+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| December 21st, 2001 Volume 2, Number 51a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for mailman, htdig, xsane, OpenSSH,
kerberos, libgtop, glibc, and the Trustix kernel. The vendors include
EnGarde, Debian, Immunix, FreeBSD, Mandrake, Red Hat, and Trustix.
8wire.com Review: EnGarde Secure Linux 1.0.1 - EnGarde Secure Linux is a
Linux distribution that allows anyone - including those with no Linux
experience - to easily set up their own secure Web and email servers. We
tested this software on a bare-bones PC and found it very simple to set up
and use. It's a great value for those looking for a fully functional
Internet server that can run on old or inexpensive hardware.
http://www.8wire.com/articles/?aid=2350
Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
Be Secure with EnGarde Secure Professional:
http://store.guardiandigital.com/html/eng/493-AA.shtml
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
+---------------------------------+
| mailman | ----------------------------//
+---------------------------------+
Barry A. Warsaw reported several cross-site scripting security holes in
Mailman, due to on-existent escaping of CGI variables. These have been
fixed upstream in version 2.0.8, and the relevant patches have been
backported to version 1.1-10 in Debian.
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/
binary-i386/mailman_1.1-10_i386.deb
MD5 checksum: 27c9d400360a99b39954f563f5d0ed43
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1751.html
+---------------------------------+
| htdig | ----------------------------//
+---------------------------------+
A remote attacker may use htsearch as a kind of denial-of-service attack
by causing it to read a never-ending special file such as `/dev/null'.
FreeBSD [i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/
textproc/htdig-3.1.5_1.tgz
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1753.html
+---------------------------------+
| xsane | ----------------------------//
+---------------------------------+
A local user may be able to cause xsane (run by another user) to overwrite
any file for which the latter user has sufficient privilege. While it is
advisable to run XSane with a non-privileged user account, many users run
it using the root account, increasing the risk.
FreeBSD [i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/
graphics/xsane-0.82.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/
graphics/xsane-0.82.tgz
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1754.html
+---------------------------------+
| OpenSSH | ----------------------------//
+---------------------------------+
A malicious local user can pass environment variables to the login process
if the administrator enables the UseLogin option. This can be abused to
bypass authentication and gain root access. Note that this option is not
enabled by default on TSL.
Mandrake:
PLAESE SEE ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1749.html
Trustix:
PLEASE SEE ADVISORY FOR UPDATE
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1761.html
+---------------------------------+
| kerberos | ----------------------------//
+---------------------------------+
A buffer overflow exists in the telnet portion of Kerberos that could
provide root access to local users. MDKSA-2001:068 provided a similar fix
to the normal telnet packages, but the Kerberized equivalent was not
updated previously.
Mandrake:
PLEASE SEE VENDOR ADVISORY
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1755.html
+---------------------------------+
| libgtop | ----------------------------//
+---------------------------------+
A remote format string vulnerability was found in the libgtop daemon by
Laboratory intexxia. By sending a specially crafted format string to the
server, a remote attacker could potentially execute arbitrary code on the
remote system with the daemon's permissions.
Mandrake Linux 8.0:
8.0/RPMS/libgtop1-1.0.12-4.1mdk.i586.rpm
2a063541aa9f9a100dd4c65b732224fd
8.0/RPMS/libgtop1-devel-1.0.12-4.1mdk.i586.rpm
fb4cfb4b72e16121a6dab24e093b1de3
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1763.html
+---------------------------------+
| glibc | ----------------------------//
+---------------------------------+
While researching the recent globbing bugs in wu-ftpd, Flavio Veloso
discovered (with the assistance of Jakub Jelinek ) a buffer overflow in
glibc's glob(3) implementation. This vulnerability can only be triggered
by programs that use glibc's globbing functions.
EnGarde:
http://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/glibc-2.1.3-1.0.4.i386.rpm
MD5 Sum: 6a59be712e55c3da6e027ba44599ab9e
i686/glibc-2.1.3-1.0.4.i386.rpm
MD5 Sum: 6a59be712e55c3da6e027ba44599ab9e
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1752.html
Immunix:
PLEASE SEE VENDOR ADVISORY
Immunix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1757.html
Trustix:
PLEASE SEE VENDOR ADVISORY
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1760.html
Red Hat:
PLEASE SEE VENDOR ADVISORY
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1750.html
+---------------------------------+
| Trustix kernel | ----------------------------//
+---------------------------------+
The 2.2.20 release of the Linux kernel fixes a number of bugs. In addition
there are some driver updates and SMP fixes in this package.
PLEASE SEE ADVISORY FOR UPDATE
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1762.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 24 2001 - 06:08:16 PST