+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 18th, 2011 Volume 12, Number 12 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Review: The Official Ubuntu Book -------------------------------- If you haven't used Linux before, are new to Ubuntu, or would like a quick update on the latest in open source advancements for the desktop, then The Official Ubuntu Book is a great place to start. http://www.linuxsecurity.com/content/view/153159 ------------------------------------------------------------------------ * Debian: 2186-2: Security Summary: Summary (Mar 18) -------------------------------------------------- Security Report Summary http://www.linuxsecurity.com/content/view/154647 * Debian: 2194-1: libvirt: insufficient checks (Mar 18) ----------------------------------------------------- It was discovered that libvirt, a library for interfacing with different virtualization systems, did not properly check for read-only connections. This allowed a local attacker to perform a denial of service (crash) or possibly escalate privileges. [More...] http://www.linuxsecurity.com/content/view/154643 * Debian: 2193-1: libcgroup: Multiple vulnerabilities (Mar 16) ------------------------------------------------------------ Several issues have been discovered in libcgroup, a library to control and monitor control groups: CVE-2011-1006 [More...] http://www.linuxsecurity.com/content/view/154636 * Debian: 2192-1: chromium-browser: Multiple vulnerabilities (Mar 15) ------------------------------------------------------------------- Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/154627 * Debian: 2191-1: proftpd-dfsg: Multiple vulnerabilities (Mar 14) --------------------------------------------------------------- Several vulnerabilities have been discovered in ProFTPD, a versatile, virtual-hosting FTP daemon: CVE-2008-7265 [More...] http://www.linuxsecurity.com/content/view/154621 * Debian: 2190-1: wordpress: Multiple vulnerabilities (Mar 11) ------------------------------------------------------------ Two XSS bugs and one potential information disclosure issue were discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the [More...] http://www.linuxsecurity.com/content/view/154611 * Debian: 2189-1: chromium-browser: Multiple vulnerabilities (Mar 10) ------------------------------------------------------------------- Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/154602 * Debian: 2188-1: webkit: Multiple vulnerabilities (Mar 10) --------------------------------------------------------- Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/154598 * Debian: 2187-1: icedove: Multiple vulnerabilities (Mar 10) ---------------------------------------------------------- Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2010-1585 [More...] http://www.linuxsecurity.com/content/view/154597 * Debian: 2186-1: iceweasel: Multiple vulnerabilities (Mar 10) ------------------------------------------------------------ Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. [More...] http://www.linuxsecurity.com/content/view/154596 ------------------------------------------------------------------------ * Red Hat: 2011:0364-01: java-1.5.0-ibm: Critical Advisory (Mar 17) ----------------------------------------------------------------- Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...] http://www.linuxsecurity.com/content/view/154641 * Red Hat: 2011:0357-01: java-1.6.0-ibm: Critical Advisory (Mar 16) ----------------------------------------------------------------- Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...] http://www.linuxsecurity.com/content/view/154631 * Red Hat: 2011:0356-01: krb5: Important Advisory (Mar 16) -------------------------------------------------------- Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154630 * Red Hat: 2011:0347-01: openldap: Moderate Advisory (Mar 10) ----------------------------------------------------------- Updated openldap packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154606 * Red Hat: 2011:0330-01: kernel-rt: Important Advisory (Mar 10) ------------------------------------------------------------- Updated kernel-rt packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise MRG 1.3. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154605 * Red Hat: 2011:0346-01: openldap: Moderate Advisory (Mar 10) ----------------------------------------------------------- Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154604 * Red Hat: 2011:0345-01: qemu-kvm: Moderate Advisory (Mar 10) ----------------------------------------------------------- Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154603 ------------------------------------------------------------------------ * Slackware: 2011-070-01: subversion: Security Update (Mar 11) ------------------------------------------------------------ New subversion packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. [More Info...] http://www.linuxsecurity.com/content/view/154608 ------------------------------------------------------------------------ * SuSE: 2011-013: Mozilla Firefox (Mar 15) ---------------------------------------- The MozillaFirefox browser was updated to version 3.6.15, fixing various security issues. Additionally Mozilla Seamonkey was updated to version 2.0.12 and Mozilla Thunderbird was updated to version 3.1.8 on openSUSE 11.2-11.4. The SUSE Linux Enterprise 10 SP3 release of MozillaFirefox is still [More...] http://www.linuxsecurity.com/content/view/154624 ------------------------------------------------------------------------ * Ubuntu: 1079-3: OpenJDK 6 vulnerabilities (Mar 17) -------------------------------------------------- USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixesvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu10.10. [More...] http://www.linuxsecurity.com/content/view/154640 * Ubuntu: 1085-2: tiff regression (Mar 14) ---------------------------------------- USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstreamfixes were incomplete and created problems for certain CCITTFAX4 files.This update fixes the problem. [More...] http://www.linuxsecurity.com/content/view/154623 * Ubuntu: 1087-1: libvpx vulnerability (Mar 11) --------------------------------------------- Chris Evans discovered that libvpx did not properly perform boundschecking. If an application using libvpx opened a specially crafted WebMfile, an attacker could cause a denial of service. [More...] http://www.linuxsecurity.com/content/view/154612 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
