+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | August 19th, 2011 Volume 12, Number 34 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. ------------------------------------------------------------------------ * Debian: 2296-1: iceweasel: Multiple vulnerabilities (Aug 17) ------------------------------------------------------------ Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. [More...] http://www.linuxsecurity.com/content/view/155671 * Debian: 2295-1: iceape: Multiple vulnerabilities (Aug 17) --------------------------------------------------------- Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0084 [More...] http://www.linuxsecurity.com/content/view/155668 * Debian: 2294-1: freetype: missing input sanisiting (Aug 14) ----------------------------------------------------------- It was discovered that insufficient input saniting in Freetype's code to parse Type1 could lead to the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in [More...] http://www.linuxsecurity.com/content/view/155642 * Debian: 2293-1: libxfont: buffer overflow (Aug 12) -------------------------------------------------- Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files. [More...] http://www.linuxsecurity.com/content/view/155633 * Debian: 2292-1: isc-dhcp: denial of service (Aug 11) ---------------------------------------------------- David Zych discovered that the ISC DHCP crashes when processing certain packets, leading to a denial of service. For the oldstable distribution (lenny), this problem has been fixed in [More...] http://www.linuxsecurity.com/content/view/155624 ------------------------------------------------------------------------ * Mandriva: 2011:128: dhcp (Aug 18) --------------------------------- Multiple vulnerabilities has been discovered and corrected in dhcp: The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet [More...] http://www.linuxsecurity.com/content/view/155674 * Mandriva: 2011:127: mozilla (Aug 17) ------------------------------------ Security issues were identified and fixed in mozilla firefox and thunderbird: Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and [More...] http://www.linuxsecurity.com/content/view/155667 * Mandriva: 2011:126: java-1.6.0-openjdk (Aug 15) ----------------------------------------------- Multiple vulnerabilities were discovered and corrected in java-1.6.0-openjdk: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 [More...] http://www.linuxsecurity.com/content/view/155645 * Mandriva: 2011:125: foomatic-filters (Aug 14) --------------------------------------------- A vulnerability has been discovered and corrected in foomatic-filters: foomatic-rip allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file (CVE-2011-2697, CVE-2011-2964). [More...] http://www.linuxsecurity.com/content/view/155641 * Mandriva: 2011:124: phpmyadmin (Aug 14) --------------------------------------- Multiple vulnerabilities has been discovered and corrected in phpmyadmin: libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 [More...] http://www.linuxsecurity.com/content/view/155640 * Mandriva: 2011:123: squirrelmail (Aug 13) ----------------------------------------- Multiple vulnerabilities has been discovered and corrected in squirrelmail: functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, [More...] http://www.linuxsecurity.com/content/view/155639 * Mandriva: 2011:122: clamav (Aug 13) ----------------------------------- A vulnerability has been discovered and corrected in clamav: Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not [More...] http://www.linuxsecurity.com/content/view/155638 ------------------------------------------------------------------------ * Red Hat: 2011:1187-01: dovecot: Moderate Advisory (Aug 18) ---------------------------------------------------------- Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155675 * Red Hat: 2011:1167-01: seamonkey: Critical Advisory (Aug 16) ------------------------------------------------------------ Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/155661 * Red Hat: 2011:1165-01: thunderbird: Critical Advisory (Aug 16) -------------------------------------------------------------- An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/155660 * Red Hat: 2011:1164-01: firefox: Critical Advisory (Aug 16) ---------------------------------------------------------- Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/155659 * Red Hat: 2011:1166-01: thunderbird: Critical Advisory (Aug 16) -------------------------------------------------------------- An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/155657 * Red Hat: 2011:1163-01: kernel: Important Advisory (Aug 16) ---------------------------------------------------------- Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/155658 * Red Hat: 2011:1161-01: freetype: Moderate Advisory (Aug 15) ----------------------------------------------------------- Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155648 * Red Hat: 2011:1159-01: java-1.4.2-ibm: Critical Advisory (Aug 15) ----------------------------------------------------------------- Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. [More...] http://www.linuxsecurity.com/content/view/155647 * Red Hat: 2011:1160-01: dhcp: Moderate Advisory (Aug 15) ------------------------------------------------------- Updated dhcp packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/155646 * Red Hat: 2011:1155-01: xorg-x11: Important Advisory (Aug 11) ------------------------------------------------------------ Updated xorg-x11 packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/155628 * Red Hat: 2011:1154-01: libXfont: Important Advisory (Aug 11) ------------------------------------------------------------ Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/155629 ------------------------------------------------------------------------ * Slackware: 2011-224-01: bind: Security Update (Aug 12) ------------------------------------------------------ New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/155637 ------------------------------------------------------------------------ * SuSE: 2011-034: Linux kernel (Aug 12) ------------------------------------- This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs. Following security issues were fixed: CVE-2011-1093: The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation [More...] http://www.linuxsecurity.com/content/view/155631 ------------------------------------------------------------------------ * Ubuntu: 1193-1: Linux kernel vulnerabilities (Aug 19) ----------------------------------------------------- Multiple kernel flaws have been fixed. http://www.linuxsecurity.com/content/view/155682 * Ubuntu: 1184-1: Firefox and Xulrunner vulnerabilities (Aug 19) -------------------------------------------------------------- Multiple vulnerabilities have been fixed in Firefox and Xulrunner. http://www.linuxsecurity.com/content/view/155676 * Ubuntu: 1192-2: Mozvoikko update (Aug 17) ----------------------------------------- This update provides a compatible Mozvoikko for Firefox 6. http://www.linuxsecurity.com/content/view/155670 * Ubuntu: 1192-1: Firefox vulnerabilities (Aug 17) ------------------------------------------------ Multiple Firefox vulnerabilities have been fixed http://www.linuxsecurity.com/content/view/155669 * Ubuntu: 1190-1: DHCP vulnerabilities (Aug 15) --------------------------------------------- An attacker could send crafted input to DHCP and cause it to crash. http://www.linuxsecurity.com/content/view/155643 * Ubuntu: 1191-1: libXfont vulnerability (Aug 15) ----------------------------------------------- libXfont could be made to run programs as an administrator if it opened aspecially crafted file. http://www.linuxsecurity.com/content/view/155644 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
