Hello and welcome to Linux Security Weekly for December 2, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

Firefox 17.0.1

Firefox ESR (10.0.11)

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

http://www.mozilla.org/en-US/firefox/17.0.1/releasenotes/

http://www.mozilla.org/en-US/firefox/organizations/all.html

PHP 5.4.9 and PHP 5.3.19

http://www.php.net/index.php#id2012-11-22-1

Linux rootkit going around that injects iframe in web server pages

http://blog.crowdstrike.com/2012/11/http-iframe-injecting-linux-rootkit.html

http://seclists.org/fulldisclosure/2012/Nov/94

Chrome 23.0.1271.91

http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html

nmap 6.25

http://seclists.org/nmap-hackers/2012/4

Red Hat

thunderbird

http://rhn.redhat.com/errata/RHSA-2012-1483.html

firefox

http://rhn.redhat.com/errata/RHSA-2012-1482.html

java-1.4.2-ibm

http://rhn.redhat.com/errata/RHSA-2012-1485.html

libxml2

http://rhn.redhat.com/errata/RHSA-2012-1512.html

Ubuntu

tomcat

http://www.ubuntu.com/usn/usn-1637-1/

thunderbird

http://www.ubuntu.com/usn/usn-1636-1/

firefox

http://www.ubuntu.com/usn/usn-1638-1/

libssh

http://www.ubuntu.com/usn/usn-1640-1/

perl

http://www.ubuntu.com/usn/usn-1643-1/

kernel

http://www.ubuntu.com/usn/usn-1644-1/

http://www.ubuntu.com/usn/usn-1646-1/

http://www.ubuntu.com/usn/usn-1648-1/

http://www.ubuntu.com/usn/usn-1650-1/

http://www.ubuntu.com/usn/usn-1651-1/

Debian

rssh

http://www.debian.org/security/2012/dsa-2578

apache2 – CRIME fix!

http://www.debian.org/security/2012/dsa-2579

libssh

http://www.debian.org/security/2012/dsa-2577

Hello and welcome to Linux Security Weekly for November 18, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

PHP 5.5.0 Alpha1 released

http://www.php.net/index.php#id2012-11-15-1

FreeBSD security incident

http://www.freebsd.org/news/2012-compromise.html

Drupal 7.17 – maintenance update

http://drupal.org/drupal-7.17-release-notes

Google Chrome announced flash is fully sandboxed on Chrome on all platforms

http://chrome.blogspot.ca/2012/11/securing-flash-player-for-our-mac-users.html

Red Hat

kernel

http://rhn.redhat.com/errata/RHSA-2012-1445.html

mysql

http://rhn.redhat.com/errata/RHSA-2012-1462.html

ibm java

http://rhn.redhat.com/errata/RHSA-2012-1467.html

http://rhn.redhat.com/errata/RHSA-2012-1466.html

http://rhn.redhat.com/errata/RHSA-2012-1465.html

Ubuntu

libproxy

http://www.ubuntu.com/usn/usn-1629-1/

libav

http://www.ubuntu.com/usn/usn-1630-1/

libtiff

http://www.ubuntu.com/usn/usn-1631-1/

django

http://www.ubuntu.com/usn/usn-1632-1/

Debian

typo3

http://www.debian.org/security/2012/dsa-2574

Extras

Adobe’s connectusers.com breach

http://connectusers.com/

http://www.theregister.co.uk/2012/11/16/adobe_forum_breach/

http://www.darkreading.com/blog/240134996/adobe-hacker-says-he-used-sql-injection-to-grab-database-of-150-000-user-accounts.html

Hello and welcome to Linux Security Weekly for November 11, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

joomla

http://blog.sucuri.net/2012/11/joomla-2-5-8-and-3-0-2-released-security-updates.html

http://developer.joomla.org/security/news/544-20121102-core-clickjacking

http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability

XSS vulnerability in swfupload in WordPress

http://seclists.org/fulldisclosure/2012/Nov/51

https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

netOffice Dwins SQL Injection Vulnerability

http://www.exploit-db.com/exploits/22590/

http://sourceforge.net/projects/netofficedwins/

plone

http://plone.org/products/plone-hotfix/releases/20121106

http://plone.org/products/plone/security/advisories/20121106

chrome

http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html

webmin

http://www.webmin.com/updates.html

https://secunia.com/advisories/51201/

Red Hat

kernel

http://rhn.redhat.com/errata/RHSA-2012-1426.html

icedtea web plugin

http://rhn.redhat.com/errata/RHSA-2012-1434.html

Ubuntu

mysql

http://www.ubuntu.com/usn/usn-1621-1/

icedtea-web

http://www.ubuntu.com/usn/usn-1625-1/

apache (Backport fix for CRIME attack!)

http://www.ubuntu.com/usn/usn-1627-1/

Debian

libproxy

http://www.debian.org/security/2012/dsa-2571

radsecproxy

http://www.debian.org/security/2012/dsa-2573

Hello and welcome to Linux Security Weekly for November 4, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

Plone CMS

http://plone.org/products/plone/security/advisories/20120830

Popular sites with Apache server-status enabled

http://blog.sucuri.net/2012/10/popular-sites-with-apache-server-status-enabled.html

libvirt 1.0.0

http://berrange.com/posts/2012/11/02/announce-libvirt-1-0-0-release-and-7th-birthday/

http://libvirt.org/news.html

http://libvirt.org/

OpenBSD 5.2

http://www.h-online.com/security/news/item/OpenBSD-5-2-arrives-with-improved-multi-core-support-1742192.html

http://openbsd.org/52.html

Burp Suite 1.5

http://blog.portswigger.net/2012/10/burp-suite-free-edition-v15-released.html

Red Hat

thunderbird

http://rhn.redhat.com/errata/RHSA-2012-1413.html

kdelibs

http://rhn.redhat.com/errata/RHSA-2012-1416.html

http://rhn.redhat.com/errata/RHSA-2012-1418.html

Ubuntu

thunderbird

http://www.ubuntu.com/usn/usn-1620-2/

Debian

icedove

http://www.debian.org/security/2012/dsa-2569

Security and Sysadmin related podcasts you should check out

http://packetpushers.net/

http://www.jupiterbroadcasting.com/show/techsnap/

http://twit.tv/sn

http://hak5.org/

http://crypto-gram.libsyn.com/

http://pauldotcom.com/

http://www.mckeay.net

Hello and welcome to Linux Security Weekly for October 28, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

exim

https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html

https://lists.exim.org/lurker/message/20121026.083548.4647373a.en.html

firefox

https://www.mozilla.org/security/known-vulnerabilities/firefox.html

https://www.mozilla.org/security/announce/2012/mfsa2012-90.html

phpmyadmin

http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php

http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php

VirtualBox 4.2.4 (released 2012-10-26)

https://www.virtualbox.org/wiki/Changelog

Red Hat

6.2 EUS kernel

http://rhn.redhat.com/errata/RHSA-2012-1401.html

firefox

http://rhn.redhat.com/errata/RHSA-2012-1407.html

Ubuntu

ruby

http://www.ubuntu.com/usn/usn-1614-1/

http://www.ubuntu.com/usn/usn-1603-2/

python

http://www.ubuntu.com/usn/usn-1615-1/

http://www.ubuntu.com/usn/usn-1616-1/

webkit

http://www.ubuntu.com/usn/usn-1617-1/

exim

http://www.ubuntu.com/usn/usn-1618-1/

openjdk

http://www.ubuntu.com/usn/usn-1619-1/

firefox

http://www.ubuntu.com/usn/usn-1620-1/

Debian

bind

http://www.debian.org/security/2012/dsa-2560

tiff

http://www.debian.org/security/2012/dsa-2561

exim

http://www.debian.org/security/2012/dsa-2566

DKIM and why you should not use weak keys

http://www.dkim.org/

http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/

Hello and welcome to Linux Security Weekly for October 21, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

Oracle quarterly patch

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

14 MySQL CVEs that we will never see

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html#AppendixMSQL

mod_security 2.7.0

https://twitter.com/ModSecurity/status/258374512851173378

http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.7.x/CHANGES

Django

https://www.djangoproject.com/weblog/2012/oct/17/security/

Virtualbox 4.2.2

https://www.virtualbox.org/wiki/Changelog

PHP

http://www.php.net/archive/2012.php#id2012-10-18-1

Ubuntu 12.10

http://fridge.ubuntu.com/2012/10/18/ubuntu-12-10-quantal-quetzal-released/

OS X disables Java browser plugin OS X 10.6.8, 10.7 and 10.8

http://www.h-online.com/security/news/item/Apple-updates-Java-for-older-Mac-OS-X-kills-browser-plugin-1732089.html

Red Hat

jboss-ec2-eap

http://rhn.redhat.com/errata/RHSA-2012-1376.html

Red Hat 6 – kernel

http://rhn.redhat.com/errata/RHSA-2012-1366.html

OpenStack Essex

http://rhn.redhat.com/errata/RHSA-2012-1378.html

http://rhn.redhat.com/errata/RHSA-2012-1379.html

java-1.7.0-openjdk

http://rhn.redhat.com/errata/RHSA-2012-1386.html

java-1.6.0-openjdk

http://rhn.redhat.com/errata/RHSA-2012-1385.html

http://rhn.redhat.com/errata/RHSA-2012-1384.html

java-1.6.0-sun

http://rhn.redhat.com/errata/RHSA-2012-1392.html

java-1.7.0-oracle

http://rhn.redhat.com/errata/RHSA-2012-1391.html

rhev-hypervisor6

http://rhn.redhat.com/errata/RHSA-2012-1375.html

Ubuntu

libgssglue

http://www.ubuntu.com/usn/usn-1612-1/

python2.5 and 2.4

http://www.ubuntu.com/usn/usn-1613-1/

http://www.ubuntu.com/usn/usn-1613-2/

Debian

libexif

http://www.debian.org/security/2012/dsa-2559

DNS vuln: CVE-2012-5166

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690118

http://security-tracker.debian.org/tracker/CVE-2012-5166

Hello and welcome to Linux Security Weekly for October 14, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

bind

https://kb.isc.org/article/AA-00801

Tomcat 5.5.x branch End of Life

http://www.mail-archive.com/announce@tomcat.apache.org/msg00088.html

Firefox 16.0.1

http://www.mozilla.org/en-US/firefox/16.0.1/releasenotes/

http://www.mozilla.org/en-US/firefox/10.0.9/releasenotes/

Nessus 5.0.2

http://blog.tenablesecurity.com/2012/10/nessus-502-available.html

Nessus HTML5 interface now available

http://blog.tenablesecurity.com/2012/10/nessus-html5-interface-beta.html

Red Hat

kernel 5.6 EUS

http://rhn.redhat.com/errata/RHSA-2012-1347.html

thunderbird

http://rhn.redhat.com/errata/RHSA-2012-1351.html

http://rhn.redhat.com/errata/RHSA-2012-1362.html

firefox

http://rhn.redhat.com/errata/RHSA-2012-1350.html

xulrunner

http://rhn.redhat.com/errata/RHSA-2012-1361.html

libvirt

http://rhn.redhat.com/errata/RHSA-2012-1359.html

bind

http://rhn.redhat.com/errata/RHSA-2012-1365.html

http://rhn.redhat.com/errata/RHSA-2012-1364.html

http://rhn.redhat.com/errata/RHSA-2012-1363.html

Ubuntu

kernel

http://www.ubuntu.com/usn/usn-1598-1/

http://www.ubuntu.com/usn/usn-1606-1/

http://www.ubuntu.com/usn/usn-1607-1/

http://www.ubuntu.com/usn/usn-1610-1/

firefox

http://www.ubuntu.com/usn/usn-1600-1/

http://www.ubuntu.com/usn/usn-1608-1/

thunderbird

http://www.ubuntu.com/usn/usn-1611-1/

bind

http://www.ubuntu.com/usn/usn-1601-1/

ruby

http://www.ubuntu.com/usn/usn-1602-1/

http://www.ubuntu.com/usn/usn-1603-1/

Debian

icedove

http://www.debian.org/security/2012/dsa-2556

bacula

http://www.debian.org/security/2012/dsa-2558

hostapd

http://www.debian.org/security/2012/dsa-2557

Debian DNS vuln: CVE-2012-5166

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690118

http://security-tracker.debian.org/tracker/CVE-2012-5166

XSS Explained

http://theinsider.deep-ice.com/texts/xss_exposed.txt

http://en.wikipedia.org/wiki/Cross-site_scripting

Hello and welcome to Linux Security Weekly for October 7, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

Wireshark 1.8.3 and 1.6.11 Released

http://www.wireshark.org/news/20121002.html

PostgreSQL Updates 2012-09-24 released

http://www.postgresql.org/about/news/1416/

Red Hat 5.9 beta out

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5-Beta/html/5.9_Release_Notes/index.html

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5-Beta/html-single/5.9_Technical_Notes/index.html

Over 50 universities with various websites compromised

http://pastebin.com/AQWhu8Ek

Linux 3.6 released

http://kernelnewbies.org/Linux_3.6

Red Hat

freeRADIUS

http://rhn.redhat.com/errata/RHSA-2012-1327.html

http://rhn.redhat.com/errata/RHSA-2012-1326.html

rhev-hypervisor

http://rhn.redhat.com/errata/RHSA-2012-1324.html

http://rhn.redhat.com/errata/RHSA-2012-1325.html

kernel – Red Hat 5

http://rhn.redhat.com/errata/RHSA-2012-1323.html

java-1.4.2-ibm-sap

http://rhn.redhat.com/errata/RHSA-2012-1332.html

Ubuntu

eglibc, glibc vulnerabilities

http://www.ubuntu.com/usn/usn-1589-1/

qemu

http://www.ubuntu.com/usn/usn-1590-1/

python2.7

http://www.ubuntu.com/usn/usn-1592-1/

libxslt

http://www.ubuntu.com/usn/usn-1595-1/

python2.6

http://www.ubuntu.com/usn/usn-1596-1/

kernel – EC2 10.04

http://www.ubuntu.com/usn/usn-1597-1/

Debian

libxslt

http://www.debian.org/security/2012/dsa-2555

Recent attacks on US banks

Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase

http://thehackernews.com/2012/10/cyber-attacks-on-six-major-american.html

http://blog.fireeye.com/research/2012/10/more-about-attacks-on-financial-industries-.html

http://www.ic3.gov/media/2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf

http://blogs.cisco.com/security/csro-perspective-on-financial-ddos-attacks/

http://www.computerworld.com/s/article/9232016/Cyberattacks_on_banking_websites_subside_for_now

http://www.securityweek.com/recent-bank-cyber-attacks-originated-hacked-data-centers-not-large-botnet

http://www.nytimes.com/2012/10/01/business/cyberattacks-on-6-american-banks-frustrate-customers.html

Hello and welcome to Linux Security Weekly for September 30, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

phpMyAdmin backdoor

http://sourceforge.net/blog/phpmyadmin-back-door/

http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

Google Chrome 22

http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html

Slackware 14.0

http://slackware.com/announce/14.0.php

python 3.3.0

http://www.python.org/download/releases/3.3.0/

Red Hat

kernel – Red Hat 6

http://rhn.redhat.com/errata/RHSA-2012-1304.html

Ubuntu

kernel

http://www.ubuntu.com/usn/usn-1579-1/

ghostscript

http://www.ubuntu.com/usn/usn-1581-1/

ruby

http://www.ubuntu.com/usn/usn-1583-1/

freeRADIUS

http://www.ubuntu.com/usn/usn-1585-1/

libxml2

http://www.ubuntu.com/usn/usn-1587-1/

Thunderbird

http://www.ubuntu.com/usn/usn-1551-2/

Debian

isc-dhcp

http://www.debian.org/security/2012/dsa-2551

iceweasel

http://www.debian.org/security/2012/dsa-2553

tiff

http://www.debian.org/security/2012/dsa-2552

mozilla persona

https://login.persona.org/

http://identity.mozilla.com/post/32395255498/announcing-the-first-beta-release-of-persona

https://developer.mozilla.org/en-US/docs/Persona

http://crossword.thetimes.co.uk/

Hello and welcome to Linux Security Weekly for September 23, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

Samba 4.0.0 rc1

https://download.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc1.txt

SSLyze 0.5 SSL scanner

https://github.com/iSECPartners/sslyze

prenus – pretty nessus

http://labs.asteriskinfosec.com.au/tag/prenus/

Red Hat

openjpeg

http://rhn.redhat.com/errata/RHSA-2012-1283.html

java-1.7.0-ibm

http://rhn.redhat.com/errata/RHSA-2012-1289.html

Red Hat Enterprise MRG v2

http://rhn.redhat.com/errata/RHSA-2012-1278.html

Ubuntu

php5

http://www.ubuntu.com/usn/usn-1569-1/

gnupg

http://www.ubuntu.com/usn/usn-1570-1/

dhcp3

http://www.ubuntu.com/usn/usn-1570-1/

linux kernel – 10.04

http://www.ubuntu.com/usn/usn-1572-1/

http://www.ubuntu.com/usn/usn-1573-1/

dbus

http://www.ubuntu.com/usn/usn-1576-1/

Debian

asterisk

http://www.debian.org/security/2012/dsa-2550

Infosec and Security Blogs

http://www.reddit.com/r/netsec/comments/w2sh8/google_reader_security_rss_feeds_bundle/

https://www.google.com/reader/bundle/user%2F17384887029670727134%2Fbundle%2FSecurity

https://www.google.com/reader/bundle/user%2F17384887029670727134%2Fbundle%2FSNP

http://www.google.com/reader/bundle/user%2F18248679770830022606%2Fbundle%2FInfoSec

https://www.google.com/reader/bundle/user%2F03765539238807887305%2Fbundle%2FInformation%20Security

Hello and welcome to Linux Security Weekly for September 16, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

bind CVE-2012-4244

https://kb.isc.org/article/AA-00778/74

http://www.h-online.com/security/news/item/Manipulated-data-causes-BIND-DNS-servers-to-crash-1708087.html

rdata field:

http://www.zytrax.com/books/dns/ch15/#rdata

BIND Vulnerability Matrix – list of bind vulns according to version of bind:

http://www.isc.org/software/bind/security/matrix

PHP 5.4.7 and PHP 5.3.17 released

http://www.php.net/index.php#id2012-09-13-1

VirtualBox 4.2.0

https://www.virtualbox.org/wiki/Changelog

PostgreSQL 9.2 released

http://www.postgresql.org/about/news/1415/

Red Hat

ghostscript red hat 5 and 6 CVE-2012-4405

http://rhn.redhat.com/errata/RHSA-2012-1256.html

libexif red hat 5 and 6 (7 CVEs)

http://rhn.redhat.com/errata/RHSA-2012-1255.html

quagga red hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1259.html

http://rhn.redhat.com/errata/RHSA-2012-1258.html

libxslt red hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1265.html

postgresql red hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1264.html

http://rhn.redhat.com/errata/RHSA-2012-1263.html

rhev-hypervisor5 red hat 5

http://rhn.redhat.com/errata/RHSA-2012-1262.html

dbus red hat 6

http://rhn.redhat.com/errata/RHSA-2012-1261.html

bind red hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1268.html

http://rhn.redhat.com/errata/RHSA-2012-1267.html

http://rhn.redhat.com/errata/RHSA-2012-1266.html

Ubuntu

django

http://www.ubuntu.com/usn/usn-1560-1/

xmlrpc-c

http://www.ubuntu.com/usn/usn-1527-2/

firefox

http://www.ubuntu.com/usn/usn-1548-2/

bind

http://www.ubuntu.com/usn/usn-1566-1/

kernel

http://www.ubuntu.com/usn/usn-1567-1/

http://www.ubuntu.com/usn/usn-1568-1/

Debian

qemu-kvm

http://www.debian.org/security/2012/dsa-2542

xen-qemu-dm-4.0

http://www.debian.org/security/2012/dsa-2543

xen

http://www.debian.org/security/2012/dsa-2544

qemu

http://www.debian.org/security/2012/dsa-2545

freeradius

http://www.debian.org/security/2012/dsa-2546

bind9

http://www.debian.org/security/2012/dsa-2547

tor

http://www.debian.org/security/2012/dsa-2548

CRIME TLS vulnerability

https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

Hello and welcome to Linux Security Weekly for September 9, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

WordPress 3.4.2

http://wordpress.org/news/2012/09/wordpress-3-4-2/

OpenSuSE 12.2

http://news.opensuse.org/2012/09/05/opensuse-12-2-green-means-go/

Virtualbox 4.1.22

https://www.virtualbox.org/wiki/Changelog

Firefox bumped to 15.0.1

https://www.mozilla.org/en-US/firefox/15.0.1/releasenotes/

https://bugzilla.mozilla.org/show_bug.cgi?id=787743

Red Hat

openjdk 1.6 update red hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1222.html

http://rhn.redhat.com/errata/RHSA-2012-1221.html

oracle java 1.7 red hat 6

http://rhn.redhat.com/errata/RHSA-2012-1225.html

ibm java 1.4.2, 1.5, and 1.6 red hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1243.html

http://rhn.redhat.com/errata/RHSA-2012-1245.html

http://rhn.redhat.com/errata/RHSA-2012-1238.html

xen red hat 5

http://rhn.redhat.com/errata/RHSA-2012-1236.html

kvm red hat 5

http://rhn.redhat.com/errata/RHSA-2012-1235.html

Ubuntu

openjdk 6 ubuntu 10.04-12.04

http://www.ubuntu.com/usn/usn-1553-1/

kernel updates all around

11.10

http://www.ubuntu.com/usn/usn-1554-1/

10.04

http://www.ubuntu.com/usn/usn-1555-1/

10.04 EC2

http://www.ubuntu.com/usn/usn-1556-1/

11.04

http://www.ubuntu.com/usn/usn-1557-1/

11.10

http://www.ubuntu.com/usn/usn-1558-1/

Debian

zabbix

http://www.debian.org/security/2012/dsa-2539

beaker

http://www.debian.org/security/2012/dsa-2541

CRIME – the new TLS vulnerability similar to BEAST

http://thehackernews.com/2012/09/crime-new-ssltls-attack-for-hijacking.html

http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512

http://www.ekoparty.org/2012/thai-duong.php

Hello and welcome to Linux Security Weekly for September 2, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

OpenSSH

http://www.openssh.com/txt/release-6.1

Google Chrome

http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html

Java

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html

Firefox and Thunderbird

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox10.0.7

OpenSuSE 12.2. this week?

http://news.opensuse.org/2012/08/02/opensuse-12-2-rc2-ready-for-a-final-test/

Red Hat

Firefox and Thunderbird ESR – Red Hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1211.html

http://rhn.redhat.com/errata/RHSA-2012-1210.html

glibc – Red Hat 5 and 6

http://rhn.redhat.com/errata/RHSA-2012-1208.html

http://rhn.redhat.com/errata/RHSA-2012-1207.html

Ubuntu

Firefox and Thunderbird

http://www.ubuntu.com/usn/usn-1548-1/

http://www.ubuntu.com/usn/usn-1551-1/

iced-tea plugin

http://www.ubuntu.com/usn/usn-1505-2/

Debian

request tracker component rtfm, XSS

http://www.debian.org/security/2012/dsa-2535

otrs2, XSS

http://www.debian.org/security/2012/dsa-2536

typo3

http://www.debian.org/security/2012/dsa-2537

Web Application Scanners

nikto

http://cirt.net/nikto2

skipfish

http://code.google.com/p/skipfish/

sqlmap

http://sqlmap.org/

w3af

http://w3af.sourceforge.net/

Hello and welcome to Linux Security Weekly for August 26, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week.

Show Notes:

News

MS-CHAPv2 cracked

http://technet.microsoft.com/en-us/security/advisory/2743314

https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

https://github.com/moxie0/chapcrack

http://revolutionwifi.blogspot.de/2012/07/is-wpa2-security-broken-due-to-defcon.html

RuggedCom #fail

http://www.computerworld.com.au/article/434312/ics-cert_warns_ssl_security_flaw_ruggedcom_industrial_networking_devices/

Red Hat


katello

http://rhn.redhat.com/errata/RHSA-2012-1187.html

http://rhn.redhat.com/errata/RHSA-2012-1186.html

rhev-hypervisor5

rhev-hypervisor6

http://rhn.redhat.com/errata/RHSA-2012-1185.html

http://rhn.redhat.com/errata/RHSA-2012-1200.html

libvirt

http://rhn.redhat.com/errata/RHSA-2012-1202.html

kernel – red hat 5 (low)

http://rhn.redhat.com/errata/RHSA-2012-1174.html

Ubuntu


postgresql

http://www.ubuntu.com/usn/usn-1542-1/

imagemagick

http://www.ubuntu.com/usn/usn-1544-1/

Debian

postgresql-8.4

http://www.debian.org/security/2012/dsa-2534

Adobe Reader and Linux

http://gynvael.coldwind.pl/?id=483

http://www.adobe.com/support/security/bulletins/apsb12-16.html

https://bugzilla.redhat.com/show_bug.cgi?id=848183

http://blogs.adobe.com/asset/2011/06/notes-on-adobe-reader-and-acrobat-10-1.html