Linux Advisory Watch: July 22nd, 2011

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| July 22nd, 2011                                 Volume 12, Number 30 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

------------------------------------------------------------------------

* Debian: 2281-1: opie: Multiple vulnerabilities (Jul 21)
   -------------------------------------------------------
   Sebastian Krahmer discovered that opie, a system that makes it simple
   to use One-Time passwords in applications, is prone to a privilege
   escalation (CVE-2011-2490) and an off-by-one error, which can lead to
   the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and
   [More...]

   http://www.linuxsecurity.com/content/view/155497

* Debian: 2280-1: libvirt: Multiple vulnerabilities (Jul 19)
   ----------------------------------------------------------
   It was discovered that libvirt, a library for interfacing with
   different virtualization systems, is prone to an integer overflow
   (CVE-2011-2511). Additionally, the stable version is prone to a
   denial of service, because its error reporting is not thread-safe
   (CVE-2011-1486). [More...]

   http://www.linuxsecurity.com/content/view/155482

* Debian: 2279-1: libapache2-mod-authnz-external: SQL injection (Jul 19)
   ----------------------------------------------------------------------
   It was discovered that libapache2-mod-authnz-external, an apache
   authentication module, is prone to an SQL injection via the $user
   paramter. [More...]

   http://www.linuxsecurity.com/content/view/155481

* Debian: 2278-1: horde3: Multiple vulnerabilities (Jul 16)
   ---------------------------------------------------------
   It was discovered that horde3, the horde web application framework,
   is prone to a cross-site scripting attack and a cross-site request
   forgery. For the oldstable distribution (lenny), these problems have
   been fixed [More...]

   http://www.linuxsecurity.com/content/view/155468

* Debian: 2254-2: oprofile: command injection (Jul 16)
   ----------------------------------------------------
   Jamie Strandboge noticed that the patch propoused to fix
   CVE-2011-1760 in OProfile has been incomplete. For reference, the
   description of the original DSA, is: [More...]

   http://www.linuxsecurity.com/content/view/155467

------------------------------------------------------------------------

* Mandriva: 2011:117: krb5-appl (Jul 22)
   --------------------------------------
   A vulnerability was discovered and corrected in krb5-appl: ftpd.c in
   the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka
   krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return
   value, which allows remote authenticated users to bypass [More...]

   http://www.linuxsecurity.com/content/view/155512

* Mandriva: 2011:116: curl (Jul 22)
   ---------------------------------
   A vulnerability was discovered and corrected in curl: The
   Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6
   through 7.21.6, as used in curl and other products, always performs
   credential delegation during GSSAPI authentication, which allows
   remote [More...]

   http://www.linuxsecurity.com/content/view/155511

* Mandriva: 2011:115: bind (Jul 20)
   ---------------------------------
   A vulnerability was discovered and corrected in bind: Unspecified
   vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before
   9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause
   a denial of service (named daemon crash) via a [More...]

   http://www.linuxsecurity.com/content/view/155494

* Mandriva: 2011:114: blender (Jul 18)
   ------------------------------------
   Multiple vulnerabilities have been identified and fixed in blender:
   oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
   pointer arithmetic, which might allow remote attackers to obtain
   sensitive memory contents and cause a denial of service via a crafted
   [More...]

   http://www.linuxsecurity.com/content/view/155478

* Mandriva: 2011:112: blender (Jul 18)
   ------------------------------------
   Multiple vulnerabilities have been identified and fixed in blender:
   oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
   pointer arithmetic, which might allow remote attackers to obtain
   sensitive memory contents and cause a denial of service via a crafted
   [More...]

   http://www.linuxsecurity.com/content/view/155477

------------------------------------------------------------------------

* Red Hat: 2011:1085-01: freetype: Important Advisory (Jul 21)
   ------------------------------------------------------------
   Updated freetype packages that fix one security issue are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155509

* Red Hat: 2011:1073-01: bash: Low Advisory (Jul 21)
   --------------------------------------------------
   An updated bash package that fixes one security issue, several bugs,
   and adds one enhancement is now available for Red Hat Enterprise
   Linux 5. The Red Hat Security Response Team has rated this update as
   having low [More...]

   http://www.linuxsecurity.com/content/view/155506

* Red Hat: 2011:1005-01: sysstat: Low Advisory (Jul 21)
   -----------------------------------------------------
   An updated sysstat package that fixes one security issue, various
   bugs, and adds one enhancement is now available for Red Hat
   Enterprise Linux 5. The Red Hat Security Response Team has rated this
   update as having low [More...]

   http://www.linuxsecurity.com/content/view/155503

* Red Hat: 2011:1000-01: rgmanager: Low Advisory (Jul 21)
   -------------------------------------------------------
   An updated rgmanager package that fixes one security issue, several
   bugs, and adds multiple enhancements is now available for Red Hat
   Enterprise Linux 5. [More...]

