[ISN] Linux Advisory Watch - February 7th 2003

From: InfoSec News (isnat_private)
Date: Mon Feb 10 2003 - 00:34:20 PST

  • Next message: InfoSec News: "Re: [ISN] Terrorist group claims responsibility for Slammer"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  February 7th, 2002                        Volume 4, Number 6a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for cvs, mcrypt, slocate, qt-dcgui,
    bladeenc, cim, mysql, kernel, kerberos, php, OpenLDAP, windowmaker, xpdf.
    The distributors include Caldera, Conectiva, FreeBSD, Gentoo, Mandrake,
    and Red Hat.
    
    -- FREE Apache SSL Guide from Thawte Certification --
    Do your online customers demand the best available protection of their
    personal information? Thawte's guide explains how to give this to your
    customers by implementing SSL on your Apache Web Server. Click here to get
    our FREE Thawte Apache Guide.
    
      http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte8
    
    Review: Absolute PC Security and Privacy - Miller never knew much about
    viruses, or took them seriously, until a friend got infected and it turned
    out to be more of a nuisance than he thought. So he decided to write a
    book about them. And also about spam, since he was annoyed by that, too.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-136.html
    
    ---------------------------------------------------------------------
    
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
    
    ---------------------------------------------------------------------
    
    
    Review: Mastering Network Security, Second Edition - The introduction
    states that this book is aimed at systems administrators who are not
    security experts, but have some responsibility for ensuring the integrity
    of their systems. That would seem to cover most sysadmins.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-137.html
    
    
    +---------------------------------+
    |  Package:  cvs                  | ----------------------------//
    |  Date: 01-31-2003               |
    +---------------------------------+
    
    Description:
    Double-free vulnerabiity in CVS allows remote attackers to cause a denial
    of service and possibly execute arbitrary code via a malformed Directory
    request.
    
    Vendor Alerts:
    
     Caldera:
      ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
      Workstation/CSSA-2003-006.0/RPMS
      adbac35ec6 cvs-1.11-9.i386.rpm
      73dee39f6543079466e6d7
    
      Caldera Vendor Advisory:
      http://www.linuxsecurity.com/advisories/caldera_advisory-2826.html
    
    
      FreeBSD Vendor Advisory:
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2833.html
    
    
    
    +---------------------------------+
    |  Package:  mcrypt               | ----------------------------//
    |  Date: 02-02-2003               |
    +---------------------------------+
    
    Description:
    Ilia Alshanetsky found[1] several buffer overflows vulnerabilities[2] in
    libmcrypt. These vulnerabilities basically consist of improper or lack of
    validation for some input (which in some scenarios can came from a local
    user or from a network connection).
    
    Vendor Alerts:
    
     Conectiva:
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      mcrypt-2.4.18-3U80_1cl.i386.rpm
    
      Conectiva Vendor Advisory:
    
      http://www.linuxsecurity.com/advisories/connectiva_advisory-2836.html
    
    
    
    
    +---------------------------------+
    |  Package:  slocate              | ----------------------------//
    |  Date: 02-02-2003               |
    +---------------------------------+
    
    Description:
    "The overflow appears when the slocate is runned with two parameters: -c
    and -r, using as arguments a 1024 (or 10240, as Knight420 has informed us
    earlier) bytes string."
    
    Vendor Alerts:
    
     Gentoo:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2828.html
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2838.html
    
    
    
    
    +---------------------------------+
    |  Package:  qt-dcgui             | ----------------------------//
    |  Date: 02-02-2003               |
    +---------------------------------+
    
    Description:
    "All versions < 0.2.2 have a major security vulnerability in the directory
    parser. This bug allow a remote attacker to download files outside the
    sharelist. It's recommend that you upgrade the packages immediatly."
    
    Vendor Alerts:
    
     Gentoo:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2831.html
    
    
    
    
    +---------------------------------+
    |  Package:  bladeenc             | ----------------------------//
    |  Date: 02-05-2003               |
    +---------------------------------+
    
    Description:
    "A wave file let the attacker to execute all the code he want on the
    victim"
    
    Vendor Alerts:
    
     Gentoo:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2834.html
    
    
    
    +---------------------------------+
    |  Package:  vim                  | ----------------------------//
    |  Date: 02-03-2003               |
    +---------------------------------+
    
    Description:
    A vulnerability was discovered in vim by Georgi Guninski that allows
    arbitrary command execution using the libcall feature found in modelines.
    A patch to fix this problem was introduced in vim 6.1 patchlevel 265.
    This patch has been applied to the provided update packages.
    
    Vendor Alerts:
    
     Mandrake:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2829.html
    
    
    
    +---------------------------------+
    |  Package:  mysql                | ----------------------------//
    |  Date: 02-03-2003               |
    +---------------------------------+
    
    Description:
    Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed
    a DoS vulnerability in the recently released 3.23.55 version of MySQL.  A
    double free() pointer bug in the ysql_change_user() handling would allow a
    specially hacked mysql client to crash the main mysqld server.  This
    vulnerability can only be exploited by first logging in with a valid user
    account.
    
    Vendor Alerts:
    
     Mandrake:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2829.html
    
    
    
    
    +---------------------------------+
    |  Package:  kernel               | ----------------------------//
    |  Date: 02-05-2003               |
    +---------------------------------+
    
    Description:
    An updated kernel for 9.0 is available with a number of bug fixes.
    Supermount has been completely overhauled and should be solid on all
    systems.  Other fixes include XFS with high memory, a netfilter fix, a fix
    for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA
    C3 is included.  Prism24 has been updated so it now works properly on HP
    laptops and a new ACPI is included, although it is disabled by default for
    broader compatibility.
    
    Vendor Alerts:
    
     Mandrake:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2837.html
    
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2832.html
    
    
    
    
    +---------------------------------+
    |  Package:  kerberos             | ----------------------------//
    |  Date: 02-05-2003               |
    +---------------------------------+
    
    Description:
    A problem has been found in the Kerberos ftp client. When retrieving a
    file with a filename beginning with a pipe character, the ftp client will
    pass the filename to the command shell in a system() call. This could
    allow a malicious ftp server to write to files outside of the current
    directory or execute commands as the user running the ftp client.
    
    Vendor Alerts:
    
     Red Hat:
      ftp://updates.redhat.com/8.0/en/os/i386/
      krb5-devel-1.2.5-8.i386.rpm
      9e91371e397a6eec059a1b5e3139f3ef
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      krb5-libs-1.2.5-8.i386.rpm
      a830d26d187e18be678ee12722eec485
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      krb5-server-1.2.5-8.i386.rpm
      fd353f875ea9edc4375af13ba80ae38f
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      krb5-workstation-1.2.5-8.i386.rpm
      70b04bf0aa7662af6704ce0223ebb914
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2825.html
    
    
    
    
    +---------------------------------+
    |  Package:  php                  | ----------------------------//
    |  Date: 02-04-2003               |
    +---------------------------------+
    
    Description:
    A heap-based buffer overflow was found in the wordwrap() function in PHP
    versions after 4.1.2 and before 4.3.0.  If wordwrap() is used on
    user-supplied input this could allow remote attackers to cause a denial of
    service or execute arbitrary code.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2835.html
    
    
    
    +---------------------------------+
    |  Package:  OpenLDAP             | ----------------------------//
    |  Date: 02-05-2003               |
    +---------------------------------+
    
    Description:
    Updated openldap packages are available which fix a number of local and
    remote buffer overflows in libldap and the slapd and slurpd servers, and
    potential issues stemming from using user-specified LDAP configuration
    files.
    
    Vendor Alerts:
    
     Red Hat:
      ftp://updates.redhat.com/8.0/en/os/i386/
      openldap-2.0.27-2.8.0.i386.rpm
      f6ffab19ae521c65396cc76d0a64c2c9
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      openldap-clients-2.0.27-2.8.0.i386.rpm
      3e12f7f0aacca920d60fc39766b7d3e5
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      openldap-devel-2.0.27-2.8.0.i386.rpm
      351bd4cea012a1517ded0c03a4512c48
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      openldap-servers-2.0.27-2.8.0.i386.rpm
      a5b8e07d9f13a98aaf1bf999d6672efc
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      openldap12-1.2.13-9.i386.rpm
      0e5cbc3c9eb9136169caefed4dadd7c6
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2839.html
    
    
    
    
    +---------------------------------+
    |  Package:  windowmaker          | ----------------------------//
    |  Date: 02-05-2003               |
    +---------------------------------+
    
    Description:
    Al Viro found a buffer overflow in Window Maker 0.80.0 and earlier which
    may allow remote attackers to execute arbitrary code via a certain image
    file that is not properly handled when Window Maker uses width and height
    information to allocate a buffer.  This could be exploited for example by
    a user opening a malicious theme.
    
    Vendor Alerts:
    
     Red Hat:
      ftp://updates.redhat.com/8.0/en/os/i386/
      WindowMaker-0.80.1-5.i386.rpm
      b141fe5b3e1ab0d2d41f4e77e1ce8fe0
    
      ftp://updates.redhat.com/8.0/en/os/i386/
      WindowMaker-libs-0.80.1-5.i386.rpm
      a440f228734840d5ce3f25e9f3ef465c
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2840.html
    
    
    
    
    +---------------------------------+
    |  Package:  xpdf                 | ----------------------------//
    |  Date: 02-06-2003               |
    +---------------------------------+
    
    Description:
    During an audit of CUPS, a printing system, Zen Parsec found an integer
    overflow vulnerability in the pdftops filter.  Since the code for pdftops
    is taken from the Xpdf project, all versions of Xpdf including 2.01 are
    also vulnerable to this issue.  An attacker could create a PDF file that
    could execute arbitrary code.  This could would have the same access
    privileges as the user who viewed the file with Xpdf.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2841.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 03:05:09 PST