+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 25th, 2011 Volume 12, Number 13 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. What You Need to Know About Linux Rootkits ------------------------------------------ Rootkits are a way attackers hide their tracks and keep access to the machines they control. The good rootkits are very hard to detect and remove. They can be running on ones computer and no one can even know they have been running. Read more to learn how to detect them on your system. http://www.linuxsecurity.com/content/view/154709 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * Debian: 2202-1: apache2: failure to drop root privil (Mar 23) ------------------------------------------------------------- MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that is included in Debian's apache2 package. A configuration parsing flaw has been found in MPM_ITK. If the [More...] http://www.linuxsecurity.com/content/view/154694 * Debian: 2201-1: wireshark: Multiple vulnerabilities (Mar 23) ------------------------------------------------------------ Huzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several vulnerabilities in the Wireshark network traffic analyzer. Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to parse pcag-ng files could lead to denial of service or the execution of [More...] http://www.linuxsecurity.com/content/view/154693 * Debian: 2200-1: iceweasel: none in iceweasel (Mar 23) ----------------------------------------------------- This update for Iceweasel, a web browser based on Firefox, updates the certificate blacklist for several fraudulent HTTPS certificates. More details can be found in a blog posting by Jacob Appelbaum of the Tor project: [More...] http://www.linuxsecurity.com/content/view/154692 * Debian: 2199-1: iceape: none in iceape (Mar 23) ----------------------------------------------- This update for the Iceape internet suite, an unbranded version of Seamonkey, updates the certificate blacklist for several fraudulent HTTPS certificates. [More...] http://www.linuxsecurity.com/content/view/154691 * Debian: 2198-1: tex-common: insufficient input sanitiza (Mar 22) ---------------------------------------------------------------- Mathias Svensson discovered that tex-common, a package shipping a number of scripts and configuration files necessary for TeX, contains insecure settings for the "shell_escape_commands" directive. Depending on the scenario, this may result in arbitrary code execution when a victim is [More...] http://www.linuxsecurity.com/content/view/154679 * Debian: 2197-1: quagga: denial of service (Mar 21) -------------------------------------------------- It has been discovered that the Quagga routing daemon contains two denial-of-service vulnerabilities in its BGP implementation: CVE-2010-1674 [More...] http://www.linuxsecurity.com/content/view/154667 * Debian: 2196-1: maradns: buffer overflow (Mar 19) ------------------------------------------------- Witold Baryluk discovered that MaraDNS, a simple security-focused Domain Name Service server, may overflow an internal buffer when handling requests with a large number of labels, causing a server crash and the consequent denial of service. [More...] http://www.linuxsecurity.com/content/view/154653 * Debian: 2195-1: php5: Multiple vulnerabilities (Mar 19) ------------------------------------------------------- Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441). [More...] http://www.linuxsecurity.com/content/view/154652 * Debian: 2186-2: Security Summary: Summary (Mar 18) -------------------------------------------------- Security Report Summary http://www.linuxsecurity.com/content/view/154647 * Debian: 2194-1: libvirt: insufficient checks (Mar 18) ----------------------------------------------------- It was discovered that libvirt, a library for interfacing with different virtualization systems, did not properly check for read-only connections. This allowed a local attacker to perform a denial of service (crash) or possibly escalate privileges. [More...] http://www.linuxsecurity.com/content/view/154643 ------------------------------------------------------------------------ * Mandriva: 2011:053: php (Mar 23) -------------------------------- Multiple vulnerabilities has been identified and fixed in php: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause [More...] http://www.linuxsecurity.com/content/view/154688 * Mandriva: 2011:052: php (Mar 23) -------------------------------- Multiple vulnerabilities has been identified and fixed in php: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause [More...] http://www.linuxsecurity.com/content/view/154687 * Mandriva: 2011:051: kernel (Mar 21) ----------------------------------- The do_anonymous_page function in mm/memory.c in the Linux kernel does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. (CVE-2010-2240) [More...] http://www.linuxsecurity.com/content/view/154666 * Mandriva: 2011:050: pidgin (Mar 21) ----------------------------------- Multiple vulnerabilities has been identified and fixed in pidgin: It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial [More...] http://www.linuxsecurity.com/content/view/154658 * Mandriva: 2011:049: vsftpd (Mar 21) ----------------------------------- A vulnerability was discovered and corrected in vsftpd: The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions [More...] http://www.linuxsecurity.com/content/view/154657 ------------------------------------------------------------------------ * Red Hat: 2011:0376-01: dbus: Moderate Advisory (Mar 22) ------------------------------------------------------- Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154684 * Red Hat: 2011:0375-01: seamonkey: Important Advisory (Mar 22) ------------------------------------------------------------- Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154683 * Red Hat: 2011:0372-01: flash-plugin: Critical Advisory (Mar 22) --------------------------------------------------------------- An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/154680 * Red Hat: 2011:0374-01: thunderbird: Important Advisory (Mar 22) --------------------------------------------------------------- An updated thunderbird package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154681 * Red Hat: 2011:0373-01: firefox: Important Advisory (Mar 22) ----------------------------------------------------------- Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154682 * Red Hat: 2011:0370-01: wireshark: Moderate Advisory (Mar 21) ------------------------------------------------------------ Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154671 * Red Hat: 2011:0369-01: wireshark: Moderate Advisory (Mar 21) ------------------------------------------------------------ Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154670 * Red Hat: 2011:0364-01: java-1.5.0-ibm: Critical Advisory (Mar 17) ----------------------------------------------------------------- Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...] http://www.linuxsecurity.com/content/view/154641 ------------------------------------------------------------------------ * SuSE: 2011-015: Linux kernel (Mar 24) ------------------------------------- This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. Following security issues were fixed: CVE-2010-4655: A memory leak in the ethtool ioctl was fixed that could disclose kernel memory to local attackers with CAP_NET_ADMIN privileges. [More...] http://www.linuxsecurity.com/content/view/154700 * SuSE: 2011-014: IBM Java (Mar 22) --------------------------------- IBM Java 6 was updated to SR9 FP1 was updated to fix a critical security bug in float number handling and also contains other security bugfixes. IBM Java 5 was updated to SR 12 FP 3 to also fix the floating-point number issue and other security issues. [More...] http://www.linuxsecurity.com/content/view/154674 ------------------------------------------------------------------------ * Ubuntu: 1092-1: Linux Kernel vulnerabilities (Mar 25) ----------------------------------------------------- Dan Rosenberg discovered that multiple terminal ioctls did not correctlyinitialize structure memory. A local attacker could exploit this to readportions of kernel stack memory, leading to a loss of privacy.(CVE-2010-4076, CVE-2010-4077) [More...] http://www.linuxsecurity.com/content/view/154707 * Ubuntu: 1091-1: Firefox and Xulrunner vulnerabilities (Mar 25) -------------------------------------------------------------- It was discovered that several invalid HTTPS certificates were issued andrevoked. An attacker could use these to perform a man-in-the-middle attack.These were placed on the certificate blacklist to prevent their misuse. [More...] http://www.linuxsecurity.com/content/view/154702 * Ubuntu: 1090-1: Linux kernel vulnerabilities (Mar 18) ----------------------------------------------------- Dan Rosenberg discovered that multiple terminal ioctls did not correctlyinitialize structure memory. A local attacker could exploit this to readportions of kernel stack memory, leading to a loss of privacy.(CVE-2010-4076, CVE-2010-4077) [More...] http://www.linuxsecurity.com/content/view/154651 * Ubuntu: 1089-1: Linux kernel vulnerabilities (Mar 18) ----------------------------------------------------- Dan Rosenberg discovered that multiple terminal ioctls did not correctlyinitialize structure memory. A local attacker could exploit this to readportions of kernel stack memory, leading to a loss of privacy.(CVE-2010-4076, CVE-2010-4077) [More...] http://www.linuxsecurity.com/content/view/154650 * Ubuntu: 1079-3: OpenJDK 6 vulnerabilities (Mar 17) -------------------------------------------------- USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixesvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu10.10. [More...] http://www.linuxsecurity.com/content/view/154640 ------------------------------------------------------------------------ * Pardus: 2011-59: Pidgin: Denial of Service (Mar 22) --------------------------------------------------- A vulnerability has been fixed in pidgin, which can be exploited by attackers to cause a denial of service. http://www.linuxsecurity.com/content/view/154673 * Pardus: 2011-58: Pango: Denial of Service (Mar 21) -------------------------------------------------- A vulnerability has been fixed in pango, which can be used by malicious people to cause denial of service. http://www.linuxsecurity.com/content/view/154656 * Pardus: 2011-56: Firefox: Multiple Vulnerabilities (Mar 21) ----------------------------------------------------------- Multiple vulnerabilities have been fixed in firefox. http://www.linuxsecurity.com/content/view/154654 * Pardus: 2011-57: Wireshark: Multiple Vulnerabilities (Mar 21) ------------------------------------------------------------- Multiple vulnerabilities have been fixed in wireshark. http://www.linuxsecurity.com/content/view/154655 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------