Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Peter Smith Releases Linux Network Security Online - Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online."

Securing a Linux Web Server - With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place.

  (Sep 18)
 

Security Report Summary
  (Sep 17)
 

Security Report Summary
  (Sep 17)
 

Security Report Summary
  (Sep 16)
 

Security Report Summary
  (Sep 16)
 

Security Report Summary
  (Sep 11)
 

Security Report Summary
  (Sep 11)
 

Security Report Summary
  Red Hat: 2014:1255-01: krb5: Moderate Advisory (Sep 17)
 

Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
  Red Hat: 2014:1246-01: nss and nspr: Moderate Advisory (Sep 16)
 

Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. [More...]
  Red Hat: 2014:1245-01: krb5: Moderate Advisory (Sep 16)
 

Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
  Red Hat: 2014:1244-01: bind97: Moderate Advisory (Sep 16)
 

Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
  Red Hat: 2014:1194-01: conga: Moderate Advisory (Sep 16)
 

Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
  Red Hat: 2014:1243-01: automake: Low Advisory (Sep 16)
 

An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security [More...]
  Red Hat: 2014:1193-01: axis: Important Advisory (Sep 15)
 

Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security [More...]
  Red Hat: 2014:1187-01: qemu-kvm-rhev: Moderate Advisory (Sep 15)
 

Updated qemu-kvm-rhev packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4 and 5 for Red Hat Enterprise Linux 6. [More...]
  Ubuntu: 2349-1: Libav vulnerabilities (Sep 17)
 

Libav could be made to crash or run programs as your login if it opened aspecially crafted file.
  Ubuntu: 2319-3: OpenJDK 7 update (Sep 16)
 

This update provides stability updates for OpenJDK 7.
  Ubuntu: 2348-1: APT vulnerabilities (Sep 16)
 

Several security issues were fixed in APT.
  Ubuntu: 2347-1: Django vulnerabilities (Sep 16)
 

Several security issues were fixed in Django.
  Ubuntu: 2346-1: curl vulnerabilities (Sep 15)
 

Several security issues were fixed in curl.
  Ubuntu: 2330-1: Thunderbird vulnerabilities (Sep 11)
 

Several security issues were fixed in Thunderbird.