Linux Advisory Watch: June 3rd, 2011

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| June 3rd, 2011                                  Volume 12, Number 23 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

Book Review: Linux Kernel Programming
-------------------------------------
As Linux is implemented on increasingly wider number of devices, the
number of people responsible for developing and maintaining Linux on
those platforms have increased. As the level of maturity of the kernel
increases, so does the complexity, capabilities, and size. This book
provides the Linux programmer the tools necessary to understand the
core aspects of the kernel and how to interface with it.

http://www.linuxsecurity.com/content/view/154775

--------------------------------------------------------------------
* Debian: 2252-1: dovecot: programming error (Jun 2)
   --------------------------------------------------
   It was discovered that the message header parser in the Dovecot mail
   server parsed NUL characters incorrectly, which could lead to denial
   of service through malformed mail headers. [More...]

   http://www.linuxsecurity.com/content/view/155212

* Debian: 2251-1: subversion: Multiple vulnerabilities (Jun 2)
   ------------------------------------------------------------
   Several vulnerabilities were discovered in Subversion, the version
   control system. The Common Vulnerabilities and Exposures project
   identifies the following problems: [More...]

   http://www.linuxsecurity.com/content/view/155205

* Debian: 2250-1: citadel: denial of service (May 31)
   ---------------------------------------------------
   Wouter Coekaerts discovered that the jabber server component of
   citadel, a complete and feature-rich groupware server, is vulnerable
   to the so-called "billion laughs" attack because it does not prevent
   entity expansion on received data. This allows an attacker to perform
   denial of service [More...]

   http://www.linuxsecurity.com/content/view/155193

* Debian: 2249-1: jabberd14: denial of service (May 31)
   -----------------------------------------------------
   Wouter Coekaerts discovered that jabberd14, an instant messaging
   server using the Jabber/XMPP protocol, is vulnerable to the so-called
   "billion laughs" attack because it does not prevent entity expansion
   on received data. This allows an attacker to perform denial of
   service [More...]

   http://www.linuxsecurity.com/content/view/155192

* Debian: 2248-1: ejabberd: denial of service (May 31)
   ----------------------------------------------------
   Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber
   server written in Erlang, is vulnerable to the so-called "billion
   laughs" attack because it does not prevent entity expansion on
   received data. This allows an attacker to perform denial of service
   attacks against the [More...]

   http://www.linuxsecurity.com/content/view/155191

* Debian: 2247-1: rails: several vulnerabilities (May 31)
   -------------------------------------------------------
   Several vulnerabilities have been discovered in Rails, the Ruby web
   application framework. The Common Vulnerabilities and Exposures
   project identifies the following problems: [More...]

   http://www.linuxsecurity.com/content/view/155190

* Debian: 2246-1: mahara: several vulnerabilities (May 29)
   --------------------------------------------------------
   Several vulnerabilities were discovered in mahara, an electronic
   portfolio, weblog, and resume builder. The following Common
   Vulnerabilities and Exposures project ids identify them: [More...]

   http://www.linuxsecurity.com/content/view/155173

* Debian: 2245-1: chromium-browser: several vulnerabilities (May 29)
   ------------------------------------------------------------------
   Several vulnerabilities were discovered in the Chromium browser. The
   Common Vulnerabilities and Exposures project identifies the following
   problems: [More...]

   http://www.linuxsecurity.com/content/view/155172

* Debian: 2244-1: bind9: incorrect boundary conditio (May 27)
   -----------------------------------------------------------
   It was discovered that BIND, an implementation of the DNS protocol,
   does not correctly process certain large RRSIG record sets in DNSSEC
   responses. The resulting assertion failure causes the name server
   process to crash, making name resolution unavailable. (CVE-2011-1910)
   [More...]

   http://www.linuxsecurity.com/content/view/155168

* Debian: 2243-1: unbound: design flaw (May 27)
   ---------------------------------------------
   It was discovered that Unbound, a caching DNS resolver, ceases to
   provide answers for zones signed using DNSSEC after it has processed
   a crafted query. (CVE-2009-4008) [More...]

