This week, advisories were released for samba, wireshark, mysql, ruby, libopenssl, selinux, chmsee, firefox, liferea, epiphany, gnome, oepnvrml, samba, cacti, cairo, pcre, kernel, seamonkey, java, and link-grammar. The distributors include Debian, Fedora, Red Hat, and Ubuntu.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
|
EnGarde Secure Community v3.0.17 Now Available (Oct 9) |
|
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.17 (Version 3.0, Release 17). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
|
|
|
|
Debian: New samba packages fix several vulnerabilities (Nov 29) |
|
Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. advisories/debian/debian-new-samba-packages-fix-several-vulnerabilities
|
|
Debian: New wireshark packages fix several vulnerabilities (Nov 27) |
|
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. Stefan Esser discovered a buffer overflow in the SSL dissector. "Fabiodds" discovered a buffer overflow in the iSeries trace dissector. advisories/debian/debian-new-wireshark-packages-fix-several-vulnerabilities-47186
|
|
Debian: New mysql packages fix multiple vulnerabilities (Nov 26) |
|
Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes. The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40 allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. advisories/debian/debian-new-mysql-packages-fix-multiple-vulnerabilities
|
|
Debian: New samba packages fix several vulnerabilities (Nov 26) |
|
Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. advisories/debian/debian-new-samba-packages-fix-several-vulnerabilities
|
|
Debian: New ruby1.9 packages fix insecure SSL certificate (Nov 25) |
|
It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. advisories/debian/debian-new-ruby19-packages-fix-insecure-ssl-certificate
|
|
Debian: New libopenssl-ruby packages fix insecure SSL (Nov 25) |
|
It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. advisories/debian/debian-new-libopenssl-ruby-packages-fix-insecure-ssl
|
|
Debian: New ruby1.8 packages fix insecure SSL certificate (Nov 25) |
|
Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. advisories/debian/debian-new-ruby18-packages-fix-insecure-ssl-certificate
|
|
Debian: New samba packages fix several vulnerabilities (Nov 22) |
|
Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. advisories/debian/debian-new-samba-packages-fix-several-vulnerabilities
|
|
|
|
Fedora 8 Update: selinux-policy 3.0.8-58.fc8 (Nov 28) |
|
Some of the updates are, Allow nmbd to list inotifyfs_t, Dontaudit consolekit access to user homedir, dontaudit nscd getserv and shmemserv, Allow rsync_t dac overrides, Allow xfs_t to listen to sockets, Allow lvm to search mnt, Add booleans for xguest account. advisories/fedora/fedora-8-update-selinux-policy-308-58fc8-20-50-00-131706
|
|
Fedora 7 Update: chmsee-1.0.0-1.27.fc7 (Nov 28) |
|
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) advisories/fedora/fedora-7-update-chmsee-100-127fc7-20-46-00-131659
|
|
Fedora 7 Update: firefox-2.0.0.10-1.fc7 (Nov 28) |
|
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) advisories/fedora/fedora-7-update-firefox-20010-1fc7-20-46-00-131660
|
|
Fedora 7 Update: liferea-1.4.8-2.fc7 (Nov 28) |
|
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) advisories/fedora/fedora-7-update-liferea-148-2fc7-20-46-00-131661
|
|
Fedora 7 Update: epiphany extensions-2.18.3-6 (Nov 28) |
|
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) advisories/fedora/fedora-7-update-epiphany-extensions-2183-6-20-46-00-131662
|
|
Fedora 7 Update: gnome python2-extras 2.14.3-7.fc7 (Nov 28) |
|
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) advisories/fedora/fedora-7-update-gnome-python2-extras-2143-7fc7-20-46-00-131663
|
|
Fedora 7 Update: ruby-gnome 2-0.16.0-17.fc7 (Nov 28) |
|
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) advisories/fedora/fedora-7-update-ruby-gnome-2-0160-17fc7-20-46-00-131664
|
|
Fedora 7 Update: openvrml-0.16.7-2.fc7 (Nov 28) |
|
Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) advisories/fedora/fedora-7-update-openvrml-0167-2fc7-20-45-00-131658
|
|
|
|
Mandriva: Updated samba packages fix vulnerabilities (Nov 23) |
|
The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service (CVE-2007-4572).
|
|
Mandriva: Updated cacti packages fix SQL injection (Nov 22) |
|
An SQL injection vulnerability in cacti may allow remote attackers to execute arbitrary SQL commands. The updated packages have been patched to correct this issue.
|
|
|
|
RedHat: Important: cairo security update (Nov 29) |
|
Updated Cairo packages that resolve a security issue are now available for Red Hat Enterprise Linux 5. An integer overflow flaw was found in the way Cairo processes PNG images. If an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-cairo-security-update-RHSA-2007-1078-02
|
|
RedHat: Important: pcre security update (Nov 29) |
|
Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-pcre-security-update-7354
|
|
RedHat: Important: pcre security update (Nov 29) |
|
Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-pcre-security-update-7354
|
|
RedHat: Moderate: pcre security update (Nov 29) |
|
Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 2.1. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-pcre-security-update-RHSA-2007-1065-01
|
|
RedHat: Important: pcre security update (Nov 29) |
|
Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-pcre-security-update-7354
|
|
RedHat: Important: kernel security update (Nov 29) |
|
Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756
|
|
RedHat: Critical: firefox security update (Nov 26) |
|
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox advisories/red-hat/redhat-critical-firefox-security-update-38591
|
|
RedHat: Critical: seamonkey security update (Nov 26) |
|
Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. advisories/red-hat/redhat-critical-seamonkey-security-update-3241
|
|
RedHat: Important: java-1.5.0-ibm security update (Nov 26) |
|
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. advisories/red-hat/redhat-important-java-150-ibm-security-update-RHSA-2007-1041-01
|
|
RedHat: Moderate: conga security, bug fix, (Nov 22) |
|
Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-conga-security-bug-fix-2972
|
|
|
|
Ubuntu: PCRE vulnerabilities (Nov 26) |
|
Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges. advisories/ubuntu/ubuntu-pcre-vulnerabilities
|
|
Ubuntu: Firefox vulnerabilities (Nov 26) |
|
It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. (CVE-2007-5947) advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643
|
|
Ubuntu: link-grammar vulnerability (Nov 26) |
|
Alin Rad Pop discovered that AbiWord's Link Grammar parser did not correctly handle overly-long words. If a user were tricked into opening a specially crafted document, AbiWord, or other applications using Link Grammar, could be made to crash. advisories/ubuntu/ubuntu-link-grammar-vulnerability
|
Nov 30, 2007
•
Anthony Pell
PREVIOUS
NEXT
