AOH :: IS1892.HTM
Linux Advisory Watch - March 27th 2009
|
Linux Advisory Watch - March 27th 2009
Linux Advisory Watch - March 27th 2009
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| March 27th, 2009 Volume 10, Number 13 |
| |
| Editorial Team: Dave Wreski |
| Benjamin D. Thomas |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for systemtap, lcms, webcit,
xulrunner, libpng, libsoup, glib, ghostscript, java, argyllcms,
phpmyadmin, compiz-fusion, openjdk, postgresql, drupal, squid,
muttprint, ffmpeg, pam, evolution, drakconf, dhcp, and thunderbird.
The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat,
Ubuntu, and Pardus.
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond. But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?" The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.
http://www.linuxsecurity.com/content/view/145939
---
A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.
http://www.linuxsecurity.com/content/view/144088
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: New systemtap packages fix local privilege escalation (Mar 25)
----------------------------------------------------------------------
Erik Sjoelund discovered that a race condition in the stap tool
shipped by Systemtap, an instrumentation system for Linux 2.6, allows
local privilege escalation for members of the stapusr group.
http://www.linuxsecurity.com/content/view/148378
* Debian: New lcms packages fix regression (Mar 25)
-------------------------------------------------
Several security issues have been discovered in lcms, a color
management library.
http://www.linuxsecurity.com/content/view/148363
* Debian: New webcit packages fix potential remote code execution (Mar 23)
------------------------------------------------------------------------
Wilfried Goesgens discovered that WebCit, the web-based user
interface for the Citadel groupware system, contains a format string
vulnerability in the mini_calendar component, possibly allowing
arbitrary code execution (CVE-2009-0364).
http://www.linuxsecurity.com/content/view/148344
* Debian: New xulrunner packages fix several vulnerabilities (Mar 22)
-------------------------------------------------------------------
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser.
http://www.linuxsecurity.com/content/view/148336
* Debian: New libpng packages fix several vulnerabilities (Mar 22)
----------------------------------------------------------------
Several vulnerabilities have been discovered in libpng, a library for
reading and writing PNG files.
http://www.linuxsecurity.com/content/view/148335
* Debian: New Linux 2.6.26 packages fix several vulnerabilities (Mar 20)
----------------------------------------------------------------------
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation.
http://www.linuxsecurity.com/content/view/148326
* Debian: New libsoup packages fix arbitrary code execution (Mar 20)
------------------------------------------------------------------
It was discovered that libsoup, an HTTP library implementation in C,
handles large strings insecurely via its Base64 encoding functions.
This could possibly lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/148320
* Debian: New glib2.0 packages fix arbitrary code execution (Mar 20)
------------------------------------------------------------------
Diego Petten discovered that glib2.0, the GLib library of C routines,
handles large strings insecurely via its Base64 encoding functions.
This could possible lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/148319
* Debian: New ghostscript packages fix arbitrary code execution (Mar 20)
----------------------------------------------------------------------
Two security issues have been discovered in ghostscript, the GPL
Ghostscript PostScript/PDF interpreter.
http://www.linuxsecurity.com/content/view/148317
* Debian: New lcms packages fix arbitrary code execution (Mar 20)
---------------------------------------------------------------
Several security issues have been discovered in lcms, a color
management library.
http://www.linuxsecurity.com/content/view/148316
------------------------------------------------------------------------
* Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (Mar 25)
-----------------------------------------------------------------
lcms in OpenJDK upgraded to 1.18 fixing many related security issues.
http://www.linuxsecurity.com/content/view/148377
* Fedora 9 Update: argyllcms-1.0.3-3.fc9 (Mar 25)
-----------------------------------------------
Multiple integer overflows were found in the International Color
Consortium Format Library (icclib). An attacker could use this flaw
to potentially execute arbitrary code by requesting to translate a
specially- crafted image file created on one device into another's
device native color space via a device file.
http://www.linuxsecurity.com/content/view/148376
* Fedora 10 Update: argyllcms-1.0.3-3.fc10 (Mar 25)
-------------------------------------------------
Multiple integer overflows were found in the International Color
Consortium Format Library (icclib). An attacker could use this flaw
to potentially execute arbitrary code by requesting to translate a
specially- crafted image file created on one device into another's
device native color space via a device file.
