Debian: Security Advisory for PHP and OpenOffice Critical Issues
Accelerate your career with a Master in Information Assurance from Norwich - The NSA has designated Norwich University a center of Academic Excellence in Information Security.
Our program offers unparalleled Infosec management education and the case study offers you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.
Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian: New gfax packages fix privilege escalation | ||
| 5th, July, 2007
Steve Kemp from the Debian Security Audit project discovered that gfax, a GHOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitary commands with the privileges of the root user. |
||
| Debian: New php5 packages fix arbitrary code execution | ||
| 7th, July, 2007
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: |
||
| Debian: New php4 packages fix arbitrary code execution | ||
| 7th, July, 2007
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: |
||
| Debian: New vlc packages fix arbitrary code execution | ||
| 9th, July, 2007
Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identified these flaws. |
||
| Gentoo: Webmin, Usermin Cross-site scripting vulnerabilities | ||
| 5th, July, 2007
Webmin and Usermin are vulnerable to cross-site scripting vulnerabilities (XSS). An unauthenticated attacker could entice a user to browse a specially crafted URL, allowing for the execution of script code in the context of the user's browser and for the theft of browser credentials. This may permit the attacker to login to Webmin or Usermin with the user's permissions. |
||
| Gentoo: XnView Stack-based buffer overflow | ||
| 11th, July, 2007
XnView is vulnerable to a stack-based buffer overflow and possible remote code execution when handling XPM image files.An attacker could entice a user to view a specially crafted XPM file with XnView that could trigger the vulnerability and possibly execute arbitrary code with the rights of the user running XnView. |
||
| Mandriva: Updated apache packages fix multiple security | ||
| 5th, July, 2007
A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. |
||
| Mandriva: Updated apache packages fix multiple security | ||
| 5th, July, 2007
A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled (CVE-2006-5752). |
||
| Mandriva: Updated mplayer packages fix buffer overflow | ||
| 10th, July, 2007
Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. Updated packages have been patched to prevent this issue. |
||
| Mandriva: Updated OpenOffice.org packages fix RTF import | ||
| 10th, July, 2007
A heap overflow flaw was found in the RTF import filter of OpenOffice.org. If a victim were to open a specially-crafted RTF file, OpenOffice.org could crash or possibly execute arbitrary code. Updated packages have been patched to prevent the above issues. |
||
| Mandriva: Updated wireshark packages fix multiple | ||
| 11th, July, 2007
A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or exhaustion of system memory. This updated provides wireshark 0.99.6 which is not vulnerable to these issues. |
||
| RedHat: Moderate: xorg-x11 security update | ||
| 12th, July, 2007
Updated X.org packages that correct a flaw in the way the X.Org X11 xfs font server starts are now available for Red Hat Enterprise Linux. The init.d xfs script chown has race condition vulnerability. This update has been rated as having moderate security impact by the Red Hat Security Response Team. |
||
| RedHat: Moderate: kernel security and bug fix update | ||
| 10th, July, 2007
Updated kernel packages that fix a security issue and a bug in the Red Hat Enterprise Linux 5 kernel are now available. A flaw in the signal handling on PowerPC-based systems that allowed a local user to cause a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team. |
||
| RedHat: Moderate: xorg-x11-xfs security update | ||
| 12th, July, 2007
Updated X.org packages that address a flaw in the way the X.Org X11 xfs font server starts are now available for Red Hat Enterprise Linux 5.A temporary file flaw was found in the way the X.Org X11 xfs font server startup script executes. A local user could modify the permissions of a file of their choosing, possibly elevating their local privileges. This update has been rated as having moderate security impact by the Red Hat Security Response Team. |
||
| RedHat: Moderate: perl-Net-DNS security update | ||
| 12th, July, 2007
Updated perl-Net-DNS packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 5.A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding. This update has been rated as having moderate security impact by the Red Hat Security Response Team. |
||
| RedHat: Moderate: perl-Net-DNS security update | ||
| 12th, July, 2007
An updated perl-Net-DNS package that corrects a security issue is now available for Red Hat Enterprise Linux 4.A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. This update has been rated as having moderate security impact by the Red Hat Security Response Team. |
||
| RedHat: Critical: flash-plugin security update | ||
| 12th, July, 2007
An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. An input validation flaw was found in the way Flash Player displayed certain content. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious Adobe Flash file. This update has been rated as having critical security impact by the Red Hat Security Response Team. |
||
| Ubuntu: ImageMagick vulnerabilities | ||
| 10th, July, 2007
Multiple vulnerabilities were found in ImageMagick's handling of DCM and WXD image files. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges. |
||
| Ubuntu: OpenOffice.org vulnerability | ||
| 11th, July, 2007
John Heasman discovered that OpenOffice did not correctly validate the sizes of tags in RTF documents. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. |
||
