Linux Advisory Watch: March 4th, 2011

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| March 4th, 2011                                 Volume 12, Number 10 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.

http://www.linuxsecurity.com/content/view/153159

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available!
   ----------------------------------------------
   Guardian Digital is happy to announce the release of EnGarde Secure
   Community 3.0.22 (Version 3.0, Release 22).  This release includes
   many updated packages and bug fixes and some feature enhancements to
   the EnGarde Secure Linux Installer and the SELinux policy.

   http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: 2181-1: subversion: denial of service (Mar 4)
   -----------------------------------------------------
   Philip Martin discovered that HTTP-based Subversion servers crash
   when processing lock requests on repositories which support
   unauthenticated read access. [More...]

   http://www.linuxsecurity.com/content/view/154547

* Debian: 2180-1: iceape: Multiple vulnerabilities (Mar 3)
   --------------------------------------------------------
   Several vulnerabilities have been found in the Iceape internet suite,
   an unbranded version of Seamonkey: CVE-2010-1585 [More...]

   http://www.linuxsecurity.com/content/view/154546

* Debian: 2179-1: dtc: SQL injection (Mar 2)
   ------------------------------------------
   Ansgar Burchardt discovered several vulnerabilities in DTC, a web
   control panel for admin and accounting hosting services.
   CVE-2011-0434 [More...]

   http://www.linuxsecurity.com/content/view/154535

* Debian: 2178-1: pango1.0: NULL pointer dereference (Mar 2)
   ----------------------------------------------------------
   It was discovered that pango did not check for memory allocation
   failures, causing a NULL pointer dereference with an adjustable
   offset. This can lead to application crashes and potentially
   arbitrary code execution. [More...]

   http://www.linuxsecurity.com/content/view/154534

* Debian: 2177-1: pywebdav: SQL injection (Mar 2)
   -----------------------------------------------
   It was discovered that python-webdav, a WebDAV server implementation,
   contains several SQL injection vulnerabilities in the processing of
   user credentials. [More...]

   http://www.linuxsecurity.com/content/view/154533

* Debian: 2176-1: cups: Multiple vulnerabilities (Mar 1)
   ------------------------------------------------------
   Several vulnerabilities have been discovered in the Common UNIX
   Printing System: CVE-2008-5183 [More...]

   http://www.linuxsecurity.com/content/view/154514

* Debian: 2163-2: dajaxice: Multiple vulnerabilities (Mar 1)
   ----------------------------------------------------------
   The changes in python-django DSA-2163 necessary to fix the issues
   CVE-2011-0696 and CVE-2011-0697 introduced an unavoidable backward
   incompatibility, which caused a regression in dajaxice, which depends
   on python-django. This update supplies fixed packages for [More...]

   http://www.linuxsecurity.com/content/view/154511

* Debian: 2175-1: samba: missing input sanisiting (Feb 28)
   --------------------------------------------------------
   Volker Lendecke discovered that missing range checks in Samba's file
   descriptor handling could lead to memory corruption, resulting in
   denial of service. [More...]

   http://www.linuxsecurity.com/content/view/154500

* Debian: 2174-1: avahi: denial of service (Feb 26)
   -------------------------------------------------
   It was discovered that avahi, an implementation of the zeroconf
   protocol, can be crashed remotely by a single UDP packet, which may
   result in a denial of service. [More...]

   http://www.linuxsecurity.com/content/view/154489

* Debian: 2173-1: pam-pgsql: buffer overflow (Feb 26)
   ---------------------------------------------------
   It was discovered that pam-pgsql, a PAM module to authenticate using
   a PostgreSQL database, was vulnerable to a buffer overflow in
   supplied IP-addresses. [More...]

   http://www.linuxsecurity.com/content/view/154488

------------------------------------------------------------------------

* Mandriva: 2011:040: pango (Mar 3)
   ---------------------------------
   A vulnerability has been found and corrected in pango: It was
   discovered that pango did not check for memory reallocation failures
   in hb_buffer_ensure() function.  This could trigger a NULL pointer
   dereference in hb_buffer_add_glyph(), where possibly untrusted
   [More...]

