linux-advisory-watch July 2011 archive
Main Archive Page > Month Archives  > linux-advisory-watch archives
linux-advisory-watch: Linux Advisory Watch: July 29th, 2011

Linux Advisory Watch: July 29th, 2011

From: <vuln-newsletter-admins_at_nospam>
Date: Fri Jul 29 2011 - 20:00:14 GMT
To: vuln-newsletter@linuxsecurity.com

+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 29th, 2011 Volume 12, Number 31 |
| |
| Editorial Team: Dave Wreski <dwreski@linuxsecurity.com> |
| Benjamin D. Thomas <bthomas@linuxsecurity.com> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter. The
purpose of this document is to provide our readers with a quick summary of
each week's vendor security bulletins and pointers on methods to improve
the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
--------------------------------------------------------------------------------
Mark Sobell again delivers the answers to common Linux administration
challenges, and provides thorough and step-by-step instructions to
configuring many of the common Linux Internet services in A Practical
Guide to Fedora and Red Hat Enterprise Linux, Fifth Edition.

http://www.linuxsecurity.com/content/view/152325

------------------------------------------------------------------------

* Debian: 2288-1: libsndfile: integer overflow (Jul 28)
   -----------------------------------------------------
   Hossein Lotfi discovered an integer overflow in libsndfile's code to
   parse Paris Audio files, which could potentially lead to the
   execution of arbitrary code. [More...]

   http://www.linuxsecurity.com/content/view/155557

* Debian: 2287-1: libpng: Multiple vulnerabilities (Jul 28)
   ---------------------------------------------------------
   The PNG library libpng has been affected by several vulnerabilities.
   The most critical one is the identified as CVE-2011-2690. Using this
   vulnerability, an attacker is able to overwrite memory with an
   arbitrary amount of data controlled by her via a crafted PNG image.
   [More...]

   http://www.linuxsecurity.com/content/view/155551

* Debian: 2286-1: phpymadmin: Multiple vulnerabilities (Jul 26)
   -------------------------------------------------------------
   Several vulnerabilities were discovered in phpMyAdmin, a tool to
   administrate MySQL over the web. The Common Vulnerabilities and
   Exposures project identifies the following problems: [More...]

   http://www.linuxsecurity.com/content/view/155539

* Debian: 2285-1: mapserver: Multiple vulnerabilities (Jul 25)
   ------------------------------------------------------------
   Several vulnerabilities have been discovered in mapserver, a
   CGI-based web framework to publish spatial data and interactive
   mapping applications. The Common Vulnerabilities and Exposures
   project identifies the following problems: [More...]

   http://www.linuxsecurity.com/content/view/155530

* Debian: 2284-1: opensaml2: implementation error (Jul 25)
   --------------------------------------------------------
   Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco
   Kampmann and Joerg Schwenk discovered that Shibboleth, a federated
   web single sign-on system is vulnerable to XML signature wrapping
   attacks. More details can be found in the Shibboleth [More...]

   http://www.linuxsecurity.com/content/view/155527

* Debian: 2283-1: krb5-appl: programming error (Jul 25)
   -----------------------------------------------------
   Tim Zingelmann discovered that due an incorrect configure script the
   kerborised FTP server failed to set the effective GID correctly,
   resulting in privilege escalation. [More...]

   http://www.linuxsecurity.com/content/view/155522

* Debian: 2282-1: qemu-kvm: Multiple vulnerabilities (Jul 25)
   -----------------------------------------------------------
   Two vulnerabilities have been discovered in KVM, a solution for full
   virtualization on x86 hardware: CVE-2011-2212 [More...]

   http://www.linuxsecurity.com/content/view/155521

* Debian: 2281-1: opie: Multiple vulnerabilities (Jul 21)
   -------------------------------------------------------
   Sebastian Krahmer discovered that opie, a system that makes it simple
   to use One-Time passwords in applications, is prone to a privilege
   escalation (CVE-2011-2490) and an off-by-one error, which can lead to
   the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and
   [More...]

   http://www.linuxsecurity.com/content/view/155497

------------------------------------------------------------------------

* Mandriva: 2011:121: samba (Jul 27)
   ----------------------------------
   Multiple vulnerabilities has been discovered and corrected in samba:
   All current released versions of Samba are vulnerable to a cross-site
   request forgery in the Samba Web Administration Tool (SWAT). By
   tricking a user who is authenticated with SWAT into clicking a
   [More...]

   http://www.linuxsecurity.com/content/view/155543

* Mandriva: 2011:120: freetype2 (Jul 27)
   --------------------------------------
   A vulnerability was discovered and corrected in freetype2: Integer
   signedness error in psaux/t1decode.c in FreeType before 2.4.6, allows
   remote attackers to execute arbitrary code or cause a denial of
   service (memory corruption and application crash) via a crafted
   [More...]

   http://www.linuxsecurity.com/content/view/155542

* Mandriva: 2011:119: libsndfile (Jul 25)
   ---------------------------------------
   A vulnerability was discovered and corrected in libsndfile: An
   integer overflow flaw, leading to a heap-based buffer overflow, was
   found in the way the libsndfile library processed certain Ensoniq
   PARIS Audio Format (PAF) audio files. An attacker could [More...]

   http://www.linuxsecurity.com/content/view/155528

* Mandriva: 2011:118: wireshark (Jul 24)
   --------------------------------------
   This advisory updates wireshark to the latest version (1.2.18),
   fixing one security issue: The Lucent/Ascend file parser in Wireshark
   1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote
   attackers to cause a denial [More...]

   http://www.linuxsecurity.com/content/view/155520

* Mandriva: 2011:117: krb5-appl (Jul 22)
   --------------------------------------
   A vulnerability was discovered and corrected in krb5-appl: ftpd.c in
   the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka
   krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return
   value, which allows remote authenticated users to bypass [More...]

   http://www.linuxsecurity.com/content/view/155512

* Mandriva: 2011:116: curl (Jul 22)
   ---------------------------------
   A vulnerability was discovered and corrected in curl: The
   Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6
   through 7.21.6, as used in curl and other products, always performs
   credential delegation during GSSAPI authentication, which allows
   remote [More...]

   http://www.linuxsecurity.com/content/view/155511

------------------------------------------------------------------------

* Red Hat: 2011:1105-01: libpng: Moderate Advisory (Jul 28)
   ---------------------------------------------------------
   Updated libpng packages that fix multiple security issues are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155556

* Red Hat: 2011:1104-01: libpng: Moderate Advisory (Jul 28)
   ---------------------------------------------------------
   Updated libpng packages that fix two security issues are now
   available for Red Hat Enterprise Linux 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155555

* Red Hat: 2011:1103-01: libpng: Moderate Advisory (Jul 28)
   ---------------------------------------------------------
   Updated libpng and libpng10 packages that fix one security issue are
   now available for Red Hat Enterprise Linux 4. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155553

* Red Hat: 2011:1102-01: libsoup: Moderate Advisory (Jul 28)
   ----------------------------------------------------------
   Updated libsoup packages that fix one security issue are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155554

* Red Hat: 2011:1100-01: icedtea-web: Moderate Advisory (Jul 27)
   --------------------------------------------------------------
   Updated icedtea-web packages that fix two security issues are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155544

* Red Hat: 2011:1089-01: systemtap: Moderate Advisory (Jul 25)
   ------------------------------------------------------------
   Updated systemtap packages that fix one security issue are now
   available for Red Hat Enterprise Linux 5. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155532

* Red Hat: 2011:1088-01: systemtap: Moderate Advisory (Jul 25)
   ------------------------------------------------------------
   Updated systemtap packages that fix two security issues are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having moderate [More...]

   http://www.linuxsecurity.com/content/view/155531

* Red Hat: 2011:1087-01: java-1.5.0-ibm: Critical Advisory (Jul 22)
   -----------------------------------------------------------------
   Updated java-1.5.0-ibm packages that fix several security issues are
   now available for Red Hat Enterprise Linux 4 Extras, and Red Hat
   Enterprise Linux 5 and 6 Supplementary. [More...]

   http://www.linuxsecurity.com/content/view/155519

* Red Hat: 2011:1085-01: freetype: Important Advisory (Jul 21)
   ------------------------------------------------------------
   Updated freetype packages that fix one security issue are now
   available for Red Hat Enterprise Linux 6. The Red Hat Security
   Response Team has rated this update as having [More...]

   http://www.linuxsecurity.com/content/view/155509

* Red Hat: 2011:1073-01: bash: Low Advisory (Jul 21)
   --------------------------------------------------
   An updated bash package that fixes one security issue, several bugs,
   and adds one enhancement is now available for Red Hat Enterprise
   Linux 5. The Red Hat Security Response Team has rated this update as
   having low [More...]

   http://www.linuxsecurity.com/content/view/155506

* Red Hat: 2011:1005-01: sysstat: Low Advisory (Jul 21)
   -----------------------------------------------------
   An updated sysstat package that fixes one security issue, various
   bugs, and adds one enhancement is now available for Red Hat
   Enterprise Linux 5. The Red Hat Security Response Team has rated this
   update as having low [More...]

   http://www.linuxsecurity.com/content/view/155503

* Red Hat: 2011:1000-01: rgmanager: Low Advisory (Jul 21)
   -------------------------------------------------------
   An updated rgmanager package that fixes one security issue, several
   bugs, and adds multiple enhancements is now available for Red Hat
   Enterprise Linux 5. [More...]

   http://www.linuxsecurity.com/content/view/155500

* Red Hat: 2011:0975-01: sssd: Low Advisory (Jul 21)
   --------------------------------------------------
   Updated sssd packages that fix one security issue, several bugs, and
   add various enhancements are now available for Red Hat Enterprise
   Linux 5. The Red Hat Security Response Team has rated this update as
   having low [More...]

   http://www.linuxsecurity.com/content/view/155498

* Red Hat: 2011:0999-01: rsync: Moderate Advisory (Jul 21)
   --------------------------------------------------------
   An updated rsync package that fixes one security issue, several bugs,
   and adds enhancements is now available for Red Hat Enterprise Linux
   5. The Red Hat Security Response Team has rated this update as having
   moderate [More...]

   http://www.linuxsecurity.com/content/view/155499

------------------------------------------------------------------------

* SuSE: 2011-031: Linux kernel (Jul 25)
   -------------------------------------
   The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to
   2.6.32.43 and fixes various bugs and security issues. Following
   security issues were fixed: CVE-2011-2496: The normal mmap paths all
   avoid creating a mapping where the pgoff inside the mapping could
   wrap around due to [More...]

   http://www.linuxsecurity.com/content/view/155523

------------------------------------------------------------------------

* Ubuntu: 1181-1: libsoup2.4 vulnerability (Jul 28)
   -------------------------------------------------
   An attacker could send crafted URLs to a SoupServer application and
   obtainunintended access to files.

   http://www.linuxsecurity.com/content/view/155558

* Ubuntu: 1180-1: libvirt vulnerability (Jul 28)
   ----------------------------------------------
   An authenticated attacker could send crafted input to libvirt and
   cause itto crash.

   http://www.linuxsecurity.com/content/view/155552

* Ubuntu: 1179-1: ClamAV vulnerability (Jul 28)
   ---------------------------------------------
   An attacker could send crafted input to ClamAV and cause it tocrash.

   http://www.linuxsecurity.com/content/view/155546

* Ubuntu: 1177-1: QEMU vulnerability (Jul 27)
   -------------------------------------------
   QEMU could be made to run with adminstrator group privileges under
   certaincircumstances.

   http://www.linuxsecurity.com/content/view/155545

* Ubuntu: 1176-1: DBus vulnerability (Jul 26)
   -------------------------------------------
   DBus could be made to crash if it processed a specially crafted
   message.

   http://www.linuxsecurity.com/content/view/155540

* Ubuntu: 1175-1: libpng vulnerabilities (Jul 26)
   -----------------------------------------------
   Libpng could be made to run programs as your login if it opened
   aspecially crafted file.

   http://www.linuxsecurity.com/content/view/155538

* Ubuntu: 1174-1: libsndfile vulnerability (Jul 25)
   -------------------------------------------------
   An application using libsndfile could be made to crash or possibly
   runprograms as your login if it opened a specially crafted file.

   http://www.linuxsecurity.com/content/view/155533

* Ubuntu: 1173-1: FreeType vulnerability (Jul 25)
   -----------------------------------------------
   FreeType could be made to run programs as your login if it opened
   aspecially crafted font file.

   http://www.linuxsecurity.com/content/view/155529

* Ubuntu: 1172-1: logrotate vulnerabilities (Jul 21)
   --------------------------------------------------
   An attacker could cause logrotate to run programs, stop working, or
   readand write arbitrary files.

   http://www.linuxsecurity.com/content/view/155510
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------