   http://www.linuxsecurity.com/content/view/155500

* Red Hat: 2011:0975-01: sssd: Low Advisory (Jul 21)
   --------------------------------------------------
   Updated sssd packages that fix one security issue, several bugs, and
   add various enhancements are now available for Red Hat Enterprise
   Linux 5. The Red Hat Security Response Team has rated this update as
   having low [More...]

   http://www.linuxsecurity.com/content/view/155498

* Red Hat: 2011:0999-01: rsync: Moderate Advisory (Jul 21)
   --------------------------------------------------------
   An updated rsync package that fixes one security issue, several bugs,
   and adds enhancements is now available for Red Hat Enterprise Linux
   5. The Red Hat Security Response Team has rated this update as having
   moderate [More...]

   http://www.linuxsecurity.com/content/view/155499

* Red Hat: 2011:1084-01: libsndfile: Moderate Advisory (Jul 20)
   -------------------------------------------------------------
   Updated libsndfile packages that fix one security issue are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155496

* Red Hat: 2011:1083-01: fuse: Moderate Advisory (Jul 20)
   -------------------------------------------------------
   Updated fuse packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155495

* Red Hat: 2011:0959-01: mutt: Moderate Advisory (Jul 19)
   -------------------------------------------------------
   An updated mutt package that fixes one security issue is now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155488

* Red Hat: 2011:0953-01: system-config-firewall: Moderate Advisory (Jul 18)
   -------------------------------------------------------------------------
   Updated system-config-firewall packages that fix one security issue
   are now available for Red Hat Enterprise Linux 6. The Red Hat
   Security Response Team has rated this update as having moderate
   [More...]

   http://www.linuxsecurity.com/content/view/155480

* Red Hat: 2011:0927-01: kernel: Important Advisory (Jul 15)
   ----------------------------------------------------------
   Updated kernel packages that fix multiple security issues and several
   bugs are now available for Red Hat Enterprise Linux 5. The Red Hat
   Security Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155460

* Red Hat: 2011:0938-01: java-1.6.0-ibm: Critical Advisory (Jul 15)
   -----------------------------------------------------------------
   Updated java-1.6.0-ibm packages that fix several security issues are
   now available for Red Hat Enterprise Linux 4 Extras, and Red Hat
   Enterprise Linux 5 and 6 Supplementary. [More...]

   http://www.linuxsecurity.com/content/view/155461

------------------------------------------------------------------------

* Slackware: 2011-195-02: mozilla-firefox: Security Update (Jul 14)
   -----------------------------------------------------------------
   New mozilla-firefox packages are available for Slackware 13.0 and
   13.1 to fix security issues.	[More Info...]

   http://www.linuxsecurity.com/content/view/155458

* Slackware: 2011-195-01: seamonkey: Security Update (Jul 14)
   -----------------------------------------------------------
   New seamonkey packages are available for Slackware 13.37, and
   -current to fix security issues.  [More Info...]

   http://www.linuxsecurity.com/content/view/155459

------------------------------------------------------------------------

* Ubuntu: 1172-1: logrotate vulnerabilities (Jul 21)
   --------------------------------------------------
   An attacker could cause logrotate to run programs, stop working, or
   readand write arbitrary files.

   http://www.linuxsecurity.com/content/view/155510

* Ubuntu: 1171-1: Likewise Open vulnerability (Jul 20)
   ----------------------------------------------------
   Local SQL injection vulnerability

   http://www.linuxsecurity.com/content/view/155490

* Ubuntu: 1150-1: Thunderbird vulnerabilities (Jul 15)
   ----------------------------------------------------
   Multiple vulnerabilities were fixed in Thunderbird.

   http://www.linuxsecurity.com/content/view/155465

* Ubuntu: 1170-1: Linux kernel vulnerabilities (Jul 15)
   -----------------------------------------------------
   Multiple kernel flaws have been fixed.

   http://www.linuxsecurity.com/content/view/155463

* Ubuntu: 1168-1: Linux kernel vulnerabilities (Jul 15)
   -----------------------------------------------------
   Multiple kernel flaws have been fixed.

   http://www.linuxsecurity.com/content/view/155464

------------------------------------------------------------------------

* Pardus: 2011-99: vlc: Integer Overflow (Jul 14)
   -----------------------------------------------
   A vulnerability has been fixed in vlc.

   http://www.linuxsecurity.com/content/view/155453

* Pardus: 2011-98: nfs-utils: Corruption of the (Jul 14)
   ------------------------------------------------------
   A vulnerability has been fixed in ntf-utils.

   http://www.linuxsecurity.com/content/view/155452

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux