This week, advisories were released for sympa, dbus, selinux-policy, libetpan, perl, python, libgnomeeui, xine-lib, firefox, seamonkey, ruby, samba, and openssl. The distributors include Debian, Fedora, Gentoo, Red Hat, and Ubuntu.
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Review: The Book of Wireless - "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
|
EnGarde Secure Community 3.0.19 Now Available! (Apr 15) |
|
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. news/vendors-products/engarde-secure-community-3019-now-available
|
|
|
|
Debian: New sympa packages fix denial of service (Jul 1) |
|
It was discovered that sympa, a modern mailing list manager, would crash when processing certain types of malformed messages. advisories/debian/debian-new-sympa-packages-fix-denial-of-service
|
|
Debian: New dbus packages fix privilege escalation (Jun 26) |
|
Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation. advisories/debian/debian-new-dbus-packages-fix-privilege-escalation
|
|
|
|
Fedora 9 Update: selinux-policy-3.3.1-72.fc9 (Jul 1) |
|
SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2624. advisories/fedora/fedora-9-update-selinux-policy-331-72fc9-01-26-00-139248
|
|
Fedora 8 Update: libetpan-0.54-1.fc8 (Jun 26) |
|
Update to new upstream version 0.54 fixing a crash (NULL pointer dereference) in the mail message header parser. Note: There is no application in Fedora using libetpan library for which such crash could be considered a security issue. This can only be a security sensitive issue for some 3rd party, not packages applications. advisories/fedora/fedora-8-update-libetpan-054-1fc8-04-38-00-139125
|
|
Fedora 9 Update: perl-5.10.0-27.fc9 (Jun 26) |
|
CVE-2008-2827 perl: insecure use of chmod in rmtree advisories/fedora/fedora-9-update-perl-5100-27fc9-04-36-00-139106
|
|
|
|
Gentoo: Motion Execution of arbitrary code (Jul 1) |
|
Multiple vulnerabilities in Motion might result in the execution of arbitrary code.
|
|
Gentoo: Python Multiple integer overflows (Jul 1) |
|
Multiple integer overflows may allow for Denial of Service.
|
|
|
|
Mandriva: Updated libgnomeui2 packages fix text rendering bug (Jun 30) |
|
A missing initialization was preventing correct text rendering in the GTK2 file selector, when using non-UTF8 locales. This updated package fixes this issue, as well as memory leaks and also includes new translations from the GNOME 2.22.2 release.
|
|
Mandriva: Updated xine-lib packages fix vulnerability in (Jun 26) |
|
A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686).
|
|
|
|
RedHat: Critical: firefox security update (Jul 2) |
|
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-firefox-security-update-38591
|
|
RedHat: Moderate: Red Hat Application Stack v1.3 (Jul 2) |
|
Red Hat Application Stack v1.3 is now available. This update fixes a security issue and adds several enhancements. This updated has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-red-hat-application-stack-v13
|
|
RedHat: Moderate: Red Hat Application Stack v2.1 (Jul 2) |
|
Red Hat Application Stack v2.1 is now available. This update fixes various security issues and adds several enhancements. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-red-hat-application-stack-v21
|
|
RedHat: Critical: seamonkey security update (Jul 2) |
|
This update has been rated as having critical security impact by the Red Hat Security Response Team.Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. advisories/red-hat/redhat-critical-seamonkey-security-update-3241
|
|
RedHat: Critical: firefox security update (Jul 2) |
|
An updated firefox package that fixes several security issues is now available for Red Hat Enterprise Linux 4. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. advisories/red-hat/redhat-critical-firefox-security-update-38591
|
|
|
|
Slackware: ruby (Jun 28) |
|
New ruby packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2008-2662 https://www.cve.org/CVERecord?id=CVE-2008-2663 https://www.cve.org/CVERecord?id=CVE-2008-2664 https://www.cve.org/CVERecord?id=CVE-2008-2725 https://www.cve.org/CVERecord?id=CVE-2008-2726
|
|
|
|
Ubuntu: Firefox vulnerabilities (Jul 2) |
|
Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799) advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643
|
|
Ubuntu: Samba regression (Jun 30) |
|
Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572) advisories/ubuntu/ubuntu-samba-regression-40222
|
|
Ubuntu: Ruby vulnerabilities (Jun 26) |
|
Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. advisories/ubuntu/ubuntu-ruby-vulnerabilities-97955
|
|
Ubuntu: OpenSSL vulnerabilities (Jun 26) |
|
It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. (CVE-2008-0891) It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. (CVE-2008-1672) advisories/ubuntu/ubuntu-openssl-vulnerabilities-29155
|
Jul 04, 2008
•
Anthony Pell
PREVIOUS
NEXT
