AOH :: ISNQ5276.HTM

Linux Advisory Watch - August 7th 2009




Linux Advisory Watch - August 7th 2009
Linux Advisory Watch - August 7th 2009



+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| August 7th, 2009                                Volume 10, Number 32 |
|                                                                      |
| Editorial Team: Dave Wreski  | 
| Benjamin D. Thomas  | 
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for gst-plugins-bad, libmodplug,
xml-security-c, znc, xulrunner, firefox, blam, epiphany, pcmanx,
mugshot, mzvoikko, miro, gnome-web-photo, kazehakase, google-gadgets,
gecko-sharp, evolution-rss, galeon, perl, yelp, ruby-gnome, kernel,
seahorse, hulahop, miro, chmsee, blam, irssi, django, drupal, openexr,
bind, wireshark, ruby, phpmyadmin, nagios, firebird, bacula, rpm,
flash-plugin, nspr, and fetchmail.  The distributors include Debian,
Fedora, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu.

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 

---

Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond.  But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?"  The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.

http://www.linuxsecurity.com/content/view/145939 

---

A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.

http://www.linuxsecurity.com/content/view/144088 

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- 

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.22 (Version 3.0, Release 22).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

http://www.linuxsecurity.com/content/view/145668 

------------------------------------------------------------------------

* Debian: New gst-plugins-bad0.10 packages fix arbitrary code execution (Aug 6)
  -----------------------------------------------------------------------------


http://www.linuxsecurity.com/content/view/149663 

* Debian: New libmodplug packages fix arbitrary code execution (Aug 4)
  --------------------------------------------------------------------


http://www.linuxsecurity.com/content/view/149607 

* Debian: New xml-security-c packages fix signature forgery (Aug 2)
  -----------------------------------------------------------------


http://www.linuxsecurity.com/content/view/149592 

* Debian: New znc packages fix remote code execution (Aug 2)
  ----------------------------------------------------------


http://www.linuxsecurity.com/content/view/149591 

* Debian: New apache/apache2-mpm-itk fix regression (Jul 30)
  ----------------------------------------------------------


http://www.linuxsecurity.com/content/view/149562 

------------------------------------------------------------------------

* Fedora 10 Update: xulrunner-1.9.0.13-1.fc10 (Aug 4)
  ---------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149651 

* Fedora 10 Update: firefox-3.0.13-1.fc10 (Aug 4)
  -----------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149652 

* Fedora 10 Update: blam-1.8.5-13.fc10 (Aug 4)
  --------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149649 

* Fedora 10 Update: epiphany-2.24.3-9.fc10 (Aug 4)
  ------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149650 

* Fedora 10 Update: pcmanx-gtk2-0.3.8-12.fc10 (Aug 4)
  ---------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149638 

* Fedora 10 Update: mugshot-1.2.2-12.fc10 (Aug 4)
  -----------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149639 

* Fedora 10 Update: mozvoikko-0.9.5-13.fc10 (Aug 4)
  -------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149640 

* Fedora 10 Update: Miro-2.0.5-3.fc10 (Aug 4)
  -------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149641 

* Fedora 10 Update: gnome-web-photo-0.3-21.fc10 (Aug 4)
  -----------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149642 

* Fedora 10 Update: kazehakase-0.5.6-4.fc10.5 (Aug 4)
  ---------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149643 

* Fedora 10 Update: gnome-python2-extras-2.19.1-33.fc10 (Aug 4)
  -------------------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149644 

* Fedora 10 Update: google-gadgets-0.10.5-9.fc10 (Aug 4)
  ------------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149645 

* Fedora 10 Update: gecko-sharp2-0.13-11.fc10 (Aug 4)
  ---------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149646 

* Fedora 10 Update: evolution-rss-0.1.2-9.fc10 (Aug 4)
  ----------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149647 

* Fedora 10 Update: galeon-2.0.7-13.fc10 (Aug 4)
  ----------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149648 

* Fedora 10 Update: perl-Gtk2-MozEmbed-0.08-6.fc10.4 (Aug 4)
  ----------------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149635 

* Fedora 10 Update: yelp-2.24.0-12.fc10 (Aug 4)
  ---------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149636 

