Linux Advisory Watch: August 7th, 2015

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 262

Linux Advisory Watch: August 7th, 2015

Anthonypell Copy 2
Anthony Pell
4 - 7 min read 1790 08/07/2015
Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Essential tools for hardening and securing Unix based Environments - System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services.

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  Debian: 3329-1: linux: Summary (Aug 7)
 

Security Report Summary
  Debian: 3328-2: wordpress: Summary (Aug 4)
 

Security Report Summary
  Debian: 3328-1: wordpress: Summary (Aug 4)
 

Security Report Summary
  Debian: 3327-1: squid3: Summary (Aug 3)
 

Security Report Summary
  Debian: 3326-1: ghostscript: Summary (Aug 2)
 

Security Report Summary
  Debian: 3325-1: apache2: Summary (Aug 1)
 

Security Report Summary
  Debian: 3324-1: icedove: Summary (Aug 1)
 

Security Report Summary
  Debian: 3323-1: icu: Summary (Aug 1)
 

Security Report Summary
  Debian: 3322-1: ruby-rack: Summary (Jul 31)
 

Security Report Summary
  Debian: 3321-1: xmltooling: Summary (Jul 30)
 

Security Report Summary
  Debian: 3320-1: openafs: Summary (Jul 30)
 

Security Report Summary
  Fedora 21 drupal6-cck-2.10-1.fc21 (Aug 7)
 

https://www.drupal.org/project/cck
  Fedora 21 lighttpd-1.4.36-1.fc21 (Aug 7)
 

Latest upstream security release:https://www.lighttpd.net/2015/7/26/1.4.36/
  Fedora 22 drupal6-cck-2.10-1.fc22 (Aug 7)
 

https://www.drupal.org/project/cck
  Fedora 22 mantis-1.2.19-3.fc22 (Aug 7)
 

Security fix for CVE-2015-5059
  Fedora 22 lighttpd-1.4.36-1.fc22 (Aug 7)
 

Latest upstream security release:https://www.lighttpd.net/2015/7/26/1.4.36/
  Fedora 21 mantis-1.2.19-3.fc21 (Aug 7)
 

Security fix for CVE-2015-5059
  Fedora 22 opensaml-java-openws-1.5.5-2.fc22 (Aug 7)
 

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
  Fedora 22 opensaml-java-2.5.3-9.fc22 (Aug 7)
 

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
  Fedora 21 opensaml-java-openws-1.5.5-2.fc21 (Aug 7)
 

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
  Fedora 21 opensaml-java-2.5.3-9.fc21 (Aug 7)
 

* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
  Fedora 22 openstack-swift-2.2.0-5.fc22 (Aug 7)
 

This update fixes CVE-2015-1856, unauthorized deletion of versioned Swift object.
  Fedora 22 kernel-4.1.3-201.fc22 (Aug 5)
 

Fixes for CVE-2015-3290 CVE-2015-3291 CVE-2015-1333 in the kernel.Also fixes for a minor warning in pcmcia.
  Fedora 21 quassel-0.11.0-2.fc21 (Aug 4)
 

Security fix BZ1205130 - patch for CTCP Denial of ServiceNew upstream release of Quassel IRC Client
  Fedora 21 libuser-0.62-1.fc21 (Aug 3)
 

Security fix for CVE-2015-3245, CVE-2015-3246
  Fedora 21 openssh-6.6.1p1-15.fc21 (Aug 3)
 

Handle terminal control characters in scp progressmeter (#1247204) -- Security fix
  Fedora 22 bind99-9.9.7-6.P2.fc22 (Jul 31)
 

Update to 9.9.7-P2 to fix CVE-2015-5477
  Fedora 21 bind-9.9.6-10.P1.fc21 (Jul 31)
 

Include fix for CVE-2015-5477
  Fedora 22 bind-9.10.2-4.P3.fc22 (Jul 31)
 

Update to 9.10.2-P3 to fix CVE-2015-5477
  Fedora 22 openssh-6.9p1-4.fc22 (Jul 31)
 

Handle terminal control characters in scp progressmeter (#1247204) -- Security fix
  Fedora 22 openssh-6.9p1-3.fc22 (Jul 30)
 

Security fix for CVE-2015-5600
  Fedora 22 xrdp-0.9.0-4.fc22 (Jul 30)
 

Add epoch again. New version. Close bug #1105202 again. Own /etc/xrdp/pulse directory. Reapply service file changes again. Fix sesman default configuration again.
  Fedora 22 libuser-0.62-1.fc22 (Jul 30)
 

Security fix for CVE-2015-3245, CVE-2015-3246
  Red Hat: 2015:1565-01: kernel-rt: Moderate Advisory (Aug 6)
 

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]
  Red Hat: 2015:1564-01: kernel-rt: Moderate Advisory (Aug 6)
 

Updated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. [More...]
  Red Hat: 2015:1534-01: kernel: Moderate Advisory (Aug 6)
 

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
  Red Hat: 2015:1544-01: java-1.5.0-ibm: Important Advisory (Aug 4)
 

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:1545-01: node.js: Important Advisory (Aug 4)
 

Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.1. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:1546-01: node.js: Important Advisory (Aug 4)
 

Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.0. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2015:1526-01: java-1.6.0-openjdk: Important Advisory (Jul 30)
 

Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
  Ubuntu: 2707-1: Firefox vulnerability (Aug 7)
 

Firefox could be made to expose sensitive information from local files.
  Ubuntu: 2705-1: Keystone vulnerabilities (Aug 6)
 

Keystone could be made to expose sensitive information over thenetwork.
  Ubuntu: 2703-1: Cinder vulnerability (Aug 6)
 

Cinder could be made to access unintended files over the network by anauthenticated user.
  Ubuntu: 2704-1: Swift vulnerabilities (Aug 6)
 

Several security issues were fixed in Swift.
  Ubuntu: 2677-1: Oxide vulnerabilities (Aug 4)
 

Several security issues were fixed in Oxide.
  Ubuntu: 2701-1: Linux kernel (Trusty HWE) vulnerabilities (Jul 30)
 

Several security issues were fixed in the kernel.
  Ubuntu: 2700-1: Linux kernel vulnerabilities (Jul 30)
 

Several security issues were fixed in the kernel.
  Ubuntu: 2699-1: HPLIP vulnerability (Jul 30)
 

HPLIP could be tricked into downloading a different GPG key whenperforming printer plugin installations.
  Ubuntu: 2698-1: SQLite vulnerabilities (Jul 30)
 

SQLite could be made to crash or run programs if it processed speciallycrafted queries.
  Ubuntu: 2697-1: Ghostscript vulnerability (Jul 30)
 

Ghostscript could be made to crash or run programs if it processed aspecially crafted file.
  Ubuntu: 2696-1: OpenJDK 7 vulnerabilities (Jul 30)
 

Several security issues were fixed in OpenJDK 7.

News

Advisories

HOWTOs

Features

Thank You for Participating in Our Security Dashboard Redesign Survey
Web App Vs. Progressive Web App: How Are They Different?
Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Email Security FAQs Answered by Guardian Digital
Hacker's Corner: Complete Guide to Keylogging in Linux - Part 3

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy