Debian: Critical Security And Software Updates October 2 2007
Oct 05, 2007
•
Anthony Pell
4 - 8 min read
Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.
In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.
LinuxSecurity.com Feature Extras:
Review: Ruby by Example - Learning a new language cannot be complete without a few 'real world' examples. 'Hello world!'s and fibonacci sequences are always nice as an introduction to certain aspects of programming, but soon or later you crave something meatier to chew on. 'Ruby by Example: Concepts and Code' by Kevin C. Baird provides a wealth of knowledge via general to specialized examples of the dynamic object oriented programming language, Ruby. Want to build an mp3 playlist processor? How about parse out secret codes from 'Moby Dick'? Read on!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian: New Linux 2.6.18 packages fix several vulnerabilities | ||
27th, September, 2007
Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. advisories/debian/debian-new-linux-2618-packages-fix-several-vulnerabilities-45410 |
||
| Debian: New Linux 2.6.18 packages fix several vulnerabilities | ||
28th, September, 2007
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. advisories/debian/debian-new-linux-2618-packages-fix-several-vulnerabilities-45410 |
||
| Debian: New id3lib3.8.3 packages fix denial of service | ||
2nd, October, 2007
Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks. advisories/debian/debian-new-id3lib383-packages-fix-denial-of-service-42421 |
||
| Debian: New openssl packages fix arbitrary code execution | ||
2nd, October, 2007
An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application. advisories/debian/debian-new-openssl-packages-fix-arbitrary-code-execution-75110 |
||
| Debian: New elinks packages fix information disclosure | ||
2nd, October, 2007
Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed. advisories/debian/debian-new-elinks-packages-fix-information-disclosure |
||
| Debian: New Linux 2.6.18 packages fix several vulnerabilities | ||
2nd, October, 2007
Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: advisories/debian/debian-new-linux-2618-packages-fix-several-vulnerabilities-45410 |
||
| Debian: New quagga packages fix denial of service | ||
3rd, October, 2007
It was discovered that BGP peers can trigger a NULL pointer dereference in the BGP daemon if debug logging is enabled, causing the BGP daemon to crash. advisories/debian/debian-new-quagga-packages-fix-denial-of-service |
||
| Gentoo: teTeX Multiple buffer overflows | ||
27th, September, 2007
Multiple vulnerabilities have been discovered in teTeX, allowing for user-assisted execution of arbitrary code. |
||
| Gentoo: Bugzilla Multiple vulnerabilities | ||
30th, September, 2007
Bugzilla contains several vulnerabilities, some of them possibly leading to the remote execution of arbitrary code. |
||
| Mandriva: Updated t1lib packages fix vulnerability | ||
27th, September, 2007
A buffer overflow vulnerability was discovered in t1lib due to improper bounds checking. An attacker could send specially crafted input to an application linked against t1lib which could lead to a denial of service or the execution of arbitrary code. Updated packages have been patched to prevent this issue. |
||
| Mandriva: Updated kdebase packages fix KDM vulnerability | ||
27th, September, 2007
A vulnerability was discovered in KDM by Kees Huijgen where under certain circumstances and in particular configurations, KDM could be tricked into allowing users to login without a password. Updated packages have been patched to prevent this issue. |
||
| Mandriva: Updated libsndfile packages fix vulnerability | ||
1st, October, 2007
A heap-based buffer overflow in libsndfile could allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data which contains a block with a size exceeding that of the previous block. Updated packages have been patched to prevent this issue. |
||
| Mandriva: Updated mplayer packages fix vulnerability | ||
1st, October, 2007
A heap-based buffer overflow was found in MPlayer's AVI handling that could allow a remote attacker to cause a denial of service or possibly execute arbitrary code via a crafted .avi file. Updated packages have been patched to prevent this issue. |
||
| RedHat: Important: kernel security update | ||
27th, September, 2007
Updated kernel packages that fix a security issue in the Red Hat Enterprise Linux 5 kernel are now available. A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted local user could exploit this flaw to run code in the kernel (ie a root privilege escalation). advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
| RedHat: Important: kernel security update | ||
27th, September, 2007
Updated kernel packages that fix a security issue in the Red Hat Enterprise Linux 4 kernel are now available. A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted local user could exploit this flaw to run code in the kernel (ie a root privilege escalation). advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
| RedHat: Important: kernel security update | ||
27th, September, 2007
Updated kernel packages that fix a security issue in the Red Hat Enterprise Linux 3 kernel are now available.A flaw was found in ia32 emulation affecting users running 64-bit versions of Red Hat Enterprise Linux on x86_64 architectures. A local user could use this flaw to gain elevated privileges. advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
| RedHat: Important: xen security update | ||
2nd, October, 2007
An updated Xen package to fix multiple security issues is now available for Red Hat Enterprise Linux 5. Joris van Rantwijk found a flaw in the Pygrub utility which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain. advisories/red-hat/redhat-important-xen-security-update-RHSA-2007-0323-01 |
||
| RedHat: Important: nfs-utils-lib security update | ||
2nd, October, 2007
An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-nfs-utils-lib-security-update-56402 |
||
| RedHat: Moderate: elinks security update | ||
3rd, October, 2007
An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-elinks-security-update-RHSA-2007-0933-01 |
||
| Slackware: pidgin | ||
3rd, October, 2007
A new pidgin package is available for Slackware 12.0 to fix a minor fix security issue. More details about this issue may be found here: |
||
| Ubuntu: libmodplug vulnerability | ||
27th, September, 2007
Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user. advisories/ubuntu/ubuntu-libmodplug-vulnerability |
||
| Ubuntu: OpenSSL vulnerabilities | ||
28th, September, 2007
It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. advisories/ubuntu/ubuntu-openssl-vulnerabilities-29155 |
||
| Ubuntu: ImageMagick vulnerabilities | ||
3rd, October, 2007
Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges. advisories/ubuntu/ubuntu-imagemagick-vulnerabilities-95420 |
||
PREVIOUS
NEXT