   http://www.linuxsecurity.com/content/view/155167

------------------------------------------------------------------------

* Mandriva: 2011:105: wireshark (Jun 1)
   -------------------------------------
   This advisory updates wireshark to the latest version (1.2.17),
   fixing several security issues: * Large/infinite loop in the DICOM
   dissector. (Bug 5876) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to
   1.4.6. [More...]

   http://www.linuxsecurity.com/content/view/155201

* Mandriva: 2011:104: bind (Jun 1)
   --------------------------------
   A vulnerability has been identified and fixed in ISC BIND: Off-by-one
   error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before
   9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before
   9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service
   [More...]

   http://www.linuxsecurity.com/content/view/155197

* Mandriva: 2011:103: gimp (May 29)
   ---------------------------------
   Multiple vulnerabilities was discovered and fixed in gimp:
   Stack-based buffer overflow in the &quot;LIGHTING EFFECTS >
   LIGHT&quot; plugin in GIMP 2.6.11 allows user-assisted remote
   attackers to cause a denial of service (application crash) or
   possibly execute arbitrary code [More...]

   http://www.linuxsecurity.com/content/view/155174

* Mandriva: 2011:102: rdesktop (May 28)
   -------------------------------------
   A vulnerability has been identified and fixed in rdesktop: Directory
   traversal vulnerability in the disk_create function in disk.c in
   rdesktop before 1.7.0, when disk redirection is enabled, allows
   remote RDP servers to read or overwrite arbitrary files via [More...]

   http://www.linuxsecurity.com/content/view/155171

* Mandriva: 2011:101: dovecot (May 26)
   ------------------------------------
   A vulnerability has been identified and fixed in dovecot:
   lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and
   2.0.x before 2.0.13 does not properly handle &#039;\0&#039; (NUL)
   characters in header names, which allows remote attackers to cause a
   denial of [More...]

   http://www.linuxsecurity.com/content/view/155151

------------------------------------------------------------------------

* Red Hat: 2011:0836-01: kernel: Important Advisory (Jun 1)
   ---------------------------------------------------------
   Updated kernel packages that fix multiple security issues and various
   bugs are now available for Red Hat Enterprise Linux 6. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155203

* Red Hat: 2011:0841-01: systemtap: Moderate Advisory (May 31)
   ------------------------------------------------------------
   Updated systemtap packages that fix one security issue are now
   available for Red Hat Enterprise Linux 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155189

* Red Hat: 2011:0843-01: postfix: Moderate Advisory (May 31)
   ----------------------------------------------------------
   Updated postfix packages that fix one security issue are now
   available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
   Security Response Team has rated this update as having moderate
   [More...]

   http://www.linuxsecurity.com/content/view/155188

* Red Hat: 2011:0844-01: apr: Low Advisory (May 31)
   -------------------------------------------------
   Updated apr packages that fix one security issue are now available
   for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security
   Response Team has rated this update as having low [More...]

   http://www.linuxsecurity.com/content/view/155187

* Red Hat: 2011:0845-01: bind: Important Advisory (May 31)
   --------------------------------------------------------
   Updated bind and bind97 packages that fix one security issue are now
   available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security
   Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155186

* Red Hat: 2011:0838-01: gimp: Moderate Advisory (May 31)
   -------------------------------------------------------
   Updated gimp packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155185

* Red Hat: 2011:0842-01: systemtap: Moderate Advisory (May 31)
   ------------------------------------------------------------
   Updated systemtap packages that fix two security issues are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155184

* Red Hat: 2011:0840-01: dhcp: Important Advisory (May 31)
   --------------------------------------------------------
   Updated dhcp packages that fix one security issue are now available
   for Red Hat Enterprise Linux 3 Extended Life Cycle Support. The Red
   Hat Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155183

* Red Hat: 2011:0837-01: gimp: Moderate Advisory (May 31)
   -------------------------------------------------------
   Updated gimp packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155181

* Red Hat: 2011:0833-01: kernel: Important Advisory (May 31)
   ----------------------------------------------------------
   Updated kernel packages that fix multiple security issues and several
   bugs are now available for Red Hat Enterprise Linux 5. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155182

