+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | October 22nd, 2010 Volume 11, Number 43 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Review: The Official Ubuntu Book -------------------------------- If you haven't used Linux before, are new to Ubuntu, or would like a quick update on the latest in open source advancements for the desktop, then The Official Ubuntu Book is a great place to start. http://www.linuxsecurity.com/content/view/153159 Review: Zabbix 1.8 Network Monitoring ------------------------------------- If you have anything more than a small home network, you need to be monitoring the status of your systems to ensure they are providing the services they were designed to provide. http://www.linuxsecurity.com/content/view/152990 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! ---------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: 2121-1: typo3-src: Multiple vulnerabilities (Oct 19) ------------------------------------------------------------ Several remote vulnerabilities have been discovered in TYPO3. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/153516 ------------------------------------------------------------------------ * Mandriva: 2010:208: pidgin (Oct 21) ----------------------------------- A security vulnerability has been identified and fixed in pidgin: It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in [More...] http://www.linuxsecurity.com/content/view/153536 * Mandriva: 2010:207: glibc (Oct 20) ---------------------------------- A vulnerability in the GNU C library (glibc) was discovered which could escalate the privilegies for local users (CVE-2010-3847). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: [More...] http://www.linuxsecurity.com/content/view/153534 * Mandriva: 2010:205: freeciv (Oct 15) ------------------------------------ A vulnerability was discovered and corrected in freeciv: freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) [More...] http://www.linuxsecurity.com/content/view/153490 * Mandriva: 2010:204: avahi (Oct 14) ---------------------------------- A vulnerability was discovered and corrected in avahi: The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with [More...] http://www.linuxsecurity.com/content/view/153488 ------------------------------------------------------------------------ * Red Hat: 2010:0788-01: pidgin: Moderate Advisory (Oct 21) --------------------------------------------------------- Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/153542 * Red Hat: 2010:0787-01: glibc: Important Advisory (Oct 20) --------------------------------------------------------- Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/153535 * Red Hat: 2010:0785-01: quagga: Moderate Advisory (Oct 20) --------------------------------------------------------- Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/153531 * Red Hat: 2010:0786-01: java-1.4.2-ibm: Critical Advisory (Oct 20) ----------------------------------------------------------------- Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. [More...] http://www.linuxsecurity.com/content/view/153530 * Red Hat: 2010:0782-01: firefox: Critical Advisory (Oct 19) ---------------------------------------------------------- Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/153522 * Red Hat: 2010:0781-01: seamonkey: Critical Advisory (Oct 19) ------------------------------------------------------------ Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/153521 * Red Hat: 2010:0780-01: thunderbird: Moderate Advisory (Oct 19) -------------------------------------------------------------- An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/153520 * Red Hat: 2010:0779-01: kernel: Moderate Advisory (Oct 19) --------------------------------------------------------- Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/153515 * Red Hat: 2010:0771-01: kernel-rt: Moderate Advisory (Oct 14) ------------------------------------------------------------ Updated kernel-rt packages that fix multiple security issues and upgrade the kernel-rt kernel to version 2.6.33.7-rt29 are now available for Red Hat Enterprise MRG 1.3. [More...] http://www.linuxsecurity.com/content/view/153486 * Red Hat: 2010:0770-01: java-1.6.0-sun: Critical Advisory (Oct 14) ----------------------------------------------------------------- Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/153487 ------------------------------------------------------------------------ * SuSE: 2010-051: Linux kernel (Oct 15) ------------------------------------- This updated openSUSE 11.3 kernel fixes the following security bugs: CVE-2010-3310: local users could corrupt kernel heap memory via ROSE sockets. CVE-2010-2962: local users could write to any kernel memory location via the i915 GEM ioctl interface. Exploitability requires the presence [More...] http://www.linuxsecurity.com/content/view/153498 ------------------------------------------------------------------------ * Ubuntu: 1007-1: NSS vulnerabilities (Oct 20) -------------------------------------------- Richard Moore discovered that NSS would sometimes incorrectly match an SSLcertificate which had a Common Name that used a wildcard followed by a partialIP address. While it is very unlikely that a Certificate Authority would issuesuch a certificate, if an attacker were able to perform a man-in-the-middleattack, this flaw could be exploited to view sensitive information. [More...] http://www.linuxsecurity.com/content/view/153532 * Ubuntu: 997-1: Firefox and Xulrunner vulnerabilities (Oct 20) ------------------------------------------------------------- Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, GaryKwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discoveredvarious flaws in the browser engine. An attacker could exploit this tocrash the browser or possibly run arbitrary code as the user invoking theprogram. (CVE-2010-3175, CVE-2010-3176) [More...] http://www.linuxsecurity.com/content/view/153533 * Ubuntu: 1005-1: poppler vulnerabilities (Oct 19) ------------------------------------------------ It was discovered that poppler contained multiple security issues whenparsing malformed PDF documents. If a user or automated system were trickedinto opening a crafted PDF file, an attacker could cause a denial ofservice or execute arbitrary code with privileges of the user invoking theprogram. [More...] http://www.linuxsecurity.com/content/view/153514 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