* Fedora 10 Update: ruby-gnome2-0.19.1-1.fc10.1 (Aug 4)
  -----------------------------------------------------
  Update to new upstream Firefox version 3.0.13, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox30.html#firefox3.0.13	  Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.	  Note: Issues described in MFSA 2009-42 and
  MFSA 2009-43 were previously addressed via rebase of the NSS
  packages.

http://www.linuxsecurity.com/content/view/149637 

* Fedora 11 Update: kernel-2.6.29.6-217.2.3.fc11 (Aug 4)
  ------------------------------------------------------
  Fix security bugs:  CVE-2009-1895  CVE-2009-2406  CVE-2009-2407
  Add -fno- delete-null-pointer-checks gcc compile flag to protect
  against issues similar to CVE-2009-1897.    Fix virtio_blk driver bug
  (reported against Fedora 10.) iwl3945 wireless driver rfkill fixes.
   Fix DPMS on some nVidia adapters when using the nouveau driver.

http://www.linuxsecurity.com/content/view/149634 

* Fedora 11 Update: mozvoikko-0.9.7-0.6.rc1.fc11 (Aug 4)
  ------------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149630 

* Fedora 11 Update: seahorse-plugins-2.26.2-4.fc11 (Aug 4)
  --------------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149631 

* Fedora 11 Update: yelp-2.26.0-6.fc11 (Aug 4)
  --------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149632 

* Fedora 11 Update: perl-Gtk2-MozEmbed-0.08-6.fc11.4 (Aug 4)
  ----------------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149633 

* Fedora 11 Update: epiphany-extensions-2.26.1-5.fc11 (Aug 4)
  -----------------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149620 

* Fedora 11 Update: epiphany-2.26.3-3.fc11 (Aug 4)
  ------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149621 

* Fedora 11 Update: gnome-python2-extras-2.25.3-6.fc11 (Aug 4)
  ------------------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149622 

* Fedora 11 Update: galeon-2.0.7-13.fc11 (Aug 4)
  ----------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149623 

* Fedora 11 Update: google-gadgets-0.11.0-3.fc11 (Aug 4)
  ------------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149624 

* Fedora 11 Update: gnome-web-photo-0.7-5.fc11 (Aug 4)
  ----------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149625 

* Fedora 11 Update: (Aug 4)
  -------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149626 

* Fedora 11 Update: hulahop-0.4.9-7.fc11 (Aug 4)
  ----------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149627 

* Fedora 11 Update: Miro-2.0.5-3.fc11 (Aug 4)
  -------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149628 

* Fedora 11 Update: ruby-gnome2-0.19.1-1.fc11.1 (Aug 4)
  -----------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149629 

* Fedora 11 Update: xulrunner-1.9.1.2-1.fc11 (Aug 4)
  --------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149615 

* Fedora 11 Update: firefox-3.5.2-2.fc11 (Aug 4)
  ----------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149616 

* Fedora 11 Update: chmsee-1.0.1-10.fc11 (Aug 4)
  ----------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149617 

* Fedora 11 Update: blam-1.8.5-13.fc11 (Aug 4)
  --------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149618 

* Fedora 11 Update: evolution-rss-0.1.2-12.fc11 (Aug 4)
  -----------------------------------------------------
  Update to new upstream Firefox version 3.5.2, fixing multiple
  security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known- 
  vulnerabilities/firefox35.html#firefox3.5.2	 Update also includes
  all packages depending on gecko-libs rebuilt against new version of
  Firefox / XULRunner.

http://www.linuxsecurity.com/content/view/149619 

* Fedora 10 Update: kernel-2.6.27.29-170.2.78.fc10 (Aug 4)
  --------------------------------------------------------
  Update to linux kernel 2.6.27.29:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.26 
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.27 
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.28 
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.29 
  Fixes security bugs:	CVE-2009-1895  CVE-2009-2406  CVE-2009-2407
  Adds -fno-delete- null-pointer-checks gcc compile flag to protect
  against issues similar to CVE-2009-1897.

