap security update (Mar 26) ---------------------------------------------------- Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148384 ------------------------------------------------------------------------ * Slackware: mozilla-firefox (Mar 28) ------------------------------------- New mozilla-firefox packages are available for Slackware 12.2, and -current to fix security issues. The new packages may also be used with earlier versions of Slackware. http://www.linuxsecurity.com/content/view/148416 * Slackware: glib2 (Mar 28) --------------------------- New glib2 packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix overflows that may be security issues. http://www.linuxsecurity.com/content/view/148415 ------------------------------------------------------------------------ * SuSE: acroread (SUSE-SA:2009:014) (Mar 27) ------------------------------------------ Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. http://www.linuxsecurity.com/content/view/148393 ------------------------------------------------------------------------ * Ubuntu: libsndfile vulnerability (Mar 30) ------------------------------------------ It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. http://www.linuxsecurity.com/content/view/148461 * Ubuntu: ICU vulnerability (Mar 26) ----------------------------------- It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed. http://www.linuxsecurity.com/content/view/148387 * Ubuntu: xine-lib vulnerability (Mar 26) ---------------------------------------- It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698) http://www.linuxsecurity.com/content/view/148388 ------------------------------------------------------------------------ * Pardus: Virtualbox: Privilege escalation (Apr 1) ------------------------------------------------ A vulnerability has been reported in Sun xVM VirtualBox, which can be exploited by malicious, local users to gain escalated privileges. http://www.linuxsecurity.com/content/view/148474 * Pardus: Firefox: Multiple Denial of Service (Apr 1) --------------------------------------------------- Mozilla Firefox is prone to two remote code-execution vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. http://www.linuxsecurity.com/content/view/148473 * Pardus: Sun-Java: Multiple Vulnerabilities (Apr 1) -------------------------------------------------- Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system. http://www.linuxsecurity.com/content/view/148472 * Pardus: Ghostscript: Multiple Integer (Apr 1) --------------------------------------------- The Ghostscript International Color Consortium Format Library(icclib), implementing support for the cross-platform device independent color profile format, is prone to multiple integer overflows and lacks multiple upper-bounds checks on certain variable sizes. http://www.linuxsecurity.com/content/view/148470 * Pardus: Gst-plugins-base: Integer Overflow (Apr 1) -------------------------------------------------- A vulnerability has been reported in GStreamer, which can potentially by exploited by malicious people to compromise an application using the library. http://www.linuxsecurity.com/content/view/148471 * Pardus: Lcms: Multiple Vulnerabilities (Apr 1) ---------------------------------------------- LittleCMS, an open source color management engine, suffers from several integer overflows resulting in stack based buffer overflows, various heap errors and memory leaks. http://www.linuxsecurity.com/content/view/148469 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------