http://www.linuxsecurity.com/content/view/148375
* Fedora 10 Update: phpMyAdmin-3.1.3.1-1.fc10 (Mar 25)
----------------------------------------------------
Improvements for 3.1.3.1: - [security] HTTP Response Splitting and
file inclusion vulnerabilities - [security] XSS vulnerability on
export page - [security] Insufficient output sanitizing when
generating configuration file
http://www.linuxsecurity.com/content/view/148374
* Fedora 9 Update: compiz-fusion-0.7.6-6.fc9 (Mar 25)
---------------------------------------------------
This update fixes a security issue in the expo plugin which allows
local users with physical access to drag the screen saver aside and
access the locked desktop by using Expo mouse shortcuts.
http://www.linuxsecurity.com/content/view/148373
* Fedora 9 Update: phpMyAdmin-3.1.3.1-1.fc9 (Mar 25)
--------------------------------------------------
Improvements for 3.1.3.1: - [security] HTTP Response Splitting and
file inclusion vulnerabilities - [security] XSS vulnerability on
export page - [security] Insufficient output sanitizing when
generating configuration file
http://www.linuxsecurity.com/content/view/148371
* Fedora 10 Update: compiz-fusion-0.7.8-4.fc10 (Mar 25)
-----------------------------------------------------
This update fixes a security issue in the expo plugin which allows
local users with physical access to drag the screen saver aside and
access the locked desktop by using Expo mouse shortcuts.
http://www.linuxsecurity.com/content/view/148372
* Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-11.b14.fc10 (Mar 24)
-----------------------------------------------------------------
Fixes important lcms security bug which gives unwarranted access to
malicious users.
http://www.linuxsecurity.com/content/view/148352
* Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.21.b09.fc9 (Mar 24)
-----------------------------------------------------------------
Fixes important lcms security bug which gives unwarranted access to
malicious users.
http://www.linuxsecurity.com/content/view/148353
* Fedora 10 Update: lcms-1.18-0.1.beta2.fc10 (Mar 23)
---------------------------------------------------
Some patches that was collected in the fedora package have just been
submitted upstream. Changes are hight that this update can be
superseeded by a beta3 or a stable release from upstream.
http://www.linuxsecurity.com/content/view/148343
* Fedora 10 Update: postgresql-8.3.7-1.fc10 (Mar 23)
--------------------------------------------------
Update to PostgreSQL 8.3.7, for various fixes described at
http://www.postgresql.org/docs/8.3/static/release-8-3-7.html
http://www.linuxsecurity.com/content/view/148342
* Fedora 9 Update: postgresql-8.3.7-1.fc9 (Mar 23)
------------------------------------------------
Update to PostgreSQL 8.3.7, for various fixes described at
http://www.postgresql.org/docs/8.3/static/release-8-3-7.html
http://www.linuxsecurity.com/content/view/148340
* Fedora 9 Update: lcms-1.18-0.1.beta2.fc9 (Mar 23)
-------------------------------------------------
Some patches that was collected in the fedora package have just been
submitted upstream. Changes are hight that this update can be
superseeded by a beta3 or a stable release from upstream.
http://www.linuxsecurity.com/content/view/148339
* Fedora 10 Update: ghostscript-8.63-5.fc10 (Mar 20)
--------------------------------------------------
Security update for integer overflows (CVE-2009-0583) and upper
bounds checks (CVE-2009-0584) in the ICC profile handling.
http://www.linuxsecurity.com/content/view/148331
* Fedora 9 Update: thunderbird-2.0.0.21-1.fc9 (Mar 20)
----------------------------------------------------
Several flaws were found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could
cause Thunderbird to crash or, potentially, execute arbitrary code as
the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352,
CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775)
Several flaws were found in the way malformed content was processed.
An HTML mail message containing specially-crafted content could
potentially trick a Thunderbird user into surrendering sensitive
information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript
support is disabled by default in Thunderbird. None of the above
issues are exploitable unless JavaScript is enabled.
http://www.linuxsecurity.com/content/view/148330
* Fedora 10 Update: thunderbird-2.0.0.21-1.fc10 (Mar 20)
------------------------------------------------------
Several flaws were found in the processing of malformed HTML mail
content. An HTML mail message containing malicious content could
cause Thunderbird to crash or, potentially, execute arbitrary code as
the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352,
CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775)
Several flaws were found in the way malformed content was processed.
