[ISN] Linux Advisory Watch - February 9th 2009

From: InfoSec News <alerts_at_private>
Date: Tue, 10 Feb 2009 01:04:48 -0600 (CST)
+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| February 9th, 2009                               Volume 10, Number 7 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski_at_private> |
|                       Benjamin D. Thomas <bthomas_at_private> |
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week advisories were released for mozvoikko, gtkmozembedmm,
ruby-gnome, mugshot, yelp, cairo-dock, gnome-python2, galeon,
gnome-web-photo, devhelp, rss, google-gadgets, kazehakase, miro,
xulrunner, firefox, epiphany, chmsee, mozvoikko, miro, mugshot,
evolution, blam, galeon, firefox, gnumeric, java, libcdaudio, glibc,
at, openct, sudo, xdg-utils.  The distributors include Debian, Fedora,
Mandriva, Red Hat, Slackware.

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond.  But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?"  The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.

http://www.linuxsecurity.com/content/view/145939

---

A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.

http://www.linuxsecurity.com/content/view/144088

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.22 (Version 3.0, Release 22).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: New devil packages fix buffer overflow (Feb 5)
  ------------------------------------------------------
  Stefan Cornelius discovered a buffer overflow in devil, a
  cross-platform image loading and manipulation toolkit, which could be
  triggered via a crafted Radiance RGBE file. This could potentially
  lead to the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/147912

------------------------------------------------------------------------

* Fedora 9 Update: mozvoikko-0.9.5-6.fc9 (Feb 6)
  ----------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147949

* Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-25.fc9 (Feb 6)
  ---------------------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147950

* Fedora 9 Update: ruby-gnome2-0.17.0-5.fc9 (Feb 6)
  -------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147951

* Fedora 9 Update: mugshot-1.2.2-5.fc9 (Feb 6)
  --------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147952

* Fedora 9 Update: totem-2.23.2-10.fc9 (Feb 6)
  --------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147953

* Fedora 9 Update: yelp-2.22.1-8.fc9 (Feb 6)
  ------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147954

* Fedora 9 Update: cairo-dock-1.6.3.1-1.fc9.3 (Feb 6)
  ---------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147939

* Fedora 9 Update: gnome-python2-extras-2.19.1-23.fc9 (Feb 6)
  -----------------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147940

* Fedora 9 Update: blam-1.8.5-5.fc9.1 (Feb 6)
  -------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147941

* Fedora 9 Update: galeon-2.0.7-5.fc9 (Feb 6)
  -------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147942

* Fedora 9 Update: gnome-web-photo-0.3-17.fc9 (Feb 6)
  ---------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147943

* Fedora 9 Update: devhelp-0.19.1-8.fc9 (Feb 6)
  ---------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147944

* Fedora 9 Update: evolution-rss-0.1.0-6.fc9 (Feb 6)
  --------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147945

* Fedora 9 Update: google-gadgets-0.10.5-2.fc9 (Feb 6)
  ----------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147946

* Fedora 9 Update: kazehakase-0.5.6-1.fc9.3 (Feb 6)
  -------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147947

* Fedora 9 Update: Miro-1.2.7-4.fc9 (Feb 6)
  -----------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147948

* Fedora 10 Update: ruby-gnome2-0.18.1-3.fc10 (Feb 6)
  ---------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147932

* Fedora 10 Update: yelp-2.24.0-5.fc10 (Feb 6)
  --------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147933

* Fedora 9 Update: xulrunner-1.9.0.6-1.fc9 (Feb 6)
  ------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147934

* Fedora 9 Update: firefox-3.0.6-1.fc9 (Feb 6)
  --------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147935

* Fedora 9 Update: epiphany-extensions-2.22.1-7.fc9 (Feb 6)
  ---------------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147936

* Fedora 9 Update: epiphany-2.22.2-7.fc9 (Feb 6)
  ----------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147937

* Fedora 9 Update: chmsee-1.0.1-8.fc9 (Feb 6)
  -------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147938

* Fedora 10 Update: gnome-web-photo-0.3-14.fc10 (Feb 6)
  -----------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147926

* Fedora 10 Update: kazehakase-0.5.6-1.fc10.3 (Feb 6)
  ---------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147927

* Fedora 10 Update: mozvoikko-0.9.5-6.fc10 (Feb 6)
  ------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147928

* Fedora 10 Update: Miro-1.2.8-2.fc10 (Feb 6)
  -------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147929

* Fedora 10 Update: mugshot-1.2.2-5.fc10 (Feb 6)
  ----------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147931

* Fedora 10 Update: epiphany-extensions-2.24.0-4.fc10 (Feb 6)
  -----------------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147917

* Fedora 10 Update: devhelp-0.22-3.fc10 (Feb 6)
  ---------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147918

