+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 18th, 2003 Volume 4, Number 15a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for openssl, mutt, ethereal, xfsdump,
kdegraphics, lprng, gs-common, epic, lpr, rinetd, glibc, evolution,
gdkhtml, eyeofgnome, samba, and krb5. The distributors include Conectiva,
Debian, Immunix, Mandrake, Red Hat, and Turbo Linux.
SECURE YOUR APACHE SERVERS WITH 128-BIT SSL ENCRYPTION
Guarantee transmitted data integrity; secure all communication sessions
and more with SSL encryption from Thawte - a leading global certificate
provider for the Open Source community. Learn more in our FREE GUIDE Click
here to get it now!
--> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte14
--------------------------------------------------------------------
LinuxSecurity Feature Extras:
Making It Big: Large Scale Network Forensics (Part 2 of 2) - Proper
methodology for computer forensics would involve a laundry-list of
actions and thought processes that an investigator needs to consider
in order to have the basics covered.
http://www.linuxsecurity.com/feature_stories/feature_story-140.html
--------------------------------------------------------------------
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail
Suite is unparalleled in security, ease of management, and features.
Open source technology constantly adapts to new threats. Email
firewall, simplified administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
--------------------------------------------------------------------
Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer
forensics have hit the big time. A previously superniche technology,
forensics have moved into the collective consciousness of IT sys. admins.
and Corporate CSOs.
http://www.linuxsecurity.com/feature_stories/feature_story-139.html
+---------------------------------+
| Package: openssl | ----------------------------//
+---------------------------------+
Description:
There are multiple vulnerabilities in OpenSSL.
Vendor Alerts:
Conectiva:
Contectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3155.html
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3183.html
+---------------------------------+
| Package: mutt | ----------------------------//
+---------------------------------+
Description:
There is a buffer overflow vulnerability in the mutt code that
handles IMAP folders.
Vendor Alerts:
Conectiva:
Contectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3168.html
+---------------------------------+
| Package: ethereal | ----------------------------//
+---------------------------------+
Description:
There are multiple vulnerablilites in ethereal.
Vendor Alerts:
Conectiva:
Contectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3182.html
+---------------------------------+
| Package: xfsdump | ----------------------------//
+---------------------------------+
Description:
Ethan Benson discovered a problem in xfsdump, that contains
administrative utilities for the XFS filesystem. When filesystem
quotas are enabled xfsdump runs xfsdq to save the quota information
into a file at the root of the filesystem being dumped. The manner
in which this file is created is unsafe.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3156.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3185.html
+---------------------------------+
| Package: kdegraphics | ----------------------------//
+---------------------------------+
Description:
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript
software for processing of PostScript (PS) and PDF files. An attacker
could provide a malicious PostScript or PDF file via mail or websites that
could lead to executing arbitrary commands under the privileges of the
user viewing the file or when the browser generates a directory listing
with thumbnails.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3163.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3171.html
http://www.linuxsecurity.com/advisories/gentoo_advisory-3165.html
Turbo Linux:
Turbo Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3160.html
+---------------------------------+
| Package: lprng | ----------------------------//
+---------------------------------+
Description:
Karol Lewandowski discovered that psbanner, a printer filter that creates
a PostScript format banner and is part of LPRng, insecurely creates a
temporary file for debugging purpose when it is configured as filter.
The program does not check whether this file already exists or is linked
to another place writes its current environment and called arguments to
the file unconditionally with the user id daemon.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3164.html
+---------------------------------+
| Package: gs-common | ----------------------------//
+---------------------------------+
Description:
Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a
script that is distributed as part of gs-common which contains common
files for different Ghostscript releases. ps2epsiuses a temporary file in
the process of invoking ghostscript. This file was created in an insecure
fashion, which could allow a local attacker to overwrite files owned by a
user who invokes ps2epsi.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3169.html
+---------------------------------+
| Package: epic | ----------------------------//
+---------------------------------+
Description:
Timo Sirainen discovered several problems in EPIC, a popular client for
Internet Relay Chat (IRC). A malicious server could craft special reply
strings, triggering the client to write beyond buffer boundaries. This
could lead to a denial of service if the client only crashes, but may also
lead to executing of arbitrary code under the user id of the chatting
user.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3170.html
+---------------------------------+
| Package: lpr | ----------------------------//
+---------------------------------+
Description:
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer
spooling system. This problem can be exploited by a local user to gain
root privileges, even if the printer system is set up properly.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3176.html
+---------------------------------+
| Package: rinetd | ----------------------------//
+---------------------------------+
Description:
Sam Hocevar discovered a security problem in rinetd, an IP connection
redirection server. When the connection list is full, rinetd resizes the
list in order to store the new incoming connection. However, this is done
improperly, resulting in a denial of service and potentially execution of
arbitrary code.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3184.html
+---------------------------------+
| Package: glibc | ----------------------------//
+---------------------------------+
Description:
Researchers at eEye Digital Security have found integer overflow flaws in
the XDR library typically used with Sun RPC. While there are no known
exploits for this problem circulating, we recommend upgrading as soon as
possible, as it is unlikely StackGuard will prevent exploitation of this
flaw. Upgrading is especially important for sites using RPC services.
Vendor Alerts:
Immunix:
Immunix Vendor Advisory:
http://www.linuxsecurity.com/advisories/immunix_advisory-3178.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3167.html
+---------------------------------+
| Package: evolution | ----------------------------//
+---------------------------------+
Description:
Several vulnerabilities were discovered in the Evolution email client.
These problems make it possible for a carefully constructed email message
to crash the program, causing general system instability by starving
resources.
Vendor Alerts:
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3179.html
+---------------------------------+
| Package: gtkhtml | ----------------------------//
+---------------------------------+
Description:
A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution
email client. GtkHTML is used to handle HTML messages in Evolution and
certain malformed messages could cause Evolution to crash due to this bug.
Vendor Alerts:
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3180.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3172.html
+---------------------------------+
| Package: eyeofgnome | ----------------------------//
+---------------------------------+
Description:
A vulnerability was discovered in the Eye of GNOME (EOG) program, version
2.2.0 and earlier, that is used for displaying graphics. A carefully
crafted filename passed to eog could lead to the execution of arbitrary
code as the user executing eog.
Vendor Alerts:
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3186.html
+---------------------------------+
| Package: samba | ----------------------------//
+---------------------------------+
Description:
A buffer overrun condition exists in the samba SMB protocol
implementation. These vulnerabilities may allow remote attackers to gain
the root privileges.
Vendor Alerts:
Turbo Linux:
Turbo Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3159.html
+---------------------------------+
| Package: krb5 | ----------------------------//
+---------------------------------+
Description:
These vulnerabilities may allow remote attackers to gain the realm and to
cause a denial of krb5 service.
Vendor Alerts:
Turbo Linux:
Turbo Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3181.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Apr 21 2003 - 02:57:50 PDT