An HTML mail message containing specially-crafted content could
potentially trick a Thunderbird user into surrendering sensitive
information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript
support is disabled by default in Thunderbird. None of the above
issues are exploitable unless JavaScript is enabled.
http://www.linuxsecurity.com/content/view/148328
* Fedora 9 Update: ghostscript-8.63-2.fc9 (Mar 20)
------------------------------------------------
Security update for integer overflows (CVE-2009-0583) and upper
bounds checks (CVE-2009-0584) in the ICC profile handling.
http://www.linuxsecurity.com/content/view/148329
* Fedora 10 Update: drupal-cck-6.x.2.2-1.fc10 (Mar 20)
----------------------------------------------------
Fixes DRUPAL-SA-CONTRIB-2009-013 - XSS issue.
http://www.linuxsecurity.com/content/view/148322
* Fedora 9 Update: drupal-cck-6.x.2.2-1.fc9 (Mar 20)
--------------------------------------------------
Fixes DRUPAL-SA-CONTRIB-2009-013 - XSS issue.
http://www.linuxsecurity.com/content/view/148323
------------------------------------------------------------------------
* Gentoo: Squid Multiple Denial of Service vulnerabilities (Mar 24)
-----------------------------------------------------------------
Multiple vulnerabilities have been found in Squid which allow for
remote Denial of Service attacks.
http://www.linuxsecurity.com/content/view/148357
* Gentoo: Ghostscript User-assisted execution of arbitrary (Mar 23)
-----------------------------------------------------------------
Multiple integer overflows in the Ghostscript ICC library might allow
for user-assisted execution of arbitrary code.
http://www.linuxsecurity.com/content/view/148351
* Gentoo: MLDonkey Information disclosure (Mar 23)
------------------------------------------------
A vulnerability in the MLDonkey web interface allows remote attackers
to disclose arbitrary files.
http://www.linuxsecurity.com/content/view/148350
* Gentoo: Muttprint Insecure temporary file usage (Mar 23)
--------------------------------------------------------
An insecure temporary file usage in Muttprint allows for symlink
attacks.
http://www.linuxsecurity.com/content/view/148349
* Gentoo: Amarok User-assisted execution of arbitrary code (Mar 20)
-----------------------------------------------------------------
Multiple vulnerabilities in Amarok might allow for user-assisted
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/148325
* Gentoo: FFmpeg Multiple vulnerabilities (Mar 19)
------------------------------------------------
Multiple vulnerabilities in FFmpeg may lead to the remote execution
of arbitrary code or a Denial of Service.
http://www.linuxsecurity.com/content/view/148315
------------------------------------------------------------------------
* Mandriva: [ MDVSA-2009:079 ] postgresql (Mar 23)
------------------------------------------------
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows
remote authenticated users to cause a denial of service (stack
consumption and crash) by triggering a failure in the conversion of a
localized error message to a client-specified encoding, as
demonstrated using mismatched encoding conversion requests
(CVE-2009-0922). This update provides a fix for this vulnerability.
http://www.linuxsecurity.com/content/view/148348
* Mandriva: [ MDVSA-2009:078 ] evolution-data-server (Mar 23)
-----------------------------------------------------------
A wrong handling of signed Secure/Multipurpose Internet Mail
Extensions (S/MIME) e-mail messages enables attackers to spoof its
signatures by modifying the latter copy (CVE-2009-0547). Crafted
authentication challange packets (NT Lan Manager type 2) sent by a
malicious remote mail server enables remote attackers either to cause
denial of service and to read information from the process memory of
the client (CVE-2009-0582). Multiple integer overflows in Base64
encoding functions enables attackers either to cause denial of
service and to execute arbitrary code (CVE-2009-0587). This update
provides fixes for those vulnerabilities.
http://www.linuxsecurity.com/content/view/148347
* Mandriva: [ MDVSA-2009:077 ] pam (Mar 21)
-----------------------------------------
A security vulnerability has been identified and fixed in pam:
Integer signedness error in the _pam_StrTok function in
libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
configuration file contains non-ASCII usernames, might allow remote
attackers to cause a denial of service, and might allow remote
authenticated users to obtain login access with a different user's
non-ASCII username, via a login attempt (CVE-2009-0887). The updated
packages have been patched to prevent this. Additionally some
development packages were missing that are required to build pam for
CS4, these are also provided with this update.
http://www.linuxsecurity.com/content/view/148334
* Mandriva: [ MDVA-2009:047 ] drakconf (Mar 21)
---------------------------------------------
This update prevents drakconf from crashing if the tool currently
embedded within drakconf segfaulted in some rare case (bug #48080).
http://www.linuxsecurity.com/content/view/148333
* Mandriva: [ MDVA-2009:046 ] pidgin (Mar 21)
-------------------------------------------
Protocol changes on the ICQ servers made pidgin incompatible. This
update upgrades pidgin to version 2.5.5 which will take care of this
problem.
http://www.linuxsecurity.com/content/view/148332
* Mandriva: [ MDVA-2009:045 ] dhcp (Mar 20)
-----------------------------------------
dhclient-script, in dhcp-client package as released with Mandriva
Linux 2009, would put the network interface down on some
circumstances, as part of it's workings. Coupled with a bug in the
kernel wireless stack, when done on wireless interfaces this could
cause the wireless association to be lost and never automatically
remade. This update fixes dhcp-client to use a better way instead of
putting the interface down, working around the wireless stack bug,
fixing many cases of the lost association problem.
http://www.linuxsecurity.com/content/view/148327
* Mandriva: [ MDVSA-2009:060-1 ] nfs-utils (Mar 19)
-------------------------------------------------
A security vulnerability has been identified and fixed in nfs-utils,
which caused TCP Wrappers to ignore netgroups and allows remote
attackers to bypass intended access restrictions (CVE-2008-4552). The
updated packages have been patched to prevent this.
http://www.linuxsecurity.com/content/view/148314
------------------------------------------------------------------------
* RedHat: Critical: java-1.6.0-ibm security update (Mar 25)
---------------------------------------------------------
Updated java-1.6.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 Extras and Red Hat
Enterprise Linux 5 Supplementary. This update has been rated as
having critical security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148370
* RedHat: Moderate: NetworkManager security update (Mar 25)
---------------------------------------------------------
Updated NetworkManager packages that fix a security issue are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148366
* RedHat: Moderate: NetworkManager security update (Mar 25)
---------------------------------------------------------
Updated NetworkManager packages that fix two security issues are now
available for Red Hat Enterprise Linux 5. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148367
* RedHat: Critical: acroread security update (Mar 25)
---------------------------------------------------
Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise
Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This
update has been rated as having critical security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148368
* RedHat: Moderate: thunderbird security update (Mar 24)
------------------------------------------------------
An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 4 and 5. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/148354
* RedHat: Moderate: glib2 security update (Mar 24)
------------------------------------------------
Updated glib2 packages that fix several security issues are now
available for Red Hat Enterprise Linux 5. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148355
* RedHat: Moderate: libvirt security update (Mar 19)
--------------------------------------------------
Updated libvirt packages that fix two security issues are now
available for Red Hat Enterprise Linux 5. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148312
* RedHat: Moderate: curl security update (Mar 19)
-----------------------------------------------
Updated curl packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148310
* RedHat: Moderate: ghostscript security update (Mar 19)
------------------------------------------------------
Updated ghostscript packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 3, 4, and 5. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/148311
* RedHat: Moderate: lcms security update (Mar 19)
-----------------------------------------------
Updated lcms packages that resolve several security issues are now
available for Red Hat Enterprise Linux 5. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/148309
------------------------------------------------------------------------
* Slackware: seamonkey (Mar 24)
-------------------------------
New seamonkey packages are available for Slackware 11.0, 12.0, 12.1,
12.2, and -current to fix security issues.
http://www.linuxsecurity.com/content/view/148358
* Slackware: mozilla-thunderbird (Mar 24)
-----------------------------------------
New mozilla-thunderbird packages are available for Slackware 10.2,
11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
http://www.linuxsecurity.com/content/view/148359
* Slackware: lcms (Mar 24)
--------------------------
New lcms packages are available for Slackware 10.0, 10.1, 10.2, 11.0,
12.0, 12.1, 12.2, and -current to fix security issues.
http://www.linuxsecurity.com/content/view/148360
------------------------------------------------------------------------
* Ubuntu: Ghostscript vulnerabilities (Mar 23)
---------------------------------------------
It was discovered that Ghostscript contained multiple integer
overflows in its ICC color management library. If a user or automated
system were tricked into opening a crafted Postscript file, an
attacker could cause a denial of service or execute arbitrary code
with privileges of the user invoking the program. (CVE-2009-0583) It
was discovered that Ghostscript did not properly perform bounds
checking in its ICC color management library. If a user or automated
system were tricked into opening a crafted Postscript file, an
attacker could cause a denial of service or execute arbitrary code
with privileges of the user invoking the program. (CVE-2009-0584)
http://www.linuxsecurity.com/content/view/148345
* Ubuntu: LittleCMS vulnerabilities (Mar 23)
-------------------------------------------
Chris Evans discovered that LittleCMS did not properly handle certain
error conditions, resulting in a large memory leak. If a user or
automated system were tricked into processing an image with malicious
ICC tags, a remote attacker could cause a denial of service.
(CVE-2009-0581) Chris Evans discovered that LittleCMS contained
multiple integer overflows. If a user or automated system were
tricked into processing an image with malicious ICC tags, a remote
attacker could crash applications linked against liblcms1, leading to
a denial of service, or possibly execute arbitrary code with user
privileges. (CVE-2009-0723) Chris Evans discovered that LittleCMS did
not properly perform bounds checking, leading to a buffer overflow.
If a user or automated system were tricked into processing an image
with malicious ICC tags, a remote attacker could execute arbitrary
code with user privileges. (CVE-2009-0733)
http://www.linuxsecurity.com/content/view/148346
* Ubuntu: JasPer vulnerabilities (Mar 19)
----------------------------------------
It was discovered that JasPer did not correctly handle memory
allocation when parsing certain malformed JPEG2000 images. If a user
were tricked into opening a specially crafted image with an
application that uses libjasper, an attacker could cause a denial of
service and possibly execute arbitrary code with the user's
privileges. (CVE-2008-3520) It was discovered that JasPer created
temporary files in an insecure way. Local users could exploit a race
condition and cause a denial of service in libjasper applications.
(CVE-2008-3521) It was discovered that JasPer did not correctly
handle certain formatting operations. If a user were tricked into
opening a specially crafted image with an application that uses
libjasper, an attacker could cause a denial of service and possibly
execute arbitrary code with the user's privileges. (CVE-2008-3522)
http://www.linuxsecurity.com/content/view/148313
------------------------------------------------------------------------
* Pardus: Thunderbird: Multiple (Mar 25)
--------------------------------------
Some vulnerabilities have been reported in Mozilla Thunderbird,
which can potentially be exploited by malicious people to compromise
a user's system.
http://www.linuxsecurity.com/content/view/148365
* Pardus: PostgreSQL: Denial of Service (Mar 25)
----------------------------------------------
A weakness and a security issue have been reported in PostgreSQL,
which can be exploited by malicious users to disclose potentially
sensitive information or cause a DoS (Denial of Service).
http://www.linuxsecurity.com/content/view/148364
* Pardus: Glib2: Integer Overflow (Mar 25)
----------------------------------------
Some vulnerabilities have been reported in GLib, which can
potentially be exploited by malicious people to compromise an
application using the library.
http://www.linuxsecurity.com/content/view/148362
* Pardus: Flashplugin: Multiple (Mar 25)
--------------------------------------
Some vulnerabilities have been reported in Adobe Flash Player, which
can be exploited by malicious, local users to disclose sensitive
information and potentially gain escalated privileges, and by
malicious people to bypass certain security restrictions, disclose
potentially sensitive information, and compromise a user's system.
http://www.linuxsecurity.com/content/view/148361
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_______________________________________________
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Site design & layout copyright © 1986- CodeGods