Linux Advisory Watch: October 29th, 2010

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| October 29th, 2010                              Volume 11, Number 44 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.

http://www.linuxsecurity.com/content/view/153159


Review: Zabbix 1.8 Network Monitoring
-------------------------------------
If you have anything more than a small home network, you need to be
monitoring the status of your systems to ensure they are providing the
services they were designed to provide.

http://www.linuxsecurity.com/content/view/152990

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available!
   ----------------------------------------------
   Guardian Digital is happy to announce the release of EnGarde Secure
   Community 3.0.22 (Version 3.0, Release 22).  This release includes
   many updated packages and bug fixes and some feature enhancements to
   the EnGarde Secure Linux Installer and the SELinux policy.

   http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: 2122-1: glibc: missing input sanitization (Oct 22)
   ----------------------------------------------------------
   Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in
   GNU libc allows local users to gain root privileges using a crafted
   LD_AUDIT environment variable. [More...]

   http://www.linuxsecurity.com/content/view/153544

------------------------------------------------------------------------

* Mandriva: 2010:213: xulrunner (Oct 28)
   --------------------------------------
   A vulnerability was discovered and corrected in xulrunner:
   Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and
   3.6.x through 3.6.11, when JavaScript is enabled, allows remote
   attackers to execute arbitrary code via unknown vectors, as exploited
   [More...]

   http://www.linuxsecurity.com/content/view/153579

* Mandriva: 2010:212: glibc (Oct 24)
   ----------------------------------
   A vulnerability in the GNU C library (glibc) was discovered which
   could escalate the privilegies for local users (CVE-2010-3856).
   Packages for 2009.0 are provided as of the Extended Maintenance
   Program. Please visit this link to learn more: [More...]

   http://www.linuxsecurity.com/content/view/153553

* Mandriva: 2010:211: mozilla-thunderbird (Oct 22)
   ------------------------------------------------
   Security issues were identified and fixed in mozilla-thunderbird: The
   SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before
   3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
   SeaMonkey before 2.0.9 does not properly set the minimum key length
   [More...]

   http://www.linuxsecurity.com/content/view/153548

* Mandriva: 2010:210: firefox (Oct 22)
   ------------------------------------
   Security issues were identified and fixed in firefox: Mozilla Firefox
   before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and
   3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard
   IP address in the subject's Common Name field of [More...]

   http://www.linuxsecurity.com/content/view/153546

* Mandriva: 2010:209: libsmi (Oct 22)
   -----------------------------------
   A buffer overflow was discovered in libsmi when long OID was given in
   numerical form. This could lead to arbitraty code execution
   (CVE-2010-2891). Packages for 2009.0 are provided as of the Extended
   Maintenance [More...]

   http://www.linuxsecurity.com/content/view/153545

* Mandriva: 2010:208: pidgin (Oct 21)
   -----------------------------------
   A security vulnerability has been identified and fixed in pidgin: It
   has been discovered that eight denial of service conditions exist in
   libpurple all due to insufficient validation of the return value from
   purple_base64_decode(). Invalid or malformed data received in
   [More...]

   http://www.linuxsecurity.com/content/view/153536

------------------------------------------------------------------------

* Red Hat: 2010:0811-01: cups: Important Advisory (Oct 28)
   --------------------------------------------------------
   Updated cups packages that fix two security issues are now available
   for Red Hat Enterprise Linux 5. The Red Hat Security Response Team
   has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/153588

* Red Hat: 2010:0812-01: thunderbird: Moderate Advisory (Oct 28)
   --------------------------------------------------------------
   An updated thunderbird package that fixes one security issue is now
   available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/153589

* Red Hat: 2010:0810-01: seamonkey: Critical Advisory (Oct 27)
   ------------------------------------------------------------
   Updated seamonkey packages that fix one security issue are now
   available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/153574

* Red Hat: 2010:0807-01: java-1.5.0-ibm: Critical Advisory (Oct 27)
   -----------------------------------------------------------------
   Updated java-1.5.0-ibm packages that fix several security issues are
   now available for Red Hat Enterprise Linux 4 Extras and 5
   Supplementary. The Red Hat Security Response Team has rated this
   update as having critical [More...]

   http://www.linuxsecurity.com/content/view/153573

* Red Hat: 2010:0809-01: xulrunner: Critical Advisory (Oct 27)
   ------------------------------------------------------------
   Updated xulrunner packages that fix one security issue are now
   available for Red Hat Enterprise Linux 5. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/153571

* Red Hat: 2010:0808-01: firefox: Critical Advisory (Oct 27)
   ----------------------------------------------------------
   An updated firefox package that fixes one security issue is now
   available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/153572

* Red Hat: 2010:0792-01: kernel: Important Advisory (Oct 25)
   ----------------------------------------------------------
   Updated kernel packages that fix one security issue are now available
   for Red Hat Enterprise Linux 5. The Red Hat Security Response Team
   has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/153556

* Red Hat: 2010:0793-01: glibc: Important Advisory (Oct 25)
   ---------------------------------------------------------
   Updated glibc packages that fix one security issue are now available
   for Red Hat Enterprise Linux 5. The Red Hat Security Response Team
   has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/153557

* Red Hat: 2010:0788-01: pidgin: Moderate Advisory (Oct 21)
   ---------------------------------------------------------
   Updated pidgin packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/153542

------------------------------------------------------------------------

* Slackware: 2010-301-01: glibc: Security Update (Oct 29)
   -------------------------------------------------------
   New glibc packages are available for Slackware 12.0, 12.1, 12.2,
   13.0, 13.1, and -current to fix a security issue.  [More Info...]

   http://www.linuxsecurity.com/content/view/153592

* Slackware: 2010-301-02: mozilla-firefox: Security Update (Oct 29)
   -----------------------------------------------------------------
   New mozilla-firefox packages are available for Slackware 13.0, 13.1,
   and -current to fix security issues.	[More Info...]

   http://www.linuxsecurity.com/content/view/153591

* Slackware: 2010-300-01: seamonkey: Security Update (Oct 27)
   -----------------------------------------------------------
   New seamonkey packages are available for Slackware 12.2, 13.0, 13.1,
   and -current to fix security issues.	[More Info...]

   http://www.linuxsecurity.com/content/view/153570

* Slackware: 2010-295-03: mozilla-thunderbird: Security Update (Oct 22)
   ---------------------------------------------------------------------
   New mozilla-thunderbird packages are available for Slackware 13.1 and
   -current to fix security issues.  [More Info...]

   http://www.linuxsecurity.com/content/view/153550

* Slackware: 2010-295-01: glibc: Security Update (Oct 22)
   -------------------------------------------------------
   New glibc packages are available for Slackware 12.0, 12.1, 12.2,
   13.0, 13.1, and -current to fix a security issue.  [More Info...]

   http://www.linuxsecurity.com/content/view/153551

* Slackware: 2010-295-02: mozilla-firefox: Security Update (Oct 22)
   -----------------------------------------------------------------
   New mozilla-firefox packages are available for Slackware 13.0, 13.1,
   and -current to fix security issues.	[More Info...]

   http://www.linuxsecurity.com/content/view/153549

------------------------------------------------------------------------

* SuSE: 2010-053: Linux kernel (Oct 28)
   -------------------------------------
   The openSUSE 11.2 and 11.3 kernels were updated to fix 2 critical
   security issues and some small bugs. Following security issues were
   fixed: CVE-2010-3904: A local privilege escalation in RDS sockets
   allowed local attackers to gain root privileges.  [More...]

   http://www.linuxsecurity.com/content/view/153580

* SuSE: 2010-052: glibc (Oct 28)
   ------------------------------
   The Linux C library glibc was updated to fix critical security issues
   and several bugs: CVE-2010-3847: Decoding of the $ORIGIN special
   value in various LD_ environment variables allowed local attackers to
   execute code in context of e.g. setuid root programs, elevating
   privileges. This specific issue did not affect SUSE as an assertion
   triggers  [More...]

   http://www.linuxsecurity.com/content/view/153578

* SuSE: Weekly Summary 2010:019 (Oct 25)
   --------------------------------------
   To avoid flooding mailing lists with SUSE Security Announcements for
   minor issues, SUSE Security releases weekly summary reports for the
   low profile vulnerability fixes. The SUSE Security Summary Reports do
   not list or download URLs like the SUSE Security Announcements that
   are released for more severe vulnerabilities.  List of
   vulnerabilities in this summary include: OpenOffice_org,
   acroread/acroread_ja, cifs-mount/samba, dbus-1-glib, festival,
   freetype2, java-1_6_0-sun, krb5, libHX13/libHX18/libHX22, mipv6d,
   mysql, postgresql, squid3.

   http://www.linuxsecurity.com/content/view/153554

------------------------------------------------------------------------

* Ubuntu: 1011-3: Xulrunner vulnerability (Oct 29)
   ------------------------------------------------
   USN-1011-1 fixed a vulnerability in Firefox. This update provides
   thecorresponding update for Xulrunner. [More...]

   http://www.linuxsecurity.com/content/view/153590

* Ubuntu: 1010-1: OpenJDK vulnerabilities (Oct 28)
   ------------------------------------------------
   Marsh Ray and Steve Dispensa discovered a flaw in the TLS andSSLv3
   protocols. If an attacker could perform a man in the middleattack at
   the start of a TLS connection, the attacker could injectarbitrary
   content at the beginning of the user's session. USN-923-1disabled
   SSL/TLS renegotiation by default; this update implements [More...]

   http://www.linuxsecurity.com/content/view/153587

* Ubuntu: 1011-2: Thunderbird vulnerability (Oct 28)
   --------------------------------------------------
   USN-1011-1 fixed a vulnerability in Firefox. This update provides
   thecorresponding update for Thunderbird. [More...]

   http://www.linuxsecurity.com/content/view/153586

* Ubuntu: 1011-1: Firefox vulnerability (Oct 27)
   ----------------------------------------------
   Morten Krakvik discovered a heap-based buffer overflow in Firefox. If
   auser were tricked into navigating to a malicious site, an attacker
   couldcause a denial of service or possibly execute arbitrary code as
   the userinvoking the program. [More...]

   http://www.linuxsecurity.com/content/view/153575

* Ubuntu: 959-2: PAM vulnerability (Oct 25)
   -----------------------------------------
   USN-959-1 fixed vulnerabilities in PAM. This update provides
   thecorresponding updates for Ubuntu 10.10. [More...]

   http://www.linuxsecurity.com/content/view/153555

* Ubuntu: 1008-3: libvirt update (Oct 23)
   ---------------------------------------
   USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu
   10.04LTS reverted a recent bug fix update. This update fixes the
   problem. [More...]

   http://www.linuxsecurity.com/content/view/153552

* Ubuntu: 1008-2: Virtinst update (Oct 21)
   ----------------------------------------
   Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the
   imageformat and defaults to 'raw' when the format is not specified in
   the XML.This change in behavior breaks virt-install --import because
   virtinst inUbuntu 10.04 LTS did not allow for specifying a disk
   format and does notspecify a format in the XML. This update adds the
   'format=' option when [More...]

   http://www.linuxsecurity.com/content/view/153543

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux