+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | July 22nd, 2011 Volume 12, Number 30 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. ------------------------------------------------------------------------ * Debian: 2281-1: opie: Multiple vulnerabilities (Jul 21) ------------------------------------------------------- Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation (CVE-2011-2490) and an off-by-one error, which can lead to the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and [More...] http://www.linuxsecurity.com/content/view/155497 * Debian: 2280-1: libvirt: Multiple vulnerabilities (Jul 19) ---------------------------------------------------------- It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow (CVE-2011-2511). Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe (CVE-2011-1486). [More...] http://www.linuxsecurity.com/content/view/155482 * Debian: 2279-1: libapache2-mod-authnz-external: SQL injection (Jul 19) ---------------------------------------------------------------------- It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user paramter. [More...] http://www.linuxsecurity.com/content/view/155481 * Debian: 2278-1: horde3: Multiple vulnerabilities (Jul 16) --------------------------------------------------------- It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery. For the oldstable distribution (lenny), these problems have been fixed [More...] http://www.linuxsecurity.com/content/view/155468 * Debian: 2254-2: oprofile: command injection (Jul 16) ---------------------------------------------------- Jamie Strandboge noticed that the patch propoused to fix CVE-2011-1760 in OProfile has been incomplete. For reference, the description of the original DSA, is: [More...] http://www.linuxsecurity.com/content/view/155467 ------------------------------------------------------------------------ * Mandriva: 2011:117: krb5-appl (Jul 22) -------------------------------------- A vulnerability was discovered and corrected in krb5-appl: ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass [More...] http://www.linuxsecurity.com/content/view/155512 * Mandriva: 2011:116: curl (Jul 22) --------------------------------- A vulnerability was discovered and corrected in curl: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote [More...] http://www.linuxsecurity.com/content/view/155511 * Mandriva: 2011:115: bind (Jul 20) --------------------------------- A vulnerability was discovered and corrected in bind: Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a [More...] http://www.linuxsecurity.com/content/view/155494 * Mandriva: 2011:114: blender (Jul 18) ------------------------------------ Multiple vulnerabilities have been identified and fixed in blender: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted [More...] http://www.linuxsecurity.com/content/view/155478 * Mandriva: 2011:112: blender (Jul 18) ------------------------------------ Multiple vulnerabilities have been identified and fixed in blender: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted [More...] http://www.linuxsecurity.com/content/view/155477 ------------------------------------------------------------------------ * Red Hat: 2011:1085-01: freetype: Important Advisory (Jul 21) ------------------------------------------------------------ Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/155509 * Red Hat: 2011:1073-01: bash: Low Advisory (Jul 21) -------------------------------------------------- An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...] http://www.linuxsecurity.com/content/view/155506 * Red Hat: 2011:1005-01: sysstat: Low Advisory (Jul 21) ----------------------------------------------------- An updated sysstat package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...] http://www.linuxsecurity.com/content/view/155503 * Red Hat: 2011:1000-01: rgmanager: Low Advisory (Jul 21) ------------------------------------------------------- An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. [More...] http://www.linuxsecurity.com/content/view/155500 * Red Hat: 2011:0975-01: sssd: Low Advisory (Jul 21) -------------------------------------------------- Updated sssd packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...] http://www.linuxsecurity.com/content/view/155498 * Red Hat: 2011:0999-01: rsync: Moderate Advisory (Jul 21) -------------------------------------------------------- An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155499 * Red Hat: 2011:1084-01: libsndfile: Moderate Advisory (Jul 20) ------------------------------------------------------------- Updated libsndfile packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155496 * Red Hat: 2011:1083-01: fuse: Moderate Advisory (Jul 20) ------------------------------------------------------- Updated fuse packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155495 * Red Hat: 2011:0959-01: mutt: Moderate Advisory (Jul 19) ------------------------------------------------------- An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155488 * Red Hat: 2011:0953-01: system-config-firewall: Moderate Advisory (Jul 18) ------------------------------------------------------------------------- Updated system-config-firewall packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155480 * Red Hat: 2011:0927-01: kernel: Important Advisory (Jul 15) ---------------------------------------------------------- Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/155460 * Red Hat: 2011:0938-01: java-1.6.0-ibm: Critical Advisory (Jul 15) ----------------------------------------------------------------- Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. [More...] http://www.linuxsecurity.com/content/view/155461 ------------------------------------------------------------------------ * Slackware: 2011-195-02: mozilla-firefox: Security Update (Jul 14) ----------------------------------------------------------------- New mozilla-firefox packages are available for Slackware 13.0 and 13.1 to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/155458 * Slackware: 2011-195-01: seamonkey: Security Update (Jul 14) ----------------------------------------------------------- New seamonkey packages are available for Slackware 13.37, and -current to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/155459 ------------------------------------------------------------------------ * Ubuntu: 1172-1: logrotate vulnerabilities (Jul 21) -------------------------------------------------- An attacker could cause logrotate to run programs, stop working, or readand write arbitrary files. http://www.linuxsecurity.com/content/view/155510 * Ubuntu: 1171-1: Likewise Open vulnerability (Jul 20) ---------------------------------------------------- Local SQL injection vulnerability http://www.linuxsecurity.com/content/view/155490 * Ubuntu: 1150-1: Thunderbird vulnerabilities (Jul 15) ---------------------------------------------------- Multiple vulnerabilities were fixed in Thunderbird. http://www.linuxsecurity.com/content/view/155465 * Ubuntu: 1170-1: Linux kernel vulnerabilities (Jul 15) ----------------------------------------------------- Multiple kernel flaws have been fixed. http://www.linuxsecurity.com/content/view/155463 * Ubuntu: 1168-1: Linux kernel vulnerabilities (Jul 15) ----------------------------------------------------- Multiple kernel flaws have been fixed. http://www.linuxsecurity.com/content/view/155464 ------------------------------------------------------------------------ * Pardus: 2011-99: vlc: Integer Overflow (Jul 14) ----------------------------------------------- A vulnerability has been fixed in vlc. http://www.linuxsecurity.com/content/view/155453 * Pardus: 2011-98: nfs-utils: Corruption of the (Jul 14) ------------------------------------------------------ A vulnerability has been fixed in ntf-utils. http://www.linuxsecurity.com/content/view/155452 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------