| Main Archive Page > Month Archives > linux-advisory-watch archives |
Linux Advisory Watch: February 11th, 2011
From: <vuln-newsletter-admins_at_nospam>Date: Sat Feb 12 2011 - 03:16:22 GMT
To: vuln-newsletter@linuxsecurity.com
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| February 11th, 2011 Volume 12, Number 7 |
| |
| Editorial Team: Dave Wreski <dwreski@linuxsecurity.com> |
| Benjamin D. Thomas <bthomas@linuxsecurity.com> |
+----------------------------------------------------------------------+
Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.
Review: The Official Ubuntu Book
--------------------------------
If you haven't used Linux before, are new to Ubuntu, or would like a
quick update on the latest in open source advancements for the desktop,
then The Official Ubuntu Book is a great place to start.
http://www.linuxsecurity.com/content/view/153159
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available!
----------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: 2159-1: vlc: missing input sanitising (Feb 10)
------------------------------------------------------
Dan Rosenberg discovered that insufficient input validation in VLC's
processing of Matroska/WebM containers could lead to the execution of
arbitrary code. [More...]
http://www.linuxsecurity.com/content/view/154346
* Debian: 2158-1: cgiirc: cross-site scripting (Feb 9)
----------------------------------------------------
Michael Brooks (Sitewatch) discovered a reflective XSS flaw in
cgiirc, a web based IRC client, which could lead to the execution of
arbitrary javascript. [More...]
http://www.linuxsecurity.com/content/view/154335
* Debian: 2157-1: postgresql-8.3, postgresql-8.4, postgresql-9.0: buffer overflow (Feb 3)
---------------------------------------------------------------------------------------
It was discovered that PostgreSQL's intarray contrib module does not
properly handle integers with a large number of digits, leading to a
server crash and potentially arbitary code execution. [More...]
http://www.linuxsecurity.com/content/view/154301
------------------------------------------------------------------------
* Mandriva: 2011:025: krb5 (Feb 9)
--------------------------------
Multiple vulnerabilities were discovered and corrected in krb5: The
MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a
denial-of-service attack triggered by invalid network input. If a
kpropd worker process receives invalid input that causes it to exit
[More...]
http://www.linuxsecurity.com/content/view/154332
* Mandriva: 2011:024: krb5 (Feb 9)
--------------------------------
Multiple vulnerabilities were discovered and corrected in krb5: The
MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial
of service attacks from unauthenticated remote attackers
(CVE-2011-0281, CVE-2011-0282). [More...]
http://www.linuxsecurity.com/content/view/154331
* Mandriva: 2011:023: proftpd (Feb 8)
-----------------------------------
A vulnerability has been found and corrected in proftpd: Heap-based
buffer overflow in the sql_prepare_where function (contrib/mod_sql.c)
in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote
attackers to cause a denial of service (crash) and [More...]
http://www.linuxsecurity.com/content/view/154325
* Mandriva: 2011:022: dhcp (Feb 7)
--------------------------------
A vulnerability has been found and corrected in dhcp: The DHCPv6
server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and
4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote
attackers to cause a denial of service (assertion failure and daemon
[More...]
http://www.linuxsecurity.com/content/view/154317
* Mandriva: 2011:021: postgresql (Feb 7)
--------------------------------------
A vulnerability was discovered and corrected in postgresql: Buffer
overflow in the gettoken function in contrib/intarray/_int_bool.c in
the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x
before 8.4.7, 8.3.x before 8.3.14, and 8.2.x [More...]
http://www.linuxsecurity.com/content/view/154314
------------------------------------------------------------------------
* Red Hat: 2011:0214-01: java-1.6.0-openjdk: Moderate Advisory (Feb 10)
---------------------------------------------------------------------
Updated java-1.6.0-openjdk packages that fix one security issue are
now available for Red Hat Enterprise Linux 5 and 6. The Red Hat
Security Response Team has rated this update as having moderate
[More...]
http://www.linuxsecurity.com/content/view/154347
* Red Hat: 2011:0206-01: flash-plugin: Critical Advisory (Feb 9)
--------------------------------------------------------------
An updated Adobe Flash Player package that fixes multiple security
issues is now available for Red Hat Enterprise Linux 5 and 6
Supplementary. The Red Hat Security Response Team has rated this
update as having critical [More...]
http://www.linuxsecurity.com/content/view/154333
* Red Hat: 2011:0200-01: krb5: Important Advisory (Feb 8)
-------------------------------------------------------
Updated krb5 packages that fix three security issues are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/154327
* Red Hat: 2011:0199-01: krb5: Important Advisory (Feb 8)
-------------------------------------------------------
Updated krb5 packages that fix two security issues are now available
for Red Hat Enterprise Linux 5. The Red Hat Security Response Team
has rated this update as having [More...]
http://www.linuxsecurity.com/content/view/154326
* Red Hat: 2011:0198-01: postgresql84: Moderate Advisory (Feb 3)
--------------------------------------------------------------
Updated postgresql84 packages that fix one security issue are now
available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154305
* Red Hat: 2011:0197-01: postgresql: Moderate Advisory (Feb 3)
------------------------------------------------------------
Updated postgresql packages that fix one security issue are now
available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat
Security Response Team has rated this update as having moderate
[More...]
http://www.linuxsecurity.com/content/view/154304
* Red Hat: 2011:0195-01: php: Moderate Advisory (Feb 3)
-----------------------------------------------------
Updated php packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154302
* Red Hat: 2011:0196-01: php53: Moderate Advisory (Feb 3)
-------------------------------------------------------
Updated php53 packages that fix three security issues are now
available for Red Hat Enterprise Linux 5. The Red Hat Security
Response Team has rated this update as having moderate [More...]
http://www.linuxsecurity.com/content/view/154303
------------------------------------------------------------------------
* Slackware: 2011-041-02: expat: Security Update (Feb 10)
-------------------------------------------------------
New expat packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, and -current to fix security issues. [More
Info...]
http://www.linuxsecurity.com/content/view/154351
* Slackware: 2011-041-04: openssl: Security Update (Feb 10)
---------------------------------------------------------
New openssl packages are available for 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, and -current to fix a security issue. [More Info...]
http://www.linuxsecurity.com/content/view/154352
* Slackware: 2011-041-01: apr-util: Security Update (Feb 10)
----------------------------------------------------------
New apr and apr-util packages are available for Slackware 11.0, 12.0,
12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. [More
Info...]
http://www.linuxsecurity.com/content/view/154348
* Slackware: 2011-041-03: httpd: Security Update (Feb 10)
-------------------------------------------------------
New httpd packages are available for Slackware 12.0, 12.1, 12.2,
13.0, 13.1, and -current to fix security issues. [More Info...]
http://www.linuxsecurity.com/content/view/154349
* Slackware: 2011-041-05: sudo: Security Update (Feb 10)
------------------------------------------------------
New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a
security issue. [More Info...]
http://www.linuxsecurity.com/content/view/154350
------------------------------------------------------------------------
* SuSE: 2011-008: Linux kernel (Feb 11)
-------------------------------------
This patch updates the SUSE Linux Enterprise Server 9 kernel to fix
various security issues and some bugs. Following security issues were
fixed: CVE-2010-4242: The hci_uart_tty_open function in the HCI UART
driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel did not
verify [More...]
http://www.linuxsecurity.com/content/view/154353
* SuSE: Weekly Summary 2011:003 (Feb 8)
-------------------------------------
To avoid flooding mailing lists with SUSE Security Announcements for
minor issues, SUSE Security releases weekly summary reports for the
low profile vulnerability fixes. The SUSE Security Summary Reports do
not list or download URLs like the SUSE Security Announcements that
are released for more severe vulnerabilities. List of
vulnerabilities in this summary include: gnutls, tomcat6,
perl-CGI-Simple, pcsc-lite, obs-server, dhcp, java-1_6_0-openjdk,
opera.
http://www.linuxsecurity.com/content/view/154320
------------------------------------------------------------------------
* Ubuntu: 1060-1: Exim vulnerabilities (Feb 10)
---------------------------------------------
It was discovered that Exim contained a design flaw in the way it
processedalternate configuration files. An attacker that obtained
privileges of the"Debian-exim" user could use an alternate
configuration file to obtainroot privileges. (CVE-2010-4345)
[More...]
http://www.linuxsecurity.com/content/view/154345
* Ubuntu: 1059-1: Dovecot vulnerabilities (Feb 7)
-----------------------------------------------
It was discovered that the ACL plugin in Dovecot would
incorrectlypropagate ACLs to new mailboxes. A remote authenticated
user could possiblyread new mailboxes that were created with the
wrong ACL. (CVE-2010-3304) [More...]
http://www.linuxsecurity.com/content/view/154318
* Ubuntu: 1058-1: PostgreSQL vulnerability (Feb 3)
------------------------------------------------
Geoff Keating reported that a buffer overflow exists in the
intarraymodule's input function for the query_int type. This could
allow anattacker to cause a denial of service or possibly execute
arbitrarycode as the postgres user. [More...]
http://www.linuxsecurity.com/content/view/154306
* Ubuntu: 1057-1: Linux kernel vulnerabilities (Feb 3)
----------------------------------------------------
Dave Chinner discovered that the XFS filesystem did not correctly
orderinode lookups when exported by NFS. A remote attacker could
exploit this toread or write disk blocks that had changed file
assignment or had becomeunlinked, leading to a loss of privacy.
(CVE-2010-2943) [More...]
http://www.linuxsecurity.com/content/view/154300
------------------------------------------------------------------------
* Pardus: 2011-26: Php: Multiple Vulnerabilities (Feb 9)
------------------------------------------------------
Multiple Vulnerabilities have been fixed in php.
http://www.linuxsecurity.com/content/view/154334
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------