Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Feature Extras:

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

FTP Attack Case Study Part II: the Lessons - This article presents part II of a case study related to a company network server compromise. Lessons on designing and implementing security are drawn from the case.

(Dec 9)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

(Mar 13)

Several vulnerabilities (SA-CORE-2010-001) have been discovered in drupal6, a fully-featured content management framework. [More...]

(Mar 12)

Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

(Mar 11)

Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page. [More...]

(Mar 11)

CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This [More...]

Debian: 2011-1: dpkg: path traversal (Mar 10)

William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification [More...]

(Mar 10)

Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

(Mar 9)

It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. [More...]

(Mar 8)

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked.

Mandriva: 2010:061: ncpfs (Mar 11)

Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary [More...]

Mandriva: 2010:060: squid (Mar 10)

A vulnerability has been found and corrected in squid: The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers [More...]

Mandriva: 2010:059: virtualbox (Mar 10)

A vulnerability has been found and corrected in virtualbox: Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial [More...]

Mandriva: 2010:058: php (Mar 9)

Multiple vulnerabilities has been found and corrected in php: * Improved LCG entropy. (Rasmus, Samy Kamkar) * Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) [More...]

Mandriva: 2010:057: apache (Mar 6)

A vulnerabilitiy has been found and corrected in apache: The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances [More...]

(Mar 10)

New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix denial of service issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [More Info...]

(Mar 8)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent [More Info...]

SuSE: 2010-016: Linux kernel (Mar 8)

The openSUSE 11.0 kernel was updated to fix following security issues: CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the [More...]

Ubuntu: 907-1: gnome-screensaver vulnerabilities (Mar 8)

It was discovered that gnome-screensaver did not correctly lock all screenswhen monitors get hotplugged. An attacker with physical access could usethis flaw to gain access to a locked session. (CVE-2010-0285) [More...]

Pardus: 2010-38: Sudo: Privilege Escalation (Mar 9)

A security issue has been fixed in sudo, which can be exploited by malicious, local users to gain escalated privileges.

Pardus: 2010-39: Firefox: Multiple Vulnerabilities (Mar 9)

Multiple vulnerabilities have been fixed in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.