* Fedora 10 Update: epiphany-2.24.3-2.fc10 (Feb 6)
  ------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147919

* Fedora 10 Update: evolution-rss-0.1.2-4.fc10 (Feb 6)
  ----------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147920

* Fedora 10 Update: blam-1.8.5-6.fc10 (Feb 6)
  -------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147921

* Fedora 10 Update: galeon-2.0.7-5.fc10 (Feb 6)
  ---------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147922

* Fedora 10 Update: google-gadgets-0.10.5-2.fc10 (Feb 6)
  ------------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147923

* Fedora 10 Update: gnome-python2-extras-2.19.1-26.fc10 (Feb 6)
  -------------------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147924

* Fedora 10 Update: gecko-sharp2-0.13-4.fc10 (Feb 6)
  --------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147925

* Fedora 10 Update: xulrunner-1.9.0.6-1.fc10 (Feb 6)
  --------------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147915

* Fedora 10 Update: firefox-3.0.6-1.fc10 (Feb 6)
  ----------------------------------------------
  Update to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing
  multiple security issues.

  http://www.linuxsecurity.com/content/view/147916

* Fedora 9 Update: gnumeric-1.8.2-4.fc9 (Feb 4)
  ---------------------------------------------
  Resolves CVE-2009-5983

  http://www.linuxsecurity.com/content/view/147911

* Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-9.b14.fc10 (Feb 4)
  ---------------------------------------------------------------
  This fixes a default security policy, that allowed unsigned applets
  to access the gnome-java-bridge, allowing a privilege escalation
  (#474431).	There are also several bug fixes included in this
  update.

  http://www.linuxsecurity.com/content/view/147910

* Fedora 9 Update: libcdaudio-0.99.12p2-11.fc9 (Feb 4)
  ----------------------------------------------------
  This update fixes a potential buffer overflow caused by large amount
  of CDDB replies (CVE-2005-0706).

  http://www.linuxsecurity.com/content/view/147909

------------------------------------------------------------------------

* Mandriva: [ MDVA-2009:017 ] glibc (Feb 6)
  -----------------------------------------
  regexp.h header shipped with glibc 2.8, in Mandriva Linux 2009, had
  an error which caused the build of programs using the regexp compile
  function to fail. This update addresses the issue.

  http://www.linuxsecurity.com/content/view/147955

* Mandriva: [ MDVA-2009:016 ] at (Feb 2)
  --------------------------------------
  The 'at' command scheduler in Mandriva Linux 2009 failed to work at
  all for users other than root, due to a permission error. This update
  fixes the issue, making it possible for regular users to run at jobs.

  http://www.linuxsecurity.com/content/view/147892

* Mandriva: [ MDVA-2009:015 ] openct (Feb 2)
  ------------------------------------------
  This update fixes issue with a non-LSB initscript of openct, which
  could cause init to switch to non LSB compat mode, and result in a
  loop between resolvconf and network (bug #47299).

  http://www.linuxsecurity.com/content/view/147891

------------------------------------------------------------------------

* RedHat: Important: gstreamer-plugins security update (Feb 6)
  ------------------------------------------------------------
  Updated gstreamer-plugins packages that fix one security issue are
  now available for Red Hat Enterprise Linux 3. This update has been
  rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/147956

* RedHat: Important: gstreamer-plugins security update (Feb 6)
  ------------------------------------------------------------
  Updated gstreamer-plugins packages that fix one security issue are
  now available for Red Hat Enterprise Linux 4. This update has been
  rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/147957

* RedHat: Important: gstreamer-plugins-good security (Feb 6)
  ----------------------------------------------------------
  Updated gstreamer-plugins-good packages that fix several security
  issues are now available for Red Hat Enterprise Linux 5. This update
  has been rated as having important security impact by the Red Hat
  Security Response Team.

  http://www.linuxsecurity.com/content/view/147958

* RedHat: Moderate: sudo security update (Feb 5)
  ----------------------------------------------
  An updated sudo package to fix a security issue is now available for
  Red Hat Enterprise Linux 5. This update has been rated as having
  moderate security impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/147913

------------------------------------------------------------------------

* Slackware:   xdg-utils (Feb 2)
  ------------------------------
  New xdg-utils packages are available for Slackware 12.2 and -current
  to fix security issues.  Applications that use /etc/mailcap could be
  tricked into running an arbitrary script through xdg-open, and a
  separate flaw in xdg-open could allow the execution of arbitrary
  commands embedded in untrusted input provided to xdg-open.

  http://www.linuxsecurity.com/content/view/147893

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request_at_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_______________________________________________      
Best Selling Security Books &amp; More!
http://www.shopinfosecnews.org/
Received on Mon Feb 09 2009 - 23:04:48 PST

This archive was generated by hypermail 2.2.0 : Mon Feb 09 2009 - 23:13:02 PST