Linux Advisory Watch: February 3rd, 2012

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| February 3rd, 2012                               Volume 13, Number 5 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The 
purpose of this document is to provide our readers with a quick summary of 
each week's vendor security bulletins and pointers on methods to improve 
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be 
sure to read through to find the updates your distributor have made 
available.

------------------------------------------------------------------------
* Debian: 2403-1: php5: code injection (Feb 2)
   --------------------------------------------
   Stefan Esser discovered that the implementation of the max_input_vars
   configuration variable in a recent PHP security update was flawed
   such that it allows remote attackers to crash PHP or potentially
   execute code. [More...]

   http://www.linuxsecurity.com/content/view/156698

* Debian: 2402-1: iceape: Multiple vulnerabilities (Feb 2)
   --------------------------------------------------------
   Several vulnerabilities have been found in the Iceape internet suite,
   an unbranded version of Seamonkey: CVE-2011-3670 [More...]

   http://www.linuxsecurity.com/content/view/156697

* Debian: 2400-1: iceweasel: Multiple vulnerabilities (Feb 2)
   -----------------------------------------------------------
   Several vulnerabilities have been discovered in Iceweasel, a web
   browser based on Firefox. The included XULRunner library provides
   rendering services for several other applications included in Debian.
   [More...]

   http://www.linuxsecurity.com/content/view/156696

* Debian: 2401-1: tomcat6: Multiple vulnerabilities (Feb 2)
   ---------------------------------------------------------
   Several vulnerabilities have been found in Tomcat, a servlet and JSP
   engine: CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
   [More...]

   http://www.linuxsecurity.com/content/view/156695

* Debian: 2399-2: php5: Multiple vulnerabilities (Jan 31)
   -------------------------------------------------------
   A regression was found in the fix for PHP's XSLT transformations
   (CVE-2012-0057). Updated packages are now available to address this
   regression. For reference, the original advisory text follows.
   [More...]

   http://www.linuxsecurity.com/content/view/156681

* Debian: 2399-1: php5: Multiple vulnerabilities (Jan 31)
   -------------------------------------------------------
   Several vulnerabilities have been discovered in PHP, the web
   scripting language. The Common Vulnerabilities and Exposures project
   identifies the following issues: [More...]

   http://www.linuxsecurity.com/content/view/156678

* Debian: 2398-1: curl: Multiple vulnerabilities (Jan 30)
   -------------------------------------------------------
   Several vulnerabilities have been discovered in Curl, an URL transfer
   library. The Common Vulnerabilities and Exposures project identifies
   the following problems: [More...]

   http://www.linuxsecurity.com/content/view/156675

* Debian: 2397-1: icu: buffer underflow (Jan 29)
   ----------------------------------------------
   It was discovered that a buffer overflow in the Unicode libraray ICU
   could lead to the execution of arbitrary code. For the oldstable
   distribution (lenny), this problem has been fixed in [More...]

   http://www.linuxsecurity.com/content/view/156667

* Debian: 2396-1: qemu-kvm: buffer underflow (Jan 27)
   ---------------------------------------------------
   Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e
   network interface card of KVM, a solution for full virtualization on
   x86 hardware, which could result in denial of service or privilege
   escalation. [More...]

   http://www.linuxsecurity.com/content/view/156664

* Debian: 2395-1: wireshark: buffer underflow (Jan 27)
   ----------------------------------------------------
   Laurent Butti discovered a buffer underflow in the LANalyzer
   dissector of the Wireshark network traffic analyzer, which could lead
   to the execution of arbitrary code (CVE-2012-0068) [More...]

   http://www.linuxsecurity.com/content/view/156662

* Debian: 2394-1: libxml2: Multiple vulnerabilities (Jan 26)
   ----------------------------------------------------------
   Many security problems had been fixed in libxml2, a popular library
   to handle XML data files. CVE-2011-3919: [More...]

   http://www.linuxsecurity.com/content/view/156655

------------------------------------------------------------------------

* Gentoo: 201201-18: bip: Multiple vulnerabilities (Jan 30)
   ---------------------------------------------------------
   Multiple vulnerabilities in bip might allow remote
   unauthenticatedattackers to cause a Denial of Service or possibly
   execute arbitrarycode.

   http://www.linuxsecurity.com/content/view/156669

* Gentoo: 201201-19: Adobe Reader: Multiple vulnerabilities (Jan 30)
   ------------------------------------------------------------------
   Multiple vulnerabilities in Adobe Reader might allow remote
   attackersto execute arbitrary code or conduct various other attacks.

   http://www.linuxsecurity.com/content/view/156670

* Gentoo: 201201-17: Chromium: Multiple vulnerabilities (Jan 27)
   --------------------------------------------------------------
   Multiple vulnerabilities have been reported in Chromium, some of
   whichmay allow execution of arbitrary code.

