Hello and welcome to Linux Security Weekly for June 17, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Linux Security Weekly | 004 - 17 June 2012 Play Now | Play in Popup | Download

Show Notes:

mysql CVE-2012-2122

http://security-tracker.debian.org/tracker/CVE-2012-2122

https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2122

http://www.ubuntu.com/usn/usn-1467-1/

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677018

java – 14 CVEs

http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html

http://rhn.redhat.com/errata/RHSA-2012-0734.html

http://rhn.redhat.com/errata/RHSA-2012-0729.html

http://rhn.redhat.com/errata/RHSA-2012-0730.html

Ruby on Rails – 2 CVEs

Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2694)

https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/jILZ34tAHF4

Ruby on Rails SQL Injection (CVE-2012-2695)

https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/l4L0TEVAz1k

http://weblog.rubyonrails.org/2012/6/12/ann-rails-3-2-6-has-been-released/

http://weblog.rubyonrails.org/2012/6/12/ann-rails-3-1-6-has-been-released/

http://weblog.rubyonrails.org/2012/6/12/ann-rails-3-0-14-has-been-released/

xen – CVE-2012-0217

http://www.kb.cert.org/vuls/id/649219

http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html

https://bugzilla.redhat.com/show_bug.cgi?id=813428

https://rhn.redhat.com/errata/RHSA-2012-0721.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677221

http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0217.html

WordPress 3.4 released

http://wordpress.org/news/2012/06/green/

http://core.trac.wordpress.org/query?status=closed&milestone=3.4

PHP – CVE-2012-2143 and CVE-2012-2386

PHP 5.4.4 and PHP 5.3.14 released

http://www.php.net/index.php#id2012-06-14-1

http://www.php.net/ChangeLog-5.php

http://www.debian.org/security/2012/dsa-2492

https://bugzilla.redhat.com/show_bug.cgi?id=823594

mod_security

http://blog.spiderlabs.com/2012/06/modsecurity-and-owasp-crs-updates-available.html

http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES

https://community.qualys.com/blogs/securitylabs/2012/06/15/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses

Skype 4 for linux

http://blogs.skype.com/linux/2012/06/skype_40_for_linux.html

Metaploitable 2 released

https://community.rapid7.com/docs/DOC-1875

http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Firefox 13.0.1

http://www.mozilla.org/en-US/firefox/13.0.1/releasenotes/

F5 BIG IP devices CVE-2012-1493

https://www.trustmatta.com/advisories/MATTA-2012-002.txt