* Red Hat: 2011:0839-01: gimp: Moderate Advisory (May 31)
   -------------------------------------------------------
   Updated gimp packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155180

------------------------------------------------------------------------

* Slackware: 2011-147-01: bind: Security Update (May 27)
   ------------------------------------------------------
   New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
   10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current
   to fix security issues.  [More Info...]

   http://www.linuxsecurity.com/content/view/155170

------------------------------------------------------------------------

* SuSE: Weekly Summary 2011:010 (May 31)
   --------------------------------------
   To avoid flooding mailing lists with SUSE Security Announcements for
   minor issues, SUSE Security releases weekly summary reports for the
   low profile vulnerability fixes. The SUSE Security Summary Reports do
   not list or download URLs like the SUSE Security Announcements that
   are released for more severe vulnerabilities.  List of
   vulnerabilities in this summary include: postfix, libthunarx-2-0,
   rdesktop, python, viewvc, kvm, exim, logrotate, dovecot12/dovecot20,
   pure-ftpd, kdelibs4.

   http://www.linuxsecurity.com/content/view/155176

------------------------------------------------------------------------

* Ubuntu: 1143-1: Dovecot vulnerability (Jun 1)
   ---------------------------------------------
   An attacker could send a crafted email message that could disrupt
   emailservice.

   http://www.linuxsecurity.com/content/view/155204

* Ubuntu: 1142-1: GDM vulnerability (Jun 1)
   -----------------------------------------
   GDM could be made to launch a browser and leak information about the
   system.

   http://www.linuxsecurity.com/content/view/155202

* Ubuntu: 1141-1: Linux kernel vulnerabilities (May 31)
   -----------------------------------------------------
   Multiple kernel vulnerabilities have been fixed.

   http://www.linuxsecurity.com/content/view/155195

* Ubuntu: 1139-1: Bind vulnerabilities (May 30)
   ---------------------------------------------
   An attacker could send crafted input to Bind and cause it to crash.

   http://www.linuxsecurity.com/content/view/155175

* Ubuntu: 1138-2: NetworkManager and ModemManager update (May 26)
   ---------------------------------------------------------------
   An attacker could send crafted input to NetworkManager and
   ModemManagerand cause them to crash.

   http://www.linuxsecurity.com/content/view/155161

* Ubuntu: 1138-1: DBus-GLib vulnerability (May 26)
   ------------------------------------------------
   An attacker could send crafted input to applications using DBus-GLib
   andcause them to crash.

   http://www.linuxsecurity.com/content/view/155160

* Ubuntu: 1137-1: Eucalyptus vulnerability (May 26)
   -------------------------------------------------
   An attacker could send crafted input to Eucalyptus to run commands
   asa valid user.

   http://www.linuxsecurity.com/content/view/155158

------------------------------------------------------------------------

* Pardus: 2011-80: kdenetwork: Directory traversal (May 26)
   ---------------------------------------------------------
   A vuolnerability has been fixed in kdenetwork, which can be exploited
   by attackers to create arbitrary files.

   http://www.linuxsecurity.com/content/view/155156

* Pardus: 2011-79: kdelibs: MITM Attack (May 26)
   ----------------------------------------------
   A vulnerability has been fixed in kdelibs,which can be exploited by
   malicious people to man-in-the-middle attack.

   http://www.linuxsecurity.com/content/view/155155

* Pardus: 2011-78: dhcpcd: Execute Arbitrary Commands (May 26)
   ------------------------------------------------------------
   A vulnerability has been fixed in dhcpcd, which allows attackers to
   execute arbitrary commands.

   http://www.linuxsecurity.com/content/view/155154

* Pardus: 2011-76: openldap: Multiple Vulnerabilities (May 26)
   ------------------------------------------------------------
   Multiple vulnerabilities have been fixed in openldap.

   http://www.linuxsecurity.com/content/view/155152

* Pardus: 2011-77: Wireshark: Multiple Vulnerabilities (May 26)
   -------------------------------------------------------------
   Multible vulnerabilities have been fixed in wireshark, which allow
   attackers to cause a denial of service or to execute arbitrary code.

   http://www.linuxsecurity.com/content/view/155153
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux