LinuxSecurity.com

SuSE: 2010-032: Mozilla Firefox

30.07.2010 09:11 LinuxSecurity.com: Various security issues have been found in the Mozilla suite, and the various browsers have been updated to fix these issues. Mozilla Firefox was brought to the 3.5.11 security release. Mozilla Firefox on openSUSE 11.3 was brought to the 3.6.8 security release. Mozilla Thunderbird was brought to the 3.0.11 release on openSUSE

Debian: 2077-1: openldap: Multiple vulnerabilities

29.07.2010 17:08 LinuxSecurity.com: Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems:

Red Hat: 2010:0574-01: java-1.4.2-ibm: Critical Advisory

29.07.2010 16:13 LinuxSecurity.com: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

Mandriva: 2010:142: openldap

28.07.2010 17:18 LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in openldap: The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation

Red Hat: 2010:0567-01: lvm2-cluster: Moderate Advisory

28.07.2010 13:10 LinuxSecurity.com: An updated lvm2-cluster package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate

Debian: 2076-1: gnupg2: use-after-free

27.07.2010 18:05 LinuxSecurity.com: It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution.

Debian: 2075-1: xulrunner: Multiple vulnerabilities

27.07.2010 17:48 LinuxSecurity.com: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:

Mandriva: 2010:141: samba

27.07.2010 14:45 LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in samba: The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol

Mandriva: 2010:140: php

27.07.2010 13:03 LinuxSecurity.com: This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.3:

Red Hat: 2010:0565-01: w3m: Moderate Advisory

27.07.2010 11:58 LinuxSecurity.com: Updated w3m packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate

Mandriva: 2010:139: php

27.07.2010 11:15 LinuxSecurity.com: This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Security Enhancements and Fixes in PHP 5.2.14:

Ubuntu: 964-1: Likewise Open vulnerability

26.07.2010 19:53 LinuxSecurity.com: Matt Weatherford discovered that Likewise Open did not correctly checkpassword expiration for the local-provider account. A local attacker couldexploit this to log into a system they would otherwise not have access to.

Ubuntu: 957-2: Firefox and Xulrunner vulnerability

26.07.2010 15:12 LinuxSecurity.com: USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbertdiscovered that the fix for CVE-2010-1214 introduced a regression which didnot properly initialize a plugin pointer. If a user were tricked intoviewing a malicious site, a remote attacker could use this to crash thebrowser or run arbitrary code as the user invoking the program.

Ubuntu: 958-1: Thunderbird vulnerabilities

26.07.2010 14:57 LinuxSecurity.com: Several flaws were discovered in the browser engine of Thunderbird. If auser were tricked into viewing malicious content, a remote attacker coulduse this to crash Thunderbird or possibly run arbitrary code as the userinvoking the program.

Slackware: 2010-204-01: mozilla-firefox: Security Update

24.07.2010 16:29 LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 13.0, 13.1, and -current to fix a regression.