Security Hero Rotating Header Image

Linux

ffmpeg

[ MDVSA-2009:297-1 ] ffmpeg

Posted by security on Dec 05

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:297-1

http://www.mandriva.com/security/

_______________________________________________________________________

Package : ffmpeg

Date : December 5, 2009

Affected: 2008.0

_______________________________________________________________________

Problem Description:

Vulnerabilities have been…

URL: http://seclists.org/fulldisclosure/2009/Dec/133

/proc filesystem allows bypassing directory permissions on Linux

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on Linux

Re: /proc filesystem allows bypassing directory permissions on Linux

URL: http://www.securityfocus.com/archive/1/507473

2910 (kernel)

CVE-2009-2910 (kernel)

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2910

1 kernel

rPSA-2009-0111-1 kernel

Posted by rPath Update Announcements on Jul 24

rPath Security Advisory: 2009-0111-1

Published: 2009-07-24

Products:

    rPath Appliance Platform Linux Service 1

    rPath Appliance Platform Linux Service 2

    rPath Linux 2

Rating: Severe

Exposure Level Classification:

URL: http://seclists.org/fulldisclosure/2009/Jul/0381.html

Linux Kernel ‘tun_chr_pool()’ NULL Pointer Dereference Vulnerability

Vuln: Linux Kernel ‘tun_chr_pool()’ NULL Pointer Dereference Vulnerability

Linux Kernel ‘tun_chr_pool()’ NULL Pointer Dereference Vulnerability

URL: http://www.securityfocus.com/bid/35724

server

rPSA-2009-0091-1 cyrus-sasl cyrus-sasl-server

Posted by rPath Update Announcements on May 27

rPath Security Advisory: 2009-0091-1
Published: 2009-05-27
Products:
    rPath Appliance Platform Linux Service 1
    rPath Appliance Platform Linux Service 2
    rPath Linux 1
    rPath Linux 2

Rating:…

URL: http://seclists.org/fulldisclosure/2009/May/0250.html

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Wed, 27 May 2009 20:19:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9Oew-0006Yj-QS for email@address; Wed, 27 May 2009 20:19:30 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 9BD6F236FF8; Wed, 27 May 2009 13:16:26 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 5683 invoked from network); 27 May 2009 18:37:25 -0000 arbitrary code Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-qKcs3BrUY+SMIGtTngxH" Message-Id: <1243449441.4200.1.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.26.2 X-IMAPbase: 1176125385 9205 Status: O X-UID: 9205 Content-Length: 3703 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

Posted by Alex Legler on May 27

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-09
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0238.html

Microsoft Removes Windows 7’s “Crippleware” 3 App Limit

Microsoft Removes Windows 7’s “Crippleware” 3 App Limit

A reversal seemed highly likely from the moment Microsoft announced a 3 application limit in the Windows 7 Starter Edition OS planned for netbooks. You could practically hear the industry utter a collective boo even before the electronic ink was dry on that Microsoft decision. Credit Paul Thurrott who got the goods about Microsoft removing the app limit.

The 3 app limit (max of 3 applications running concurrently) was Microsoft’s way of stopping users from taking W7 Starter Edition and running it on more powerful hardware, figuring netbook users could get by with just running 3 apps concurrently. It may even be questionable whether most netbooks can run much more than 3 apps anyway. (I’m still not convinced networks will be much more than a very small niche part the market, but then again, that’s for a different blog post. ) But the last thing Microsoft needs to do is help out full featured netbook contender Linux, by imposing seemingly capricious limitations like the 3 app limit.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31471

The Neverending ‘Year of Linux on the Desktop’ Debate

The Neverending ‘Year of Linux on the Desktop’ Debate

Now that Memorial Day has come and gone, summer is unofficially here. What better way to celebrate than with another rousing “Year of Linux on the desktop” debate?! Sure enough — it may be an oldie, but it’s clearly a goodie, and in recent days, bloggers far and wide have been ready and willing to entertain the question again.

In fact, two such topics have dominated the Linux blogs lately, and they’re inherently related. First came the well-worn question of whether Linux needs marketing, a topic that was kicked off when Danijel Orsolic noted that “Linux is not an OS.”

“Good luck with that,” quipped tuxchick on LXer, leading to more than 100 lively comments.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31462

Router platform runs OpenWRT Linux

Router platform runs OpenWRT Linux

Ubicom is shipping a OpenWRT Linux-based router platform and reference design using the company’s new Ubicom IP7100 Router Gateway Evaluation board. The Ubicom board incorporates its StreamEngine IP7100 series network RISC processor, and includes a gigabit WAN port and four gigabit LAN ports, says the company.

Ubicom specializes in Linux-ready multithreaded networking and media processors for the home and small business (SMB) markets. In March, it released a networked audio player reference design using the StreamEngine IP7500 variant of its IP7000 platform (see block diagram below). Whereas the IP7500 was optimized for lossless audio transmission and playback, the IP7100 version incorporated in the IP7100 Router Gateway focuses on networking throughput. The router platform is designed for OEMs and ODMs who want to rapidly develop router products for consumer, SOHO, and SMB markets, says the company.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31459

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:03:17 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8cdx-0000Fq-BQ for email@address; Mon, 25 May 2009 17:03:17 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 73F8314425B; Mon, 25 May 2009 08:14:36 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 18052 invoked from network); 24 May 2009 13:02:26 -0000 Message-ID: <4A194608.5000400@gentoo.org> User-Agent: Thunderbird 2.0.0.19 (X11/20090120) MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="————enig7908179A37B0D63E2981DCF1" X-IMAPbase: 1176125385 9175 Status: O X-UID: 9175 Content-Length: 3730 X-Keywords:

Denial of Service

[ GLSA 200905-06 ] acpid: Denial of Service

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 15:50:18 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8bVK-0007Df-8n for email@address; Mon, 25 May 2009 15:50:18 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 99216144261; Mon, 25 May 2009 08:16:33 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 30424 invoked from network); 24 May 2009 18:38:56 -0000 Message-ID: <4A1994E7.60408@gentoo.org> User-Agent: Thunderbird 2.0.0.19 (X11/20090120) MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="————enig0F972E1456786BD6EE2BB2C9" X-IMAPbase: 1176125385 9173 Status: O X-UID: 9173 Content-Length: 3328 X-Keywords:

Denial of Service

[ GLSA 200905-06 ] acpid: Denial of Service

Posted by Pierre-Yves Rofes on May 24

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-06
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0201.html

Multiple vulnerabilities

[ GLSA 200905-05 ] FreeType: Multiple vulnerabilities

Posted by Alex Legler on May 24

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-05
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0200.html