+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | October 2nd, 2010 Volume 11, Number 40 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Review: The Official Ubuntu Book -------------------------------- If you haven't used Linux before, are new to Ubuntu, or would like a quick update on the latest in open source advancements for the desktop, then The Official Ubuntu Book is a great place to start. http://www.linuxsecurity.com/content/view/153159 Review: Zabbix 1.8 Network Monitoring ------------------------------------- If you have anything more than a small home network, you need to be monitoring the status of your systems to ensure they are providing the services they were designed to provide. http://www.linuxsecurity.com/content/view/152990 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! ---------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: 2115-1: moodle: Multiple vulnerabilities (Sep 29) --------------------------------------------------------- Several remote vulnerabilities have been discovered in Moodle, a course management system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/153385 * Debian: 2114-1: git-core: buffer overflow (Sep 26) -------------------------------------------------- The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create git repositories. This upgrade [More...] http://www.linuxsecurity.com/content/view/153355 ------------------------------------------------------------------------ * Gentoo: 201009-09: fence: Multiple symlink vulnerabilites (Sep 29) ------------------------------------------------------------------ fence contains multiple programs containing vulnerabilites that mayallow local users to overwrite arbitrary files via a symlink attack. http://www.linuxsecurity.com/content/view/153384 ------------------------------------------------------------------------ * Mandriva: 2010:191: mailman (Oct 1) ----------------------------------- Multiple vulnerabilities has been found and corrected in mailman: Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information [More...] http://www.linuxsecurity.com/content/view/153397 * Mandriva: 2010:190: libtiff (Sep 30) ------------------------------------ A vulnerability has been found and corrected in libtiff: libtiff allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image (CVE-2010-3087). [More...] http://www.linuxsecurity.com/content/view/153390 * Mandriva: 2010:189-1: pcsc-lite (Sep 24) ---------------------------------------- Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted [More...] http://www.linuxsecurity.com/content/view/153351 * Mandriva: 2010:189: pcsc-lite (Sep 24) -------------------------------------- Multiple vulnerabilities has been found and corrected in pcsc-lite: The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted [More...] http://www.linuxsecurity.com/content/view/153348 ------------------------------------------------------------------------ * Red Hat: 2010:0723-01: kernel: Important Advisory (Sep 29) ---------------------------------------------------------- Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/153381 * Red Hat: 2010:0720-02: mikmod: Moderate Advisory (Sep 28) --------------------------------------------------------- Updated mikmod packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/153371 * Red Hat: 2010:0719-01: kernel: Important Advisory (Sep 28) ---------------------------------------------------------- Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/153370 * Red Hat: 2010:0718-01: kernel: Important Advisory (Sep 28) ---------------------------------------------------------- Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/153369 ------------------------------------------------------------------------ * Ubuntu: 992-1: Avahi vulnerabilities (Sep 29) --------------------------------------------- It was discovered that Avahi incorrectly handled certain mDNS query packetswhen the reflector feature is enabled, which is not the defaultconfiguration on Ubuntu. A remote attacker could send crafted mDNS queriesand perform a denial of service on the server and on the network. Thisissue only affected Ubuntu 8.04 LTS and 9.04. (CVE-2009-0758) [More...] http://www.linuxsecurity.com/content/view/153382 * Ubuntu: 994-1: libHX vulnerability (Sep 29) ------------------------------------------- It was discovered that libHX incorrectly handled certain parameters to theHX_split function. An attacker could use this flaw to cause a denial ofservice or possibly execute arbitrary code with the privileges of the user. [More...] http://www.linuxsecurity.com/content/view/153383 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