http://www.linuxsecurity.com/content/view/149614 

* Fedora 11 Update: irssi-0.8.13-3.fc11 (Aug 3)
  ---------------------------------------------


http://www.linuxsecurity.com/content/view/149605 

* Fedora 11 Update: Django-1.0.3-6.fc11 (Aug 3)
  ---------------------------------------------
For: http://www.djangoproject.com/weblog/2009/jul/28/security/ 

http://www.linuxsecurity.com/content/view/149604 

* Fedora 10 Update: Django-1.0.3-6.fc10 (Aug 3)
  ---------------------------------------------
For: http://www.djangoproject.com/weblog/2009/jul/28/security/ 

http://www.linuxsecurity.com/content/view/149603 

* Fedora 11 Update: drupal-date-6.x.2.3-0.fc11 (Jul 31)
  -----------------------------------------------------
  * Advisory ID: DRUPAL-SA-CONTRIB-2009-046   * Project: Date
  (third-party module)	 * Version: 6.x   * Date: 2009-July-29	 *
  Security risk: Moderately critical   * Exploitable from: Remote   *
  Vulnerability: Cross Site Scripting -------- DESCRIPTION
  --------------------------------------------------------- The Date
  module provides a date CCK field that can be added to any content
  type. The Date Tools module that is bundled with Date module does not
   properly escape user input when displaying labels for fields on a
  content  type. A malicious user with the 'use date tools' permission
  of the Date Tools  sub- module, or the 'administer content types'
  permission could attempt a  cross site scripting [1] (XSS) attack
  when creating a new content type,  leading to the user gaining full
  administrative access.  -------- VERSIONS AFFECTED
  ---------------------------------------------------	  * Date for
  Drupal 6.x prior to 6.x-2.3	 Drupal core is not affected. If you do
  not use the contributed Date module,	there is nothing you need to
  do.  -------- SOLUTION
  ------------------------------------------------------------
  Upgrade to the latest version:   * If you use Date for Drupal 6.x
  upgrade to Date 6.x-2.3 [2] Note that the 'use date tools' permission
  has been renamed as 'administer  date tools' to clarify that this is
  an administrative permission (it allows  the creation of new content
  types via a wizard form). You will need to  re-assign this permission
  to any roles that were using it. See also the Date  project page [3].
   -------- REPORTED BY
  ---------------------------------------------------------    Stella
  Power [4] of the Drupal Security Team  -------- FIXED BY
  ------------------------------------------------------------
  Stella Power [5] and Karen Stevenson [6], the project maintainer.
  -------- CONTACT
  -------------------------------------------------------------    The
  security contact for Drupal can be reached at security at drupal.org
or via the form at http://drupal.org/contact. [1] 
http://en.wikipedia.org/wiki/Cross- site_scripting [2] 
http://drupal.org/node/534332 [3] http://drupal.org/project/date 
[4] http://drupal.org/user/66894 [5] http://drupal.org/user/66894 
[6] http://drupal.org/user/45874 

http://www.linuxsecurity.com/content/view/149581 

* Fedora 11 Update: xml-security-c-1.5.1-1.fc11 (Jul 31)
  ------------------------------------------------------
  Fixes CVE-2009-0217 (#511915)

http://www.linuxsecurity.com/content/view/149579 

* Fedora 10 Update: drupal-date-6.x.2.3-0.fc10 (Jul 31)
  -----------------------------------------------------
  * Advisory ID: DRUPAL-SA-CONTRIB-2009-046   * Project: Date
  (third-party module)	 * Version: 6.x   * Date: 2009-July-29	 *
  Security risk: Moderately critical   * Exploitable from: Remote   *
  Vulnerability: Cross Site Scripting -------- DESCRIPTION
  --------------------------------------------------------- The Date
  module provides a date CCK field that can be added to any content
  type. The Date Tools module that is bundled with Date module does not
   properly escape user input when displaying labels for fields on a
  content  type. A malicious user with the 'use date tools' permission
  of the Date Tools  sub- module, or the 'administer content types'
  permission could attempt a  cross site scripting [1] (XSS) attack
  when creating a new content type,  leading to the user gaining full
  administrative access.  -------- VERSIONS AFFECTED
  ---------------------------------------------------	  * Date for
  Drupal 6.x prior to 6.x-2.3	 Drupal core is not affected. If you do
  not use the contributed Date module,	there is nothing you need to
  do.  -------- SOLUTION
  ------------------------------------------------------------
  Upgrade to the latest version:   * If you use Date for Drupal 6.x
  upgrade to Date 6.x-2.3 [2] Note that the 'use date tools' permission
  has been renamed as 'administer  date tools' to clarify that this is
  an administrative permission (it allows  the creation of new content
  types via a wizard form). You will need to  re-assign this permission
  to any roles that were using it. See also the Date  project page [3].
   -------- REPORTED BY
  ---------------------------------------------------------    Stella
  Power [4] of the Drupal Security Team  -------- FIXED BY
  ------------------------------------------------------------
  Stella Power [5] and Karen Stevenson [6], the project maintainer.
  -------- CONTACT
  -------------------------------------------------------------    The
  security contact for Drupal can be reached at security at drupal.org
or via the form at http://drupal.org/contact. [1] 
http://en.wikipedia.org/wiki/Cross- site_scripting [2] 
http://drupal.org/node/534332 [3] http://drupal.org/project/date 
[4] http://drupal.org/user/66894 [5] http://drupal.org/user/66894 
[6] http://drupal.org/user/45874 

http://www.linuxsecurity.com/content/view/149580 

* Fedora 10 Update: OpenEXR-1.6.1-8.fc10 (Jul 31)
  -----------------------------------------------


http://www.linuxsecurity.com/content/view/149578 

* Fedora 11 Update: OpenEXR-1.6.1-8.fc11 (Jul 31)
  -----------------------------------------------


http://www.linuxsecurity.com/content/view/149577 

* Fedora 10 Update: xml-security-c-1.5.1-1.fc10 (Jul 31)
  ------------------------------------------------------
  Fixes CVE-2009-0217 (#511915)

http://www.linuxsecurity.com/content/view/149576 

------------------------------------------------------------------------

* Gentoo: BIND Denial of Service (Aug 1)
  --------------------------------------
  ======== Dynamic Update packets can cause a Denial of
  Service in the BIND daemon.

http://www.linuxsecurity.com/content/view/149590 

* Gentoo: OpenSC Multiple vulnerabilities (Aug 1)
  -----------------------------------------------
  ======== Multiple vulnerabilities were found in
  OpenSC.

http://www.linuxsecurity.com/content/view/149588 

------------------------------------------------------------------------

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:194 ] wireshark (Aug 5)
  ---------------------------------------------------------------------------
  Vulnerabilities have been discovered in wireshark package, which
  could lead to application crash via radius, infiniband and afs
  dissectors (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563). This update
  provides a fix for those vulnerabilities.

http://www.linuxsecurity.com/content/view/149662 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:193 ] ruby (Aug 5)
  ----------------------------------------------------------------------
  ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check
  the return value from the OCSP_basic_verify function, which might
  allow remote attackers to successfully present an invalid X.509
  certificate, possibly involving a revoked certificate. This update
  corrects the problem, including for older ruby versions.

http://www.linuxsecurity.com/content/view/149659 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:192 ] phpmyadmin (Aug 5)
  ----------------------------------------------------------------------------
  A vulnerability has been identified and corrected in phpMyAdmin:
  Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1
  allows remote attackers to inject arbitrary web script or HTML via a
  crafted SQL bookmark (CVE-2009-2284). This update provides phpmyadmin
  3.2.0.1, which is not vulnerable to this issue.

http://www.linuxsecurity.com/content/view/149655 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:191 ] OpenEXR (Aug 2)
  -------------------------------------------------------------------------
  Multiple vulnerabilities has been found and corrected in OpenEXR:
  Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow
  context-dependent attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via unspecified vectors
  that trigger heap-based buffer overflows, related to (1) the
  Imf::PreviewImage::PreviewImage function and (2) compressor
  constructors.  NOTE: some of these details are obtained from third
  party information (CVE-2009-1720). The decompression implementation
  in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows
  context-dependent attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via vectors that trigger a
  free of an uninitialized pointer (CVE-2009-1721). Buffer overflow in
  the compression implementation in OpenEXR 1.2.2 allows
  context-dependent attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via unspecified vectors
  (CVE-2009-1722). This update provides fixes for these
  vulnerabilities.

http://www.linuxsecurity.com/content/view/149596 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:190 ] OpenEXR (Aug 2)
  -------------------------------------------------------------------------
  Multiple vulnerabilities has been found and corrected in OpenEXR:
  Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow
  context-dependent attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via unspecified vectors
  that trigger heap-based buffer overflows, related to (1) the
  Imf::PreviewImage::PreviewImage function and (2) compressor
  constructors.  NOTE: some of these details are obtained from third
  party information (CVE-2009-1720). The decompression implementation
  in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows
  context-dependent attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via vectors that trigger a
  free of an uninitialized pointer (CVE-2009-1721). This update
  provides fixes for these vulnerabilities.

http://www.linuxsecurity.com/content/view/149595 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:189 ] apache-mod_auth_mysql (Aug 1)
  ---------------------------------------------------------------------------------------
  A vulnerability has been found and corrected in mod_auth_mysql: SQL
  injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql
  (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x
  allows remote attackers to execute arbitrary SQL commands via
  multibyte character encodings for unspecified input (CVE-2008-2384).
  This update provides fixes for this vulnerability.

http://www.linuxsecurity.com/content/view/149589 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:188 ] php4-eaccelerator (Jul 31)
  ------------------------------------------------------------------------------------
  A vulnerability has been found and corrected in php4-eaccelerator:
  encoder.php in eAccelerator allows remote attackers to execute
  arbitrary code by copying a local executable file to a location under
  the web root via the -o option, and then making a direct request to
  this file, related to upload of image files (CVE-2009-2353).
  Additionally to adressing the security issue this update also
  provides php4-eaccelerator 0.9.5.

http://www.linuxsecurity.com/content/view/149587 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:187 ] nagios (Jul 31)
  -------------------------------------------------------------------------
  A vulnerability has been found and corrected in nagios: statuswml.cgi
  in Nagios before 3.1.1 allows remote attackers to execute arbitrary
  commands via shell metacharacters in the (1) ping or (2) Traceroute
  parameters (CVE-2009-2288). This update provides nagios 3.1.2, which
  is not vulnerable to this issue.

http://www.linuxsecurity.com/content/view/149586 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:186 ] firebird (Jul 31)
  ---------------------------------------------------------------------------
  A vulnerability has been found and corrected in firebird:
  src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
  1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
  allows remote attackers to cause a denial of service (daemon crash)
  via a malformed op_connect_request message that triggers an infinite
  loop or NULL pointer dereference (CVE-2009-2620). This update
  provides fixes for this vulnerability.

http://www.linuxsecurity.com/content/view/149585 

* Mandriva: Subject: [Security Announce] [ MDVA-2009:138 ] bacula (Jul 31)
  ------------------------------------------------------------------------
  bacula 3.0.2 is primarily a important bug fix update to version 3.0.1
  with some enhancements.

http://www.linuxsecurity.com/content/view/149584 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:185 ] firefox (Jul 31)
  --------------------------------------------------------------------------
  Security vulnerabilities have been discovered and corrected in
  Mozilla Firefox 3.0.x: Several flaws in Firefox browser and
  javascript engine could allow a malicious site to cause a
  denial-of-service of possibly remote code execution (CVE-2009-1392,
  CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,
  CVE-2009-1841, CVE-2009-2043, CVE-2009-2044). Several flaws were
  discovered in Firefox which could lead to information disclosure and
  security bypass (CVE-2009-1834, CVE-2009-1835, CVE-2009-1836,
  CVE-2009-1839, CVE-2009-1840). Several flaws were discovered in the
  Firefox browser and JavaScript engines, which could allow a malicious
  website to cause a denial of service or possibly execute arbitrary
  code with user privileges. (CVE-2009-2462, CVE-2009-2463,
  CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2468) Attila
  Suszter discovered a flaw in the way Firefox processed Flash content,
  which could cause a denial of service or possibly execute arbitrary
  code with the privileges of the user invoking the program.
  (CVE-2009-2467) It was discovered that Firefox did not properly
  handle some SVG content, which could lead to a denial of service or
  possibly execute arbitrary code with the privileges of the user
  invoking the program. (CVE-2009-2469) A flaw was discovered in the
  JavaScript engine which could be used to perform cross-site scripting
  attacks. (CVE-2009-2472) This update provides the latest Mozilla
  Firefox 3.0.x to correct these issues. Additionally, some packages
  which require so, have been rebuilt and are being provided as
  updates.

http://www.linuxsecurity.com/content/view/149583 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:184 ] apache-mod_security (Jul 31)
  --------------------------------------------------------------------------------------
  Multiple vulnerabilities has been found and corrected in
  mod_security: The multipart processor in ModSecurity before 2.5.9
  allows remote attackers to cause a denial of service (crash) via a
  multipart form datapost request with a missing part header name,
  which triggers a NULL pointer dereference (CVE-2009-1902). The PDF
  XSS protection feature in ModSecurity before 2.5.8 allows remote
  attackers to cause a denial of service (Apache httpd crash) via a
  request for a PDF file that does not use the GET method
  (CVE-2009-1903). This update provides mod_security 2.5.9, which is
  not vulnerable to these issues.

http://www.linuxsecurity.com/content/view/149575 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:183 ] apache-mod_security (Jul 31)
  --------------------------------------------------------------------------------------
  Multiple vulnerabilities has been found and corrected in
  mod_security: Multiple unspecified vulnerabilities in the ModSecurity
  (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP
  Server, when SecCacheTransformations is enabled, allow remote
  attackers to cause a denial of service (daemon crash) or bypass the
  product's functionality via unknown vectors related to transformation
  caching. (CVE-2008-5676) The multipart processor in ModSecurity
  before 2.5.9 allows remote attackers to cause a denial of service
  (crash) via a multipart form datapost request with a missing part
  header name, which triggers a NULL pointer dereference
  (CVE-2009-1902). The PDF XSS protection feature in ModSecurity before
  2.5.8 allows remote attackers to cause a denial of service (Apache
  httpd crash) via a request for a PDF file that does not use the GET
  method (CVE-2009-1903). This update provides mod_security 2.5.9,
  which is not vulnerable to these issues.

http://www.linuxsecurity.com/content/view/149574 

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:182 ] firefox (Jul 30)
  --------------------------------------------------------------------------
  Security vulnerabilities have been discovered and corrected in
  Mozilla Firefox 3.0.x: Several flaws were discovered in the Firefox
  browser and JavaScript engines, which could allow a malicious website
  to cause a denial of service or possibly execute arbitrary code with
  user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464,
  CVE-2009-2465, CVE-2009-2466, CVE-2009-2468, CVE-2009-2471) Attila
  Suszter discovered a flaw in the way Firefox processed Flash content,
  which could cause a denial of service or possibly execute arbitrary
  code with the privileges of the user invoking the program.
  (CVE-2009-2467) It was discovered that Firefox did not properly
  handle some SVG content, which could lead to a denial of service or
  possibly execute arbitrary code with the privileges of the user
  invoking the program. (CVE-2009-2469) A flaw was discovered in the
  JavaScript engine which could be used to perform cross-site scripting
  attacks. (CVE-2009-2472) This update provides the latest Mozilla
  Firefox 3.0.x to correct these issues. Additionally, some packages
  which require so, have been rebuilt and are being provided as
  updates.

http://www.linuxsecurity.com/content/view/149569 

* Mandriva: Subject: [Security Announce] [ MDVA-2009:137 ] rpm (Jul 30)
  ---------------------------------------------------------------------
  This update fixes an issue with rpm:	o file triggers aren't properly
  invoked on package removal

http://www.linuxsecurity.com/content/view/149563 

------------------------------------------------------------------------

* RedHat: Important: kernel security and bug fix update (Aug 4)
  -------------------------------------------------------------
  Updated kernel packages that fix several security issues and several
  bugs are now available for Red Hat Enterprise Linux 5. This update
  has been rated as having important security impact by the Red Hat
  Security Response Team.

http://www.linuxsecurity.com/content/view/149608 

* RedHat: Critical: flash-plugin security update (Jul 31)
  -------------------------------------------------------
  An updated Adobe Flash Player package that fixes multiple security
  issues is now available for Red Hat Enterprise Linux 5 Supplementary.
  This update has been rated as having critical security impact by the
  Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149571 

* RedHat: Critical: flash-plugin security update (Jul 31)
  -------------------------------------------------------
  An updated Adobe Flash Player package that fixes multiple security
  issues is now available for Red Hat Enterprise Linux 3 and 4 Extras.
  This update has been rated as having critical security impact by the
  Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149572 

* RedHat: Critical: nspr and nss security and bug fix (Jul 31)
  ------------------------------------------------------------
  Updated nspr and nss packages that fix security issues and bugs are
  now available for Red Hat Enterprise Linux 4.7 Extended Update
  Support. This update has been rated as having critical security
  impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/149573 

* RedHat: Critical: nspr and nss security and bug fix (Jul 30)
  ------------------------------------------------------------
  Updated nspr and nss packages that fix security issues and a bug are
  now available for Red Hat Enterprise Linux 4. This update has been
  rated as having critical security impact by the Red Hat Security
  Response Team.

http://www.linuxsecurity.com/content/view/149566 

* RedHat: Critical: seamonkey security update (Jul 30)
  ----------------------------------------------------
  Updated seamonkey packages that fix a security issue are now
  available for Red Hat Enterprise Linux 3. This update has been rated
  as having critical security impact by the Red Hat Security Response
  Team.

http://www.linuxsecurity.com/content/view/149567 

------------------------------------------------------------------------

* Slackware:   fetchmail (Aug 6)
  ------------------------------
  New fetchmail packages are available for Slackware 8.1, 9.0, 9.1,
  10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to a fix
  security issue. More details about this issue may be found in the
  Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666 

http://www.linuxsecurity.com/content/view/149665 

* Slackware:   mozilla-firefox (Aug 3)
  ------------------------------------
  A new mozilla-firefox package is available for Slackware 12.2 to fix
  security issues. The updated packages may also be used with Slackware
  11.0 or newer.

  More details about the issues may be found on the Mozilla website:
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html 
http://www.mozilla.org/security/announce/2009/mfsa2009-43.html 

http://www.linuxsecurity.com/content/view/149606 

* Slackware:   httpd (Aug 2)
  --------------------------
  New httpd packages are available for Slackware 12.0, 12.1, 12.2, and
  -current to fix security issues. More details about these issues may
  be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 

http://www.linuxsecurity.com/content/view/149597 

* Slackware:   bind (Jul 30)
  --------------------------
  New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
  10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security
  issue. More details about this issue may be found in the Common
  Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 ISC has 
published an announcement here: https://www.isc.org/node/479 And 
  CERT has published an advisory here:
http://www.kb.cert.org/vuls/id/725188 

http://www.linuxsecurity.com/content/view/149559 

------------------------------------------------------------------------

* SuSE: Mozilla Firefox 3.0 (Aug 6)
  ---------------------------------


http://www.linuxsecurity.com/content/view/149664 

* SuSE: flash-player (resent) (Aug 5)
  -----------------------------------


http://www.linuxsecurity.com/content/view/149654 

* SuSE: flash-player (SUSE-SA:2009:041) (Aug 5)
  ---------------------------------------------


http://www.linuxsecurity.com/content/view/149653 

* SuSE: bind (SUSE-SA:2009:040) (Jul 30)
  --------------------------------------


http://www.linuxsecurity.com/content/view/149560 

------------------------------------------------------------------------

* Ubuntu:  NSPR update (Aug 4)
  ----------------------------
  USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR
  needed to use the new NSS. Original advisory details:  Moxie
  Marlinspike discovered that NSS did not properly handle regular
  expressions in certificate names. A remote attacker could create a
  specially crafted certificate to cause a denial of service (via
  application  crash) or execute arbitrary code as the user invoking
  the program.	(CVE-2009-2404)    Moxie Marlinspike and Dan Kaminsky
  independently discovered that NSS did  not properly handle
  certificates with NULL characters in the certificate	name. An
  attacker could exploit this to perform a man in the middle attack  to
  view sensitive information or alter encrypted communications.
  (CVE-2009-2408)    Dan Kaminsky discovered NSS would still accept
  certificates with MD2 hash  signatures. As a result, an attacker
  could potentially create a malicious	trusted certificate to
  impersonate another site. (CVE-2009-2409)

http://www.linuxsecurity.com/content/view/149613 

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

To unsubscribe email vuln-newsletter-request@linuxsecurity.com 
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


________________________________________________
Visit & Submit to the Defcon Memory Repository
http://www.defconpics.org/ 

Site design & layout copyright © 1986-2014 CodeGods