   http://www.linuxsecurity.com/content/view/154541

* Mandriva: 2011:039: webkit (Mar 2)
   ----------------------------------
   Multiple cross-site scripting, denial of service and arbitrary code
   execution security flaws were discovered in webkit. Please consult
   the CVE web links for further information. [More...]

   http://www.linuxsecurity.com/content/view/154527

* Mandriva: 2011:038: samba (Feb 28)
   ----------------------------------
   A vulnerability has been found and corrected in samba: All current
   released versions of Samba are vulnerable to a denial of service
   caused by memory corruption. Range checks on file descriptors being
   used in the FD_SET macro were not present allowing stack [More...]

   http://www.linuxsecurity.com/content/view/154497

* Mandriva: 2011:037: avahi (Feb 24)
   ----------------------------------
   A vulnerability has been found and corrected in avahi:
   avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows
   remote attackers to cause a denial of service (infinite loop) via an
   empty (1) IPv4 or (2) IPv6 UDP packet to port 5353.  NOTE: this
   [More...]

   http://www.linuxsecurity.com/content/view/154471

------------------------------------------------------------------------

* Red Hat: 2011:0318-01: libtiff: Important Advisory (Mar 2)
   ----------------------------------------------------------
   Updated libtiff packages that fix one security issue are now
   available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/154538

* Red Hat: 2011:0313-01: seamonkey: Critical Advisory (Mar 1)
   -----------------------------------------------------------
   Updated seamonkey packages that fix several security issues are now
   available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/154525

* Red Hat: 2011:0311-01: thunderbird: Critical Advisory (Mar 1)
   -------------------------------------------------------------
   An updated thunderbird package that fixes several security issues is
   now available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/154524

* Red Hat: 2011:0312-01: thunderbird: Moderate Advisory (Mar 1)
   -------------------------------------------------------------
   An updated thunderbird package that fixes several security issues is
   now available for Red Hat Enterprise Linux 4 and 5. The Red Hat
   Security Response Team has rated this update as having moderate
   [More...]

   http://www.linuxsecurity.com/content/view/154523

* Red Hat: 2011:0309-01: pango: Critical Advisory (Mar 1)
   -------------------------------------------------------
   Updated pango packages that fix one security issue are now available
   for Red Hat Enterprise Linux 6. The Red Hat Security Response Team
   has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/154521

* Red Hat: 2011:0310-01: firefox: Critical Advisory (Mar 1)
   ---------------------------------------------------------
   Updated firefox packages that fix several security issues and one bug
   are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red
   Hat Security Response Team has rated this update as having critical
   [More...]

   http://www.linuxsecurity.com/content/view/154522

* Red Hat: 2011:0307-01: mailman: Moderate Advisory (Mar 1)
   ---------------------------------------------------------
   An updated mailman package that fixes multiple security issues is now
   available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/154519

* Red Hat: 2011:0308-01: mailman: Moderate Advisory (Mar 1)
   ---------------------------------------------------------
   An updated mailman package that fixes multiple security issues is now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/154518

* Red Hat: 2011:0306-01: samba3x: Important Advisory (Mar 1)
   ----------------------------------------------------------
   Updated samba3x packages that fix one security issue are now
   available for Red Hat Enterprise Linux 5. The Red Hat Security
   Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/154517

* Red Hat: 2011:0305-01: samba: Important Advisory (Mar 1)
   --------------------------------------------------------
   Updated samba packages that fix one security issue are now available
   for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security
   Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/154515

* Red Hat: 2011:0303-01: kernel: Moderate Advisory (Mar 1)
   --------------------------------------------------------
   Updated kernel packages that fix three security issues and several
   bugs are now available for Red Hat Enterprise Linux 5. The Red Hat
   Security Response Team has rated this update as having moderate
   [More...]

