Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Feb 6) |
|
Security Report Summary
|
|
(Feb 5) |
|
Security Report Summary
|
|
(Feb 3) |
|
Security Report Summary
|
|
(Feb 3) |
|
Security Report Summary
|
|
(Feb 3) |
|
Security Report Summary
|
|
(Feb 2) |
|
Security Report Summary
|
|
(Feb 2) |
|
Security Report Summary
|
|
(Jan 31) |
|
Security Report Summary
|
|
(Jan 30) |
|
Security Report Summary
|
|
(Jan 30) |
|
Security Report Summary
|
|
(Jan 30) |
|
Security Report Summary
|
|
(Jan 29) |
|
Security Report Summary
|
|
|
|
Mandriva: 2015:037: vorbis-tools (Feb 6) |
|
Updated vorbis-tools package fixes security vulnerability: oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file (CVE-2014-9640). [More...]
|
|
Mandriva: 2015:036: python-django (Feb 6) |
|
Updated python-django packages fix security vulnerabilities: Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments (CVE-2015-0219). [More...]
|
|
Mandriva: 2015:035: libvirt (Feb 6) |
|
Updated libvirt packages fix security vulnerability: The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish [More...]
|
|
Mandriva: 2015:034: jasper (Feb 6) |
|
Updated jasper packages fix security vulnerabilities: An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, [More...]
|
|
Mandriva: 2015:033: java-1.7.0-openjdk (Feb 6) |
|
Updated java-1.7.0 packages fix security vulnerabilities: A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions [More...]
|
|
Mandriva: 2015:032: php (Feb 5) |
|
Multiple vulnerabilities has been discovered and corrected in php: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during [More...]
|
|
Mandriva: 2015:028: aircrack-ng (Feb 5) |
|
Updated aircrack-ng package fixes security vulnerabilities: A length parameter inconsistency in Aircrack-ng before 1.2-rc1 at aireplay tcp_test() which may lead to remote code execution (CVE-2014-8322). [More...]
|
|
Mandriva: 2015:030: bugzilla (Feb 5) |
|
Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes [More...]
|
|
Mandriva: 2015:031: busybox (Feb 5) |
|
Updated busybox packages fix security vulnerability: The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this (CVE-2014-9645). [More...]
|
|
Mandriva: 2015:029: binutils (Feb 5) |
|
Multiple vulnerabilities has been found and corrected in binutils: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause [More...]
|
|
|
|
Red Hat: 2015:0134-01: java-1.7.0-ibm: Critical Advisory (Feb 5) |
|
Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
Red Hat: 2015:0133-01: java-1.7.1-ibm: Critical Advisory (Feb 5) |
|
Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
Red Hat: 2015:0136-01: java-1.5.0-ibm: Important Advisory (Feb 5) |
|
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2015:0135-01: java-1.6.0-ibm: Critical Advisory (Feb 5) |
|
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
|
Red Hat: 2015:0118-01: mariadb: Moderate Advisory (Feb 3) |
|
Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2015:0117-01: mariadb55-mariadb: Moderate Advisory (Feb 3) |
|
Updated mariadb55-mariadb packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2015:0116-01: mysql55-mysql: Moderate Advisory (Feb 3) |
|
Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2015:0115-01: kernel: Important Advisory (Feb 3) |
|
Updated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security [More...]
|
|
Red Hat: 2015:0113-01: libvncserver: Moderate Advisory (Feb 2) |
|
Updated libvncserver packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
Red Hat: 2015:0112-01: libyaml: Moderate Advisory (Feb 2) |
|
Updated libyaml packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
|
|
Ubuntu: 2494-1: file vulnerabilities (Feb 4) |
|
file could be made to crash if it opened a specially crafted file.
|
|
Ubuntu: 2469-2: Django regression (Feb 4) |
|
USN-2469-1 caused a regression in Django.
|
|
Ubuntu: 2491-1: Linux kernel (EC2) vulnerabilities (Feb 3) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2493-1: Linux kernel (OMAP4) vulnerabilities (Feb 3) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2492-1: Linux kernel vulnerabilities (Feb 3) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2490-1: Linux kernel vulnerabilities (Feb 3) |
|
Several security issues were fixed in the kernel.
|
|
Ubuntu: 2489-1: unzip vulnerability (Feb 3) |
|
|
|
Ubuntu: 2488-1: ClamAV vulnerability (Feb 2) |
|
ClamAV could be made to crash or run programs if it processed a speciallycrafted file.
|
