+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | November 26th, 2010 Volume 11, Number 48 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Review: The Official Ubuntu Book -------------------------------- If you haven't used Linux before, are new to Ubuntu, or would like a quick update on the latest in open source advancements for the desktop, then The Official Ubuntu Book is a great place to start. http://www.linuxsecurity.com/content/view/153159 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! ---------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: 2125-1: openssl: buffer overflow (Nov 22) ------------------------------------------------- A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code. [More...] http://www.linuxsecurity.com/content/view/153780 ------------------------------------------------------------------------ * Mandriva: 2010:241: gnucash (Nov 24) ------------------------------------ A vulnerability was discovered and corrected in gnucash: gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current [More...] http://www.linuxsecurity.com/content/view/153795 * Mandriva: 2010:240: mono (Nov 24) --------------------------------- A vulnerability was discovered and corrected in mono: Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-4159). [More...] http://www.linuxsecurity.com/content/view/153794 * Mandriva: 2010:239: php (Nov 19) -------------------------------- A possible double free flaw was found in the imap extension for php (CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could case a segmention fault (crash). [More...] http://www.linuxsecurity.com/content/view/153761 ------------------------------------------------------------------------ * Red Hat: 2010:0907-01: kernel: Important Advisory (Nov 23) ---------------------------------------------------------- Updated kernel packages that fix one security issue and four bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/153789 * Red Hat: 2010:0908-01: postgresql: Moderate Advisory (Nov 23) ------------------------------------------------------------- Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/153788 ------------------------------------------------------------------------ * Slackware: 2010-326-01: openssl: Security Update (Nov 22) --------------------------------------------------------- New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/153775 * Slackware: 2010-324-01: xpdf: Security Update (Nov 20) ------------------------------------------------------ New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/153773 * Slackware: 2010-324-02: poppler: Security Update (Nov 20) --------------------------------------------------------- New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/153774 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
