[ISN] Linux Advisory Watch - October 26th 2001

From: InfoSec News (isnat_private)
Date: Mon Oct 29 2001 - 00:44:45 PST

  • Next message: InfoSec News: "Re: [ISN] House's anti-terror bill requires judge to monitor FBI ..."

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  October 26th, 2001                       Volume 2, Number 43a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
     
    Linux Advisory Watch is a comprehensive newsletter that outlinesthe
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for gftp, diffutils, nvi, squid,
    util-linux, openssh, shadow/login, htdig, mod_auth_pgsql, and the Linux
    kernel.  The vendors include Conectiva, Debian, Immunix, and Red Hat.  If
    you did not get a chance to patch your systems last week, it is advisable
    that you review the newsletter.
    
    It is available at the following URL:
    http://www.linuxsecurity.com/articles/forums_article-3872.html 
    
    
       ** FREE Apache SSL Guide from Thawte **
     
       Planning Web Server Security? Find out how to implement SSL! 
       Get the free Thawte Apache SSL Guide and find the answers to all 
       your Apache SSL security issues and more at: 
     
       http://www.gothawte.com/rd90.html 
     
      
    Have you tried EnGarde Secure Linux?  The EnGarde Linux distribution was
    designed from the ground up as a secure solution, starting with the
    principle of least privilege, and carrying it through every aspect of its
    implementation.
       http://www.engardelinux.org
     
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
     
     
     
    +---------------------------------+
    |  gftp                           | ----------------------------//
    +---------------------------------+
        
    gftp displays the password in plain text on the screen within the log
    window when it is logging into an ftp server.  A malicious collegue who is
    watching the screen could gain access to the users shell on the remote
    machine.
    
     Intel ia32 architecture: Debian
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/gftp_2.0.6a-3.2_i386.deb 
     MD5 checksum: 674adafc20770c71c53a8b44a4959a25 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1656.html
    
    
      
    +---------------------------------+
    |  diffutils                      | ----------------------------//
    +---------------------------------+
    
    When using sdiff in interactive mode, a temporary file is created.  The
    new diffutils packages make sure to create that file in a secure way.
    
     Red Hat: 7.1 i386 
     ftp://updates.redhat.com/7.1/en/os/i386/diffutils-2.7-23.i386.rpm 
     062bf0083809452267d49d42aa85d7e2 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1658.html
    
    
      
    +---------------------------------+
    |  nvi                            | ----------------------------//
    +---------------------------------+
    
    Takeshi Uno found a very stupid format string vulnerability in all
    versions of nvi (in both, the plain and the multilingualized version).
    When a filename is saved, it ought to get displayed on the screen. The
    routine handling this didn't escape format strings.
    
     Intel ia32 architecture: Debian 
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     nvi-m17n-canna_1.79+19991117-2.3_i386.deb 
     MD5 checksum: c8bd0ea8e2581e2f18b2990c5434ab35 
      
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     nvi-m17n_1.79+19991117-2.3_i386.deb 
     MD5 checksum: 93235c24ff0efac3b3636664c30b8c6e 
    
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/nvi_1.79-16a.1_i386.deb 
     MD5 checksum: 0b04432bb3c62661cafe89b6353ff768 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1659.html
    
    
      
    +---------------------------------+
    |  squid                          | ----------------------------//
    +---------------------------------+
    
    New squid packages are available that fix a potential DoS in Squid's FTP
    handling code. It is recommened that squid users update to the fixed
    packages.
    
     Red Hat 7.2 i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     squid-2.4.STABLE1-6.i386.rpm 
     b5f0ca849fcef20c0c05b2bea268520e 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1660.html
    
    
      
    +---------------------------------+
    |  until-linux                    | ----------------------------//
    +---------------------------------+
    
    New util-linux packages are available that fix a problem with /bin/login's
    PAM implementation. This could, in some non-default setups, cause users to
    receive credentials of other users. It is recommended that all users
    update to the fixed packages.
    
     Red Hat Linux 7.2: i386: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1661.html 
     c0f329c070e416fbb20c97670199d3fe 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1661.html
    
    
      
    +---------------------------------+
    |  openssh                        | ----------------------------//
    +---------------------------------+
    
    If a user lists multiple keys in her .ssh/authorized_keys2 file, sshd may
    in some circumstances not honor the "from" option which can be associated
    with a key, thereby allowing key-based logins from hosts which should not
    be allowed access.
    
     Red Hat Linux 7.2: i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     openssh-2.9p2-9.i386.rpm 
     c553416074a5fc54d309c6e7653f684a 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     openssh-clients-2.9p2-9.i386.rpm 
     557a7615d1abf68e4b2bb998c0091638 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     openssh-server-2.9p2-9.i386.rpm 
     4b1df978407683e2c160f496f24e26e5 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     openssh-askpass-2.9p2-9.i386.rpm 
     f35d0f0b45fd5fd3ceb06589ca18aab3 
     
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     openssh-askpass-gnome-2.9p2-9.i386.rpm 
     d9fcc0d6d03c59b04681d6e755e3cb92 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1662.html 
      
    
     Conectiva: 
     PLEASE SEE VENDOR ADVISORY 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1666.html
    
    
      
    +---------------------------------+
    |  shadow / login                 | ----------------------------//
    +---------------------------------+  
    
    Multiple Linux vendors have issued security announcements about failures
    of the /bin/login program to properly initialize the privileges of an
    authenticated user if the PAM module pam_limits is enabled.
    
     SuSE-7.3  
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/ 
     shadow-20000902-144.i386.rpm 
     9380496a4a248aeac73d7136de381348 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1663.html
    
    
      
    
    +---------------------------------+
    |  htdig                          | ----------------------------//
    +---------------------------------+
    
    Due to insufficient checking of the running environment it is possible to
    use commandline options via CGI. An remote attacker could use the -c
    option to specify /dev/zero as an alternate config file to causes a denial
    of service for some minutes.
    
     i386 Intel Platform: SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
     htdig-3.1.5-304.i386.rpm 
     543b0668bbbe3c35a7b7f4aab523a497 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1664.html
    
    
      
    +---------------------------------+
    |  mod_auth_pgsql                 | ----------------------------//
    +---------------------------------+
    
    The updated mod_auth_pgsql packages close a vulnerability which would
    allow a malicious client to cause a Web server to execute arbitrary SQL
    statements. Several Apache authentication modules which use SQL databases
    to store authentication information are vulnerable to a remote SQL code
    injection attack. A bug in the MD5 password mechanism causing valid
    passwords not to authenticate the user has also been fixed.
    
     Red Hat Linux 7.2: i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     mod_auth_pgsql-0.9.9-2.i386.rpm 
     30c43be9ed24fbf0e3b7e1e44ff28808 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1665.html
    
    
    +---------------------------------+
    |  kernel                         | ----------------------------//
    +---------------------------------+
    
    A vulnerability has been found in the ptrace code of the kernel (ptrace is
    the part that allows program debuggers to run) that could be abused by
    local users to gain root privileges.
    
     Red Hat: 
     PLEASE SEE VENDOR ADVISORY 
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1655.html 
      
    
     Immunix: 
     PLEASE SEE VENDOR ADVISORY 
    
     Immunix Vendor Advisory:  
     http://www.linuxsecurity.com/advisories/other_advisory-1657.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 04:19:39 PST