   http://www.linuxsecurity.com/content/view/154516

------------------------------------------------------------------------

* Slackware: 2011-060-01: mozilla-firefox: Security Update (Mar 2)
   ----------------------------------------------------------------
   New mozilla-firefox packages are available for Slackware 13.0, 13.1,
   and -current to fix security issues.	[More Info...]

   http://www.linuxsecurity.com/content/view/154526

* Slackware: 2011-059-01: samba: Security Update (Feb 28)
   -------------------------------------------------------
   New samba packages are available for Slackware 10.0, 10.1, 10.2,
   11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a denial of
   service security issue.  [More Info...]

   http://www.linuxsecurity.com/content/view/154504

* Slackware: 2011-055-01: pidgin: Security Update (Feb 25)
   --------------------------------------------------------
   New pidgin packages are available for Slackware 12.0, 12.1, 12.2,
   13.0, 13.1, and -current to fix a security issue.  [More Info...]

   http://www.linuxsecurity.com/content/view/154479

------------------------------------------------------------------------

* Ubuntu: 1050-1: Thunderbird vulnerabilities (Mar 2)
   ---------------------------------------------------
   Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden,
   HenrySivonen, Martijn Wargers, David Baron and Marcia Knous
   discovered severalmemory issues in the browser engine. An attacker
   could exploit these tocrash the browser or possibly run arbitrary
   code as the user invoking theprogram. (CVE-2011-0053, CVE-2011-0062)
   [More...]

   http://www.linuxsecurity.com/content/view/154539

* Ubuntu: 1083-1: Linux kernel vulnerabilities (Mar 2)
   ----------------------------------------------------
   Al Viro discovered a race condition in the TTY driver. A local
   attackercould exploit this to crash the system, leading to a denial
   of service.(CVE-2009-4895) [More...]

   http://www.linuxsecurity.com/content/view/154537

* Ubuntu: 1080-2: Linux kernel vulnerabilities (Mar 2)
   ----------------------------------------------------
   USN-1080-1 fixed vulnerabilities in the Linux kernel. This update
   providesthe corresponding updates for the Linux kernel for use with
   EC2. [More...]

   http://www.linuxsecurity.com/content/view/154536

* Ubuntu: 1082-1: Pango vulnerabilities (Mar 2)
   ---------------------------------------------
   Marc Schoenefeld discovered that Pango incorrectly handled certain
   GlyphDefinition (GDEF) tables. If a user were tricked into displaying
   text witha specially-crafted font, an attacker could cause Pango to
   crash, resultingin a denial of service. This issue only affected
   Ubuntu 8.04 LTS and 9.10.(CVE-2010-0421) [More...]

   http://www.linuxsecurity.com/content/view/154532

* Ubuntu: 1081-1: Linux kernel vulnerabilities (Mar 1)
   ----------------------------------------------------
   It was discovered that KVM did not correctly initialize certain
   CPUregisters. A local attacker could exploit this to crash the
   system, leadingto a denial of service. (CVE-2010-3698) [More...]

   http://www.linuxsecurity.com/content/view/154520

* Ubuntu: 1080-1: Linux kernel vulnerabilities (Mar 1)
   ----------------------------------------------------
   Thomas Pollet discovered that the RDS network protocol did not
   checkcertain iovec buffers. A local attacker could exploit this to
   crash thesystem or possibly execute arbitrary code as the root user.
   (CVE-2010-3865) [More...]

   http://www.linuxsecurity.com/content/view/154513

* Ubuntu: 1079-1: OpenJDK 6 vulnerabilities (Mar 1)
   -------------------------------------------------
   It was discovered that untrusted Java applets could create domainname
   resolution cache entries, allowing an attacker to manipulatename
   resolution within the JVM. (CVE-2010-4448) [More...]

   http://www.linuxsecurity.com/content/view/154506

* Ubuntu: 1078-1: Logwatch vulnerability (Feb 28)
   -----------------------------------------------
   Dominik George discovered that logwatch did not properly sanitizelog
   file names that were passed to the shell as part of a command.If a
   remote attacker were able to generate specially crafted filenames(for
   example, via Samba logging), they could execute arbitrary codewith
   root privileges. [More...]

   http://www.linuxsecurity.com/content/view/154505

* Ubuntu: 1074-2: Linux kernel vulnerabilities (Feb 28)
   -----------------------------------------------------
   USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10.
   Thisupdate provides the corresponding updates for Ubuntu 10.04.
   [More...]

   http://www.linuxsecurity.com/content/view/154499

* Ubuntu: 1075-1: Samba vulnerability (Feb 28)
   --------------------------------------------
   Volker Lendecke discovered that Samba incorrectly handled certain
   filedescriptors. A remote attacker could send a specially crafted
   request tothe server and cause Samba to crash or hang, resulting in a
   denial ofservice. [More...]

   http://www.linuxsecurity.com/content/view/154498

* Ubuntu: 1074-1: Linux kernel vulnerabilities (Feb 25)
   -----------------------------------------------------
   Al Viro discovered a race condition in the TTY driver. A local
   attackercould exploit this to crash the system, leading to a denial
   of service.(CVE-2009-4895) [More...]

   http://www.linuxsecurity.com/content/view/154487

* Ubuntu: 1073-1: Linux kernel vulnerabilities (Feb 25)
   -----------------------------------------------------
   Gleb Napatov discovered that KVM did not correctly check certain
   privilegedoperations. A local attacker with access to a guest kernel
   could exploitthis to crash the host system, leading to a denial of
   service.(CVE-2010-0435) [More...]

   http://www.linuxsecurity.com/content/view/154486

* Ubuntu: 1072-1: Linux vulnerabilities (Feb 25)
   ----------------------------------------------
   Gleb Napatov discovered that KVM did not correctly check certain
   privilegedoperations. A local attacker with access to a guest kernel
   could exploitthis to crash the host system, leading to a denial of
   service.(CVE-2010-0435) [More...]

   http://www.linuxsecurity.com/content/view/154485

* Ubuntu: 1071-1: Linux kernel vulnerabilities (Feb 25)
   -----------------------------------------------------
   Tavis Ormandy discovered that the Linux kernel did not properly
   implementexception fixup. A local attacker could exploit this to
   crash the kernel,leading to a denial of service. (CVE-2010-3086)
   [More...]

   http://www.linuxsecurity.com/content/view/154484

------------------------------------------------------------------------

* Pardus: 2011-54: Samba: Memory Corruption (Mar 3)
   -------------------------------------------------
   A vulnerability have been fixed in samba, which allows attackers to
   cause a denial of service.

   http://www.linuxsecurity.com/content/view/154540

* Pardus: 2011-52: Gimp: Multiple Vulnerabilities (Feb 28)
   --------------------------------------------------------
   Multiple vulnerabilities have been fixed in gimp.

   http://www.linuxsecurity.com/content/view/154494

* Pardus: 2011-51: Php: Denial of Service (Feb 28)
   ------------------------------------------------
   A vulnerability have been fixed in php, which allows attackers to
   cause a denial of service.

   http://www.linuxsecurity.com/content/view/154493

* Pardus: 2011-50: Wireshark: Buffer Overflow (Feb 28)
   ----------------------------------------------------
   A vulnerability has been fixed in wireshark, which can be exploit by
   malicious people to cause a denial of service or to execute code.

   http://www.linuxsecurity.com/content/view/154492

* Pardus: 2011-49: Ruby: Multiple Vulnerabilities (Feb 28)
   --------------------------------------------------------
   Multiple vulnerabilities have been fixed in ruby.

   http://www.linuxsecurity.com/content/view/154491

* Pardus: 2011-48: Mit-Kerberos: Multiple (Feb 28)
   ------------------------------------------------
   Multiple vulnerabilities have been fixed in mit-kerberos, which can
   be exploited by malicious people to cause a denial of service.

   http://www.linuxsecurity.com/content/view/154490

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux