[ISN] Linux Advisory Watch - October 22nd 2004

From: InfoSec News (isn@private)
Date: Mon Oct 25 2004 - 02:58:55 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  October 22nd, 2004                           Volume 5, Number 42a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for libtiff, libpng, ecartis, cupsys,
BNC, phpMyAdmin, Squid, PostgreSQL, Ghostscript, glibc, mod_ssl, mozilla,
cvs, gaim, wxGTK2, squid, wxGTK2, xpdf, gpdf, kdegraphics, ImageMagick,
and mysql.  The distributors include Conectiva, Debian, Fedora, Gentoo,
Mandrake, Red Hat, SuSE, and Trustix.

-----
>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
-----

xlock and vlock

If you wander away from your machine from time to time, it is nice to be
able to "lock" your console so that no one tampers with or looks at your
work. Two programs that do this are: xlock and vlock.

Xlock is a X display locker. It should be included in any Linux
distributions that support X. Check out the man page for it for more
options, but in general you can run xlock from any xterm on your console
and it will lock the display and require your password to unlock.

vlock is a simple little program that allows you to lock some or all of
the virtual consoles on your Linux box. You can lock just the one you are
working in or all of them. If you just lock one, others can come in and
use the console, they will just not be able to use your virtual TTY until
you unlock it. vlock ships with Red Hat Linux, but your mileage may vary.

Of course locking your console will prevent someone from tampering with
your work, but does not prevent them from rebooting your machine or
otherwise disrupting your work. It also does not prevent them from
accessing your machine from another machine on the network and causing
problems.

More importantly, it does not prevent someone from switching out of the X
Window System entirely, and going to a normal virtual console login
prompt, or to the VC that X11 was started from, and suspending it, thus
obtaining your privileges.  For this reason, you might consider only using
it while under control of xdm.  At the very least, start X in the
background, and log out of the console

Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html

Written by: Dave Wreski (dave@private)

-----

Mass deploying Osiris

Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system.  A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people.  The communication is all done over an encrypted
communication channel.

http://www.linuxsecurity.com/feature_stories/feature_story-175.html

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 10/18/2004 - gtk+ image loading vulnerabilities fix


   A vulnerability found in the gdk-pixbuf bmp loader could allow a
   specially crafted BMP image to hang applications in an infinite
   loop (CAN-2004-0753[2]).
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4965.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 10/15/2004 - libtiff
   remote code execution fix

   Several problems have been discovered in libtiff, the Tag Image
   File Format library for processing TIFF graphics files.  An
   attacker could prepare a specially crafted TIFF graphic that would
   cause the client to execute arbitrary code or crash.
   http://www.linuxsecurity.com/advisories/debian_advisory-4960.html

 10/16/2004 - cyrus-sasl-mit arbitrary code execution fix
   remote code execution fix

   A vulnerability has been discovered in the Cyrus implementation of
   the SASL library, the Simple Authentication and Security Layer, a
   method for adding authentication support to connection-based
   protocols.
   http://www.linuxsecurity.com/advisories/debian_advisory-4961.html

 10/18/2004 - netkit-telnet-ssl denial of service fix
   remote code execution fix

   Michal Zalewski discovered a bug in the netkit-telnet server
   (telnetd) whereby a remote attacker could cause the telnetd
   process to free an invalid pointer.
   http://www.linuxsecurity.com/advisories/debian_advisory-4963.html

 10/18/2004 - netkit-telnet denial of service real fix
   remote code execution fix

   Michal Zalewski discovered a bug in the netkit-telnet server
   (telnetd) whereby a remote attacker could cause the telnetd
   process to free an invalid pointer.
   http://www.linuxsecurity.com/advisories/debian_advisory-4964.html

 10/20/2004 - libpng
   several vulnerabilities fix

   Several integer overflows have been discovered by its upstream
   developers in libpng, a commonly used library to display PNG
   graphics. They could be exploited to cause arbitrary code to be
   executed when a specially crafted PNG image is processed.
   http://www.linuxsecurity.com/advisories/debian_advisory-4974.html

 10/20/2004 - libpng3
   several vulnerabilities fix

   Several integer overflows have been discovered by its upstream
   developers in libpng, a commonly used library to display PNG
   graphics. They could be exploited to cause arbitrary code to be
   executed when a specially crafted PNG image is processed.
   http://www.linuxsecurity.com/advisories/debian_advisory-4975.html

 10/21/2004 - ecartis
   unauthorised access to admin interface fix

   A problem has been discovered in ecartis, a mailing-list manager,
   which allows an attacker in the same domain as the list admin to
   gain administrator privileges and alter list settings.
   http://www.linuxsecurity.com/advisories/debian_advisory-4986.html

 10/21/2004 - cupsys
   arbitrary code execution fix

   Chris Evans discovered several integer overflows in xpdf, that are
   also present in CUPS, the Common UNIX Printing System, which can
   be exploited remotely by a specially crafted PDF document.
   http://www.linuxsecurity.com/advisories/debian_advisory-4988.html


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

 10/15/2004 - gimp-2.0.5-0.fc2.3 update
   arbitrary code execution fix

   A brown paper bag release -- I missed that 1bpp and 24bpp are also
   valid for BMP.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4958.html

 10/18/2004 - glib2-2.4.7-1.1 update
   arbitrary code execution fix

   Glib 2.4.7 contains many bug fixes, notably a fix for bug 126666.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4966.html

 10/18/2004 - gtk2-2.4.13-2.1 update
   arbitrary code execution fix

   GTK+ 2.4.13 contains many bug fixes, with an emphasis on making
   the new file chooser work better.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4967.html

 10/21/2004 - tzdata-2004e-1.fc2 update
   arbitrary code execution fix

   Previous tzdata-2004e-1.fc2 announcement from 2004-10-12 had wrong
   md5sums (before signing).
   http://www.linuxsecurity.com/advisories/fedora_advisory-4991.html

 10/21/2004 - xpdf-3.00-3.4 update
   arbitrary code execution fix

   Chris Evans and others discovered a number of integer overflow
   bugs that affected all versions of xpdf. An attacker could
   construct a carefully crafted PDF file that could cause xpdf to
   crash or possibly execute arbitrary code when opened.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4992.html

 10/21/2004 - openoffice.org-1.1.2-10.fc2 update
   arbitrary code execution fix

   This update is equivalent to the Fedora Core 3 version of
   OpenOffice.org.  The changes since the previous version of
   OpenOffice.org in Fedora Core 2 are too numerous to list here, but
   there are quite a few notable improvements.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4996.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 10/15/2004 - BNC
   Input validation flaw

   BNC contains an input validation flaw which might allow a remote
   attacker to issue arbitrary IRC related commands.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4957.html

 10/18/2004 - phpMyAdmin
   Vulnerability in MIME-based transformation system

   A vulnerability has been found in the MIME-based transformation
   system of phpMyAdmin, which may allow remote execution of
   arbitrary commands if PHP's "safe mode" is disabled.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4962.html

 10/18/2004 - Squid
   Remote DoS vulnerability

   Squid contains a vulnerability in the SNMP module which may lead
   to a denial of service.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4968.html

 10/18/2004 - PostgreSQL
   Insecure temporary file use in make_oidjoins_check

   The make_oidjoins_check script, part of the PostgreSQL package, is
   vulnerable to symlink attacks, potentially allowing a local user
   to overwrite arbitrary files with the rights of the user running
   the utility.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4969.html

 10/20/2004 - OpenOffice.org Temporary files disclosure
   Insecure temporary file use in make_oidjoins_check

   OpenOffice.org uses insecure temporary files which could allow a
   malicious local user to gain knowledge of sensitive information
   from other users' documents.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4982.html

 10/20/2004 - Ghostscript
   Insecure temporary file use in multiple scripts

   Multiple scripts in the Ghostscript package are vulnerable to
   symlink attacks, potentially allowing a local user to overwrite
   arbitrary files with the rights of the user running the script.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4983.html

 10/21/2004 - glibc
   Insecure tempfile handling in catchsegv script

   The catchsegv script in the glibc package is vulnerable to symlink
   attacks, potentially allowing a local user to overwrite arbitrary
   files with the rights of the user running the script.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4989.html

 10/21/2004 - CUPS
   Multiple integer overflows

   Multiple integer overflows were discovered in Xpdf, potentially
   resulting in execution of arbitrary code upon viewing a malicious
   PDF file. CUPS includes Xpdf code and therefore is vulnerable to
   the same issues.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4990.html

 10/21/2004 - mod_ssl
   Bypass of SSLCipherSuite directive

   In certain configurations, it can be possible to bypass
   restrictions set by the "SSLCipherSuite" directive of mod_ssl.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4995.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 10/20/2004 - mozilla
   update fix

   A number of vulnerabilities were fixed in mozilla 1.7.3.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4971.html

 10/20/2004 - libtiff
   update fix

   Several vulnerabilities have been discovered in the libtiff
   package.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4972.html