   http://www.linuxsecurity.com/content/view/156666

* Gentoo: 201201-16: X.Org X Server/X Keyboard Database (Jan 27)
----------------------------------------------------------------
   A debugging functionality in the X.Org X Server that is bound to
   ahotkey by default can be used by local attackers to circumvent
   screenlocking utilities.

   http://www.linuxsecurity.com/content/view/156665

* Gentoo: 201201-15: ktsuss: Privilege escalation (Jan 27)
   --------------------------------------------------------
   Two vulnerabilities have been found in ktsuss, allowing local
   attackersto gain escalated privileges.

   http://www.linuxsecurity.com/content/view/156661

------------------------------------------------------------------------

* Mandriva: 2012:012: apache (Feb 2)
   ----------------------------------
   Multiple vulnerabilities has been found and corrected in apache (ASF
   HTTPD): The log_cookie function in mod_log_config.c in the
   mod_log_config module in the Apache HTTP Server 2.2.17 through
   2.2.21, when a threaded [More...]

   http://www.linuxsecurity.com/content/view/156694

* Mandriva: 2012:011: openssl (Jan 29)
   ------------------------------------
   A vulnerability has been found and corrected in openssl: OpenSSL
   0.9.8s and 1.0.0f does not properly support DTLS applications, which
   allows remote attackers to cause a denial of service via unspecified
   vectors.  NOTE: this vulnerability exists because of an [More...]

   http://www.linuxsecurity.com/content/view/156668

------------------------------------------------------------------------

* Red Hat: 2012:0093-01: php: Critical Advisory (Feb 2)
   -----------------------------------------------------
   Updated php packages that fix one security issue are now available
   for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/156703

* Red Hat: 2012:0095-01: ghostscript: Moderate Advisory (Feb 2)
   -------------------------------------------------------------
   Updated ghostscript packages that fix multiple security issues are
   now available for Red Hat Enterprise Linux 5 and 6. The Red Hat
   Security Response Team has rated this update as having moderate
   [More...]

   http://www.linuxsecurity.com/content/view/156702

* Red Hat: 2012:0096-01: ghostscript: Moderate Advisory (Feb 2)
   -------------------------------------------------------------
   Updated ghostscript packages that fix two security issues are now
   available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/156699

* Red Hat: 2012:0094-01: freetype: Important Advisory (Feb 2)
   -----------------------------------------------------------
   Updated freetype packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 5.6 Extended Update Support.
   The Red Hat Security Response Team has rated this update as having
   [More...]

   http://www.linuxsecurity.com/content/view/156700

* Red Hat: 2012:0092-01: php53: Critical Advisory (Feb 2)
   -------------------------------------------------------
   Updated php53 packages that fix one security issue are now available
   for Red Hat Enterprise Linux 5. The Red Hat Security Response Team
   has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/156701

* Red Hat: 2012:0086-01: openssl: Moderate Advisory (Feb 1)
   ---------------------------------------------------------
   Updated openssl packages that fix two security issues are now
   available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/156689

* Red Hat: 2012:0085-01: thunderbird: Critical Advisory (Feb 1)
   -------------------------------------------------------------
   An updated thunderbird package that fixes two security issues is now
   available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/156684

* Red Hat: 2012:0084-01: seamonkey: Critical Advisory (Feb 1)
   -----------------------------------------------------------
   Updated seamonkey packages that fix two security issues are now
   available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/156685

* Red Hat: 2012:0079-01: firefox: Critical Advisory (Jan 31)
   ----------------------------------------------------------
   Updated firefox packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
   Security Response Team has rated this update as having critical
   [More...]

   http://www.linuxsecurity.com/content/view/156683

* Red Hat: 2012:0080-01: thunderbird: Critical Advisory (Jan 31)
   --------------------------------------------------------------
   An updated thunderbird package that fixes multiple security issues is
   now available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having critical [More...]

   http://www.linuxsecurity.com/content/view/156682

------------------------------------------------------------------------

* Ubuntu: 1354-1: usbmuxd vulnerability (Feb 1)
   ---------------------------------------------
   usbmuxd could be made to crash or run programs if it received
   speciallycrafted input.

   http://www.linuxsecurity.com/content/view/156686

* Ubuntu: 1351-1: AccountsService vulnerability (Jan 31)
   ------------------------------------------------------
   AccountsService could be made to overwrite files as the
   administrator.

   http://www.linuxsecurity.com/content/view/156679

* Ubuntu: 1349-1: X.Org vulnerability (Jan 26)
   --------------------------------------------
   X could be made to start by a user who lacked appropriate
   permissions.

   http://www.linuxsecurity.com/content/view/156654

* Ubuntu: 1348-1: ICU vulnerability (Jan 26)
   ------------------------------------------
   ICU could be made to crash or run programs as your login if itopened
   specially crafted data.

   http://www.linuxsecurity.com/content/view/156649
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux