[ISN] Linux Advisory Watch - October 26th 2001

From: InfoSec News (isnat_private)
Date: Mon Oct 29 2001 - 00:44:45 PST
Next message: InfoSec News: "Re: [ISN] House's anti-terror bill requires judge to monitor FBI ..."
Previous message: InfoSec News: "[ISN] Meet the computer criminals: they'll see you in your office"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  October 26th, 2001                       Volume 2, Number 43a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               daveat_private     benat_private
 
 
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for gftp, diffutils, nvi, squid,
util-linux, openssh, shadow/login, htdig, mod_auth_pgsql, and the Linux
kernel.  The vendors include Conectiva, Debian, Immunix, and Red Hat.  If
you did not get a chance to patch your systems last week, it is advisable
that you review the newsletter.

It is available at the following URL:
http://www.linuxsecurity.com/articles/forums_article-3872.html 


   ** FREE Apache SSL Guide from Thawte **
 
   Planning Web Server Security? Find out how to implement SSL! 
   Get the free Thawte Apache SSL Guide and find the answers to all 
   your Apache SSL security issues and more at: 
 
   http://www.gothawte.com/rd90.html 
 
  
Have you tried EnGarde Secure Linux?  The EnGarde Linux distribution was
designed from the ground up as a secure solution, starting with the
principle of least privilege, and carrying it through every aspect of its
implementation.
   http://www.engardelinux.org
 
Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-requestat_private with "subscribe"
as the subject.
 
 
 
+---------------------------------+
|  gftp                           | ----------------------------//
+---------------------------------+
    
gftp displays the password in plain text on the screen within the log
window when it is logging into an ftp server.  A malicious collegue who is
watching the screen could gain access to the users shell on the remote
machine.

 Intel ia32 architecture: Debian
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/gftp_2.0.6a-3.2_i386.deb 
 MD5 checksum: 674adafc20770c71c53a8b44a4959a25 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1656.html


  
+---------------------------------+
|  diffutils                      | ----------------------------//
+---------------------------------+

When using sdiff in interactive mode, a temporary file is created.  The
new diffutils packages make sure to create that file in a secure way.

 Red Hat: 7.1 i386 
 ftp://updates.redhat.com/7.1/en/os/i386/diffutils-2.7-23.i386.rpm 
 062bf0083809452267d49d42aa85d7e2 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1658.html


  
+---------------------------------+
|  nvi                            | ----------------------------//
+---------------------------------+

Takeshi Uno found a very stupid format string vulnerability in all
versions of nvi (in both, the plain and the multilingualized version).
When a filename is saved, it ought to get displayed on the screen. The
routine handling this didn't escape format strings.

 Intel ia32 architecture: Debian 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 nvi-m17n-canna_1.79+19991117-2.3_i386.deb 
 MD5 checksum: c8bd0ea8e2581e2f18b2990c5434ab35 
  
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 nvi-m17n_1.79+19991117-2.3_i386.deb 
 MD5 checksum: 93235c24ff0efac3b3636664c30b8c6e 

 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/nvi_1.79-16a.1_i386.deb 
 MD5 checksum: 0b04432bb3c62661cafe89b6353ff768 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1659.html


  
+---------------------------------+
|  squid                          | ----------------------------//
+---------------------------------+

New squid packages are available that fix a potential DoS in Squid's FTP
handling code. It is recommened that squid users update to the fixed
packages.

 Red Hat 7.2 i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 squid-2.4.STABLE1-6.i386.rpm 
 b5f0ca849fcef20c0c05b2bea268520e 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1660.html


  
+---------------------------------+
|  until-linux                    | ----------------------------//
+---------------------------------+

New util-linux packages are available that fix a problem with /bin/login's
PAM implementation. This could, in some non-default setups, cause users to
receive credentials of other users. It is recommended that all users
update to the fixed packages.

 Red Hat Linux 7.2: i386: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1661.html 
 c0f329c070e416fbb20c97670199d3fe 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1661.html


  
+---------------------------------+
|  openssh                        | ----------------------------//
+---------------------------------+

If a user lists multiple keys in her .ssh/authorized_keys2 file, sshd may
in some circumstances not honor the "from" option which can be associated
with a key, thereby allowing key-based logins from hosts which should not
be allowed access.

 Red Hat Linux 7.2: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 openssh-2.9p2-9.i386.rpm 
 c553416074a5fc54d309c6e7653f684a 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 openssh-clients-2.9p2-9.i386.rpm 
 557a7615d1abf68e4b2bb998c0091638 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 openssh-server-2.9p2-9.i386.rpm 
 4b1df978407683e2c160f496f24e26e5 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 openssh-askpass-2.9p2-9.i386.rpm 
 f35d0f0b45fd5fd3ceb06589ca18aab3 
 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 openssh-askpass-gnome-2.9p2-9.i386.rpm 
 d9fcc0d6d03c59b04681d6e755e3cb92 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1662.html 
  

 Conectiva: 
 PLEASE SEE VENDOR ADVISORY 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1666.html


  
+---------------------------------+
|  shadow / login                 | ----------------------------//
+---------------------------------+  

Multiple Linux vendors have issued security announcements about failures
of the /bin/login program to properly initialize the privileges of an
authenticated user if the PAM module pam_limits is enabled.

 SuSE-7.3  
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/ 
 shadow-20000902-144.i386.rpm 
 9380496a4a248aeac73d7136de381348 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1663.html


  

+---------------------------------+
|  htdig                          | ----------------------------//
+---------------------------------+

Due to insufficient checking of the running environment it is possible to
use commandline options via CGI. An remote attacker could use the -c
option to specify /dev/zero as an alternate config file to causes a denial
of service for some minutes.

 i386 Intel Platform: SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
 htdig-3.1.5-304.i386.rpm 
 543b0668bbbe3c35a7b7f4aab523a497 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1664.html


  
+---------------------------------+
|  mod_auth_pgsql                 | ----------------------------//
+---------------------------------+

The updated mod_auth_pgsql packages close a vulnerability which would
allow a malicious client to cause a Web server to execute arbitrary SQL
statements. Several Apache authentication modules which use SQL databases
to store authentication information are vulnerable to a remote SQL code
injection attack. A bug in the MD5 password mechanism causing valid
passwords not to authenticate the user has also been fixed.

 Red Hat Linux 7.2: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 mod_auth_pgsql-0.9.9-2.i386.rpm 
 30c43be9ed24fbf0e3b7e1e44ff28808 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1665.html


+---------------------------------+
|  kernel                         | ----------------------------//
+---------------------------------+

A vulnerability has been found in the ptrace code of the kernel (ptrace is
the part that allows program debuggers to run) that could be abused by
local users to gain root privileges.

 Red Hat: 
 PLEASE SEE VENDOR ADVISORY 
 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1655.html 
  

 Immunix: 
 PLEASE SEE VENDOR ADVISORY 

 Immunix Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/other_advisory-1657.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
Next message: InfoSec News: "Re: [ISN] House's anti-terror bill requires judge to monitor FBI ..."
Previous message: InfoSec News: "[ISN] Meet the computer criminals: they'll see you in your office"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 04:19:39 PST