 10/20/2004 - cvs
   update fix

   iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an
   undocumented switch implemented in CVS' history command.  The -X
   switch specifies the name of the history file which allows an
   attacker to determine whether arbitrary system files and
   directories exist and whether or not the CVS process has access to
   them.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4973.html

 10/20/2004 - libtiff
   multiple vulnerabilities fix

   Several vulnerabilities have been discovered in the libtiff
   package.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4976.html

 10/21/2004 - cvs
   vulnerability fix

   iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an
   undocumented switch implemented in CVS' history command.  The -X
   switch specifies the name of the history file which allows an
   attacker to determine whether arbitrary system files and
   directories exist and whether or not the CVS process has access to
   them.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4984.html

 10/21/2004 - mozilla
   vulnerabilities fix

   A number of vulnerabilities were fixed in mozilla 1.7.3.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4985.html

 10/21/2004 - gaim
   vulnerabilities fix

   More vulnerabilities in gaim include nstalling smiley themes could
   allow remote attackers to execute arbitrary commands via shell
   metacharacters in the filename of the tar file that is dragged to
   the smiley selector.  There is also a buffer overflow in the way
   gaim handles receiving very long URLs.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4993.html

 10/21/2004 - wxGTK2
   vulnerabilities fix

   Several vulnerabilities have been discovered in the libtiff
   package; wxGTK2 uses a libtiff code tree, so it may have the same
   vulnerabilities.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4994.html

 10/21/2004 - squid
   SNMP processing vulnerability fix

   iDEFENSE discovered a Denial of Service vulnerability in squid
   version 2.5.STABLE6 and previous.  The problem is due to an ASN1
   parsing error where certain header length combinations can slip
   through the validations performed by the ASN1 parser, leading to
   the server assuming there is heap corruption or some other
   exceptional condition, and closing all current connections then
   restarting.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4997.html

 10/21/2004 - wxGTK2
   vulnerabilities fix

   Several vulnerabilities have been discovered in the libtiff
   package; wxGTK2 uses a libtiff code tree, so it may have the same
   vulnerabilities.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4998.html

 10/21/2004 - gaim
   vulnerabilities fix

   More vulnerabilities have been discovered in the gaim instant
   messenger client.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4999.html

 10/22/2004 - xpdf
   vulnerabilities fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package which can result in DOS or possibly arbitrary code
   execution.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5000.html

 10/22/2004 - gpdf
   DoS vulnerability fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code, such
   as gpdf.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5001.html

 10/22/2004 - cups
   DoS vulnerabilities fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5002.html

 10/22/2004 - kdegraphics
   DoS vulnerability fix

   Chris Evans discovered numerous vulnerabilities in the xpdf
   package, which also effect software using embedded xpdf code, such
   as kpdf.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-5003.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 10/20/2004 - ImageMagick
   security vulnerabilities fix

   Updated ImageMagick packages that fix various security
   vulnerabilities are now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4977.html

 10/20/2004 - mysql
   minor security issues and bugs fix

   Updated mysql packages that fix various temporary file security
   issues, as well as a number of bugs, are now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4978.html

 10/20/2004 - squid
   vulnerability fix

   An updated squid package that fixes a remote denial of service
   vulnerability is now avaliable.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4979.html

 10/20/2004 - mysql
   security issues and bugs fixes

   Updated mysql packages that fix various security issues, as well
   as a number of bugs, are now available for Red Hat Enterprise
   Linux 2.1.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4980.html

 10/20/2004 - gaim
   security issues and bugs fixes

   An updated gaim package that fixes security issues, fixes various
   bugs, and includes various enhancements for Red Hat Enterprise
   Linux 3 is now avaliable.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4981.html


+---------------------------------+
|  Distribution: Suse             | ----------------------------//
+---------------------------------+

 10/21/2004 - kernel
   remote denial of service

   An integer underflow problem in the iptables firewall logging
   rules can allow a remote attacker to crash the machine by using a
   handcrafted IP packet. This attack is only possible with
   firewalling enabled.
   http://www.linuxsecurity.com/advisories/suse_advisory-4987.html


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 10/15/2004 - libtiff, mysql, squid, cyrus-sasl Multiple security
 vulnerabilities
   remote denial of service

   Multiple security vulnerabilities in mysql, squid, cyrus-sasl and
   libtiff.
   http://www.linuxsecurity.com/advisories/trustix_advisory-4959.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Oct 25 2004 - 07:10:21 PDT