+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 16th, 2012 Volume 13, Number 11 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. ------------------------------------------------------------------------ * Debian: 2433-1: iceweasel: Multiple vulnerabilities (Mar 15) ------------------------------------------------------------ Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. [More...] http://www.linuxsecurity.com/content/view/156972 * Debian: 2432-1: libyaml-libyaml-perl: format string vulnerabiliti (Mar 12) -------------------------------------------------------------------------- Dominic Hargreaves and Niko Tyni discovered two format string vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml library. [More...] http://www.linuxsecurity.com/content/view/156959 * Debian: 2431-1: libdbd-pg-perl: format string vulnerabiliti (Mar 11) -------------------------------------------------------------------- Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl DBI driver for the PostgreSQL database server, which can be exploited by a rogue database server. [More...] http://www.linuxsecurity.com/content/view/156950 * Debian: 2430-1: python-pam: double free (Mar 10) ------------------------------------------------ Markus Vervier discovered a double free in the Python interface to the PAM library, which could lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in [More...] http://www.linuxsecurity.com/content/view/156949 * Debian: 2428-1: freetype: Multiple vulnerabilities (Mar 8) ---------------------------------------------------------- Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed. [More...] http://www.linuxsecurity.com/content/view/156943 ------------------------------------------------------------------------ * Mandriva: 2012:030: systemd (Mar 16) ------------------------------------ A vulnerability has been found and corrected in systemd: A TOCTOU race condition was found in the way the systemd-logind login manager of the systemd, a system and service manager for Linux, performed removal of particular records related with user session upon [More...] http://www.linuxsecurity.com/content/view/156978 * Mandriva: 2012:029: pidgin (Mar 16) ----------------------------------- Multiple vulnerabilities has been discovered and corrected in pidgin: The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname [More...] http://www.linuxsecurity.com/content/view/156973 ------------------------------------------------------------------------ * Red Hat: 2012:0393-01: glibc: Moderate Advisory (Mar 15) -------------------------------------------------------- Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/156971 * Red Hat: 2012:0388-01: thunderbird: Critical Advisory (Mar 14) -------------------------------------------------------------- An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/156964 * Red Hat: 2012:0387-01: firefox: Critical Advisory (Mar 14) ---------------------------------------------------------- Updated firefox packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/156963 * Red Hat: 2012:0376-01: systemtap: Moderate Advisory (Mar 8) ----------------------------------------------------------- Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/156944 ------------------------------------------------------------------------ * Ubuntu: 1398-1: LTSP Display Manager vulnerability (Mar 12) ----------------------------------------------------------- LTSP Display Manager could be made to run programs as an administrator. http://www.linuxsecurity.com/content/view/156960 * Ubuntu: 1397-1: MySQL vulnerabilities (Mar 12) ---------------------------------------------- Several security issues were fixed in MySQL. http://www.linuxsecurity.com/content/view/156952 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
