Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Aug 15) |
|
Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. For the stable distribution (squeeze), this problem has been fixed in [More...]
|
|
(Aug 14) |
|
Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. The Common Vulnerabilities and Exposures project defines the following issues: [More...]
|
|
(Aug 14) |
|
Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. CVE-2012-1948 [More...]
|
|
(Aug 13) |
|
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: [More...]
|
|
(Aug 12) |
|
Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to [More...]
|
|
|
|
(Aug 14) |
|
A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks.
|
|
(Aug 14) |
|
An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks.
|
|
(Aug 14) |
|
Multiple vulnerabilities have been found in Gajim, the worst of which may allow execution of arbitrary code.
|
|
(Aug 14) |
|
Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code.
|
|
(Aug 14) |
|
Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code.
|
|
(Aug 14) |
|
A buffer overflow in socat might allow remote attackers to execute arbitrary code.
|
|
|
|
Mandriva: 2012:138: acpid (Aug 17) |
|
A vulnerability has been discovered and corrected in acpid: Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI [More...]
|
|
Mandriva: 2012:137: acpid (Aug 17) |
|
Multiple vulnerabilities has been discovered and corrected in acpid: Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges (CVE-2011-2777). [More...]
|
|
Mandriva: 2012:136: phpmyadmin (Aug 17) |
|
Multiple cross-site scripting (XSS) vulnerabilities was discovered by using the Database structure page with a crafted table name (CVE-2012-4345). This upgrade provides the latest phpmyadmin version (3.4.11.1) to [More...]
|
|
Mandriva: 2012:135: wireshark (Aug 16) |
|
Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). [More...]
|
|
Mandriva: 2012:134: wireshark (Aug 16) |
|
Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). [More...]
|
|
Mandriva: 2012:133: usbmuxd (Aug 16) |
|
It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user (CVE-2012-0065). [More...]
|
|
Mandriva: 2012:132: glpi (Aug 15) |
|
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) flaws has been found and corrected in GLPI (CVE-2012-4002, CVE-2012-4003). This advisory provides the latest version of GLPI (0.83.4) which are [More...]
|
|
Mandriva: 2012:131: libotr (Aug 13) |
|
A vulnerability was found and corrected in libotr: Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can [More...]
|
|
Mandriva: 2012:130: openldap (Aug 11) |
|
A vulnerability was found and corrected in openldap: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes [More...]
|
|
Mandriva: 2012:129-1: busybox (Aug 10) |
|
Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow (CVE-2006-1168). [More...]
|
|
Mandriva: 2012:129: busybox (Aug 10) |
|
Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow (CVE-2006-1168). [More...]
|
|
Mandriva: 2012:128: bash (Aug 9) |
|
A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names ('test' command) and evaluating /dev/fd file [More...]
|
|
|
|
Red Hat: 2012:1173-01: flash-plugin: Critical Advisory (Aug 15) |
|
An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
|
|
Red Hat: 2012:1169-01: condor: Important Advisory (Aug 14) |
|
Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2012:1156-01: kernel: Moderate Advisory (Aug 14) |
|
Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2012:1168-01: condor: Important Advisory (Aug 14) |
|
Updated condor packages that fix one security issue are now available for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
|
|
|
|
(Aug 16) |
|
New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. [More Info...]
|
|
(Aug 16) |
|
New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. [More Info...]
|
|
|
|
Ubuntu: 1482-3: ClamAV regression (Aug 16) |
|
USN-1482-1 introduced a regression in ClamAV that could cause it to failto scan certain documents.
|
|
Ubuntu: 1541-1: libotr vulnerability (Aug 16) |
|
Applications using Off-the-Record messaging plugins could be madeto crash or run programs if it received specially crafted networkmessages.
|
|
Ubuntu: 1539-1: Linux kernel (Oneiric backport) vulnerabilities (Aug 14) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1538-1: Linux kernel (Natty backport) vulnerabilities (Aug 14) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1537-1: OpenOffice.org vulnerability (Aug 13) |
|
OpenOffice.org could be made to crash or run programs as your login if itopened a specially crafted file.
|
|
Ubuntu: 1535-1: Linux kernel vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1534-1: Linux kernel (EC2) vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1533-1: Linux kernel vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1532-1: Linux kernel (OMAP4) vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1531-1: Linux kernel vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1530-1: Linux kernel (OMAP4) vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1529-1: Linux kernel vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1514-1: Linux kernel (OMAP4) vulnerabilities (Aug 10) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 1527-1: Expat vulnerabilities (Aug 10) |
|
Expat could be made to cause a denial of service by consuming excessive CPUand memory resources.
|
|
Ubuntu: 1525-1: Calligra vulnerability (Aug 9) |
|
Calligra could be made to crash or run programs as your login if it openeda specially crafted file.
|
|
Ubuntu: 1526-1: KOffice vulnerability (Aug 9) |
|
KOffice could be made to crash or run programs as your login if it openeda specially crafted file.
|
