General Esm W900
This week advisories were released for the Linux kernel, postgreSQL, libexif, libeapache, ClamAV, Firefox, and mod_perl. The distributors include Debian, Gentoo, Mandriva, and Red Hat.


Hakin9 Magazine - Hacking, IT Security and More Subscribe today and get 10% off! Covers all things hackers need including techniques about breaking into computer systems, defense and protection methods. A great new magazine that'll be sure to keep you on the cutting edge. Want to learn more about the magazine?

Get 10% the regular subscription price if you sign up by the end of June!


LinuxSecurity.com Feature Extras:

    Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


Debian: New Linux kernel 2.6.8 packages fix several
16th, June, 2007

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling.

advisories/debian/debian-new-linux-kernel-268-packages-fix-several
Debian: New PostgreSQL 8.1 packages fix privilege escalation
16th, June, 2007

It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called "security definers", which could lead to SQL privilege escalation.

advisories/debian/debian-new-postgresql-81-packages-fix-privilege-escalation
Debian: New libexif packages fix integer overflow
16th, June, 2007

A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitary code via malformed EXIF data.

advisories/debian/debian-new-libexif-packages-fix-integer-overflow-58532
Debian: New libexif packages fix integer overflow
16th, June, 2007

A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitary code via malformed EXIF data.

advisories/debian/debian-new-libexif-packages-fix-integer-overflow-58532
Debian: New PostgreSQL 7.4 packages fix privilege escalation
17th, June, 2007

It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statement called "security definers", which could lead to SQL privilege escalation.

advisories/debian/debian-new-postgresql-74-packages-fix-privilege-escalation
Debian: New libapache-mod-jk packages fix information disclosure
17th, June, 2007

It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.

advisories/debian/debian-new-libapache-mod-jk-packages-fix-information-disclosure
Gentoo: ClamAV Multiple Denials of Service
15th, June, 2007

ClamAV contains several vulnerabilities leading to a Denial of Service. A remote attacker could send a specially crafted file to the scanner, possibly triggering one of the vulnerabilities. The two buffer overflows are reported to only cause Denial of Service. This would lead to a Denial of Service by CPU consumption or a crash of the scanner. The insecure temporary file creation vulnerability could be used by a local user to access sensitive data.

Mandriva: Updated Firefox packages fix multiple
15th, June, 2007

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4. This update provides the latest Firefox to correct these issues.

Mandriva: Updated Firefox packages fix multiple
16th, June, 2007

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4. This update provides the latest Firefox to correct these issues.

RedHat: Moderate: mod_perl security update
18th, June, 2007

Updated mod_perl packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-modperl-security-update-2466