Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.
Vulnerabilities affect nearly every vendor virtually every week, so
be sure to read through to find the updates your distributor have
made available.
|
(Nov 20) |
|
The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour (#729965). This update disables host verification too when using the --insecure option. [More...]
|
|
(Nov 17) |
|
Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust [More...]
|
|
(Nov 17) |
|
Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 [More...]
|
|
Debian: 2795-2: lighttpd: regression (Nov 16) |
|
It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification. [More...]
|
|
|
|
(Nov 20) |
|
Multiple vulnerabilities have been found in OpenVPN, allowing remote attackers to read encrypted traffic.
|
|
(Nov 20) |
|
A vulnerability in Open DC Hub could result in execution of arbitrary code.
|
|
(Nov 20) |
|
A stack-based buffer overflow in CTorrent might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition.
|
|
(Nov 18) |
|
Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.
|
|
|
|
Mandriva: 2013:278: samba (Nov 21) |
|
A vulnerability has been found and corrected in samba: Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL [More...]
|
|
Mandriva: 2013:277: lighttpd (Nov 21) |
|
Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain [More...]
|
|
Mandriva: 2013:276: curl (Nov 21) |
|
Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host [More...]
|
|
Mandriva: 2013:271: pmake (Nov 21) |
|
Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related [More...]
|
|
Mandriva: 2013:273: libjpeg (Nov 21) |
|
Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). [More...]
|
|
Mandriva: 2013:275: krb5 (Nov 21) |
|
Updated krb5 package fixes security vulnerabily: If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user [More...]
|
|
Mandriva: 2013:272: poppler (Nov 21) |
|
Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in [More...]
|
|
Mandriva: 2013:274: libjpeg (Nov 21) |
|
Updated libjpeg packages fix security vulnerabilities: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create [More...]
|
|
Mandriva: 2013:270: nss (Nov 21) |
|
Multiple security issues was identified and fixed in mozilla NSPR and NSS: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which [More...]
|
|
Mandriva: 2013:268: torque (Nov 21) |
|
Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the [More...]
|
|
Mandriva: 2013:269: firefox (Nov 21) |
|
Multiple security issues was identified and fixed in mozilla NSPR, NSS and firefox: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which [More...]
|
|
Mandriva: 2013:267: java-1.7.0-openjdk (Nov 21) |
|
Updated java-1.7.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to [More...]
|
|
Mandriva: 2013:266: java-1.6.0-openjdk (Nov 21) |
|
Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to [More...]
|
|
|
|
Red Hat: 2013:1752-01: 389-ds-base: Important Advisory (Nov 21) |
|
Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2013:1661-02: RDMA stack: Moderate Advisory (Nov 21) |
|
Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2013:1701-02: sudo: Low Advisory (Nov 21) |
|
An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:1732-02: busybox: Low Advisory (Nov 21) |
|
Updated busybox packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:1674-02: dracut: Moderate Advisory (Nov 21) |
|
Updated dracut packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1615-02: php: Moderate Advisory (Nov 20) |
|
Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1620-02: xorg-x11-server: Low Advisory (Nov 20) |
|
Updated xorg-x11-server packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:1652-02: coreutils: Low Advisory (Nov 20) |
|
Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:1605-02: glibc: Moderate Advisory (Nov 20) |
|
Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1635-02: pacemaker: Low Advisory (Nov 20) |
|
Updated pacemaker packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:1591-02: openssh: Low Advisory (Nov 20) |
|
Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:1553-02: qemu-kvm: Important Advisory (Nov 20) |
|
Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2013:1569-02: wireshark: Moderate Advisory (Nov 20) |
|
Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More...]
|
|
Red Hat: 2013:1582-02: python: Moderate Advisory (Nov 20) |
|
Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1542-02: samba: Moderate Advisory (Nov 20) |
|
Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1543-02: samba4: Moderate Advisory (Nov 20) |
|
Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
|
|
Red Hat: 2013:1537-02: augeas: Low Advisory (Nov 20) |
|
Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
|
|
Red Hat: 2013:1536-02: libguestfs: Moderate Advisory (Nov 20) |
|
Updated libguestfs packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1525-01: openstack-glance: Moderate Advisory (Nov 18) |
|
Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1524-01: openstack-keystone: Moderate Advisory (Nov 18) |
|
Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1526-01: nagios: Moderate Advisory (Nov 18) |
|
Updated nagios packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1523-01: ruby193-ruby: Moderate Advisory (Nov 14) |
|
Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1521-01: python-django: Moderate Advisory (Nov 14) |
|
Updated python-django packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1522-01: Foreman: Moderate Advisory (Nov 14) |
|
Updated Foreman packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
Red Hat: 2013:1520-01: kernel: Moderate Advisory (Nov 14) |
|
Updated kernel packages that fix two security issues, one bug, and add two enhancements are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
|
|
|
|
(Nov 18) |
|
New mozilla-firefox packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Nov 18) |
|
New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Nov 18) |
|
New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
(Nov 18) |
|
New openssh packages are available for Slackware 14.1 and -current to fix a security issue. [More Info...]
|
|
|
|
Ubuntu: 2032-1: Thunderbird vulnerabilities (Nov 21) |
|
Several security issues were fixed in Thunderbird.
|
|
Ubuntu: 2031-1: Firefox vulnerabilities (Nov 20) |
|
Several security issues were fixed in Firefox.
|
|
Ubuntu: 2030-1: NSS vulnerabilities (Nov 18) |
|
Several security issues were fixed in NSS.
|
