+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 22nd, 2004 Volume 5, Number 42a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for libtiff, libpng, ecartis, cupsys,
BNC, phpMyAdmin, Squid, PostgreSQL, Ghostscript, glibc, mod_ssl, mozilla,
cvs, gaim, wxGTK2, squid, wxGTK2, xpdf, gpdf, kdegraphics, ImageMagick,
and mysql. The distributors include Conectiva, Debian, Fedora, Gentoo,
Mandrake, Red Hat, SuSE, and Trustix.
-----
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
-----
xlock and vlock
If you wander away from your machine from time to time, it is nice to be
able to "lock" your console so that no one tampers with or looks at your
work. Two programs that do this are: xlock and vlock.
Xlock is a X display locker. It should be included in any Linux
distributions that support X. Check out the man page for it for more
options, but in general you can run xlock from any xterm on your console
and it will lock the display and require your password to unlock.
vlock is a simple little program that allows you to lock some or all of
the virtual consoles on your Linux box. You can lock just the one you are
working in or all of them. If you just lock one, others can come in and
use the console, they will just not be able to use your virtual TTY until
you unlock it. vlock ships with Red Hat Linux, but your mileage may vary.
Of course locking your console will prevent someone from tampering with
your work, but does not prevent them from rebooting your machine or
otherwise disrupting your work. It also does not prevent them from
accessing your machine from another machine on the network and causing
problems.
More importantly, it does not prevent someone from switching out of the X
Window System entirely, and going to a normal virtual console login
prompt, or to the VC that X11 was started from, and suspending it, thus
obtaining your privileges. For this reason, you might consider only using
it while under control of xdm. At the very least, start X in the
background, and log out of the console
Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@private)
-----
Mass deploying Osiris
Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system. A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people. The communication is all done over an encrypted
communication channel.
http://www.linuxsecurity.com/feature_stories/feature_story-175.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
10/18/2004 - gtk+ image loading vulnerabilities fix
A vulnerability found in the gdk-pixbuf bmp loader could allow a
specially crafted BMP image to hang applications in an infinite
loop (CAN-2004-0753[2]).
http://www.linuxsecurity.com/advisories/conectiva_advisory-4965.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
10/15/2004 - libtiff
remote code execution fix
Several problems have been discovered in libtiff, the Tag Image
File Format library for processing TIFF graphics files. An
attacker could prepare a specially crafted TIFF graphic that would
cause the client to execute arbitrary code or crash.
http://www.linuxsecurity.com/advisories/debian_advisory-4960.html
10/16/2004 - cyrus-sasl-mit arbitrary code execution fix
remote code execution fix
A vulnerability has been discovered in the Cyrus implementation of
the SASL library, the Simple Authentication and Security Layer, a
method for adding authentication support to connection-based
protocols.
http://www.linuxsecurity.com/advisories/debian_advisory-4961.html
10/18/2004 - netkit-telnet-ssl denial of service fix
remote code execution fix
Michal Zalewski discovered a bug in the netkit-telnet server
(telnetd) whereby a remote attacker could cause the telnetd
process to free an invalid pointer.
http://www.linuxsecurity.com/advisories/debian_advisory-4963.html
10/18/2004 - netkit-telnet denial of service real fix
remote code execution fix
Michal Zalewski discovered a bug in the netkit-telnet server
(telnetd) whereby a remote attacker could cause the telnetd
process to free an invalid pointer.
http://www.linuxsecurity.com/advisories/debian_advisory-4964.html
10/20/2004 - libpng
several vulnerabilities fix
Several integer overflows have been discovered by its upstream
developers in libpng, a commonly used library to display PNG
graphics. They could be exploited to cause arbitrary code to be
executed when a specially crafted PNG image is processed.
http://www.linuxsecurity.com/advisories/debian_advisory-4974.html
10/20/2004 - libpng3
several vulnerabilities fix
Several integer overflows have been discovered by its upstream
developers in libpng, a commonly used library to display PNG
graphics. They could be exploited to cause arbitrary code to be
executed when a specially crafted PNG image is processed.
http://www.linuxsecurity.com/advisories/debian_advisory-4975.html
10/21/2004 - ecartis
unauthorised access to admin interface fix
A problem has been discovered in ecartis, a mailing-list manager,
which allows an attacker in the same domain as the list admin to
gain administrator privileges and alter list settings.
http://www.linuxsecurity.com/advisories/debian_advisory-4986.html
10/21/2004 - cupsys
arbitrary code execution fix
Chris Evans discovered several integer overflows in xpdf, that are
also present in CUPS, the Common UNIX Printing System, which can
be exploited remotely by a specially crafted PDF document.
http://www.linuxsecurity.com/advisories/debian_advisory-4988.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
10/15/2004 - gimp-2.0.5-0.fc2.3 update
arbitrary code execution fix
A brown paper bag release -- I missed that 1bpp and 24bpp are also
valid for BMP.
http://www.linuxsecurity.com/advisories/fedora_advisory-4958.html
10/18/2004 - glib2-2.4.7-1.1 update
arbitrary code execution fix
Glib 2.4.7 contains many bug fixes, notably a fix for bug 126666.
http://www.linuxsecurity.com/advisories/fedora_advisory-4966.html
10/18/2004 - gtk2-2.4.13-2.1 update
arbitrary code execution fix
GTK+ 2.4.13 contains many bug fixes, with an emphasis on making
the new file chooser work better.
http://www.linuxsecurity.com/advisories/fedora_advisory-4967.html
10/21/2004 - tzdata-2004e-1.fc2 update
arbitrary code execution fix
Previous tzdata-2004e-1.fc2 announcement from 2004-10-12 had wrong
md5sums (before signing).
http://www.linuxsecurity.com/advisories/fedora_advisory-4991.html
10/21/2004 - xpdf-3.00-3.4 update
arbitrary code execution fix
Chris Evans and others discovered a number of integer overflow
bugs that affected all versions of xpdf. An attacker could
construct a carefully crafted PDF file that could cause xpdf to
crash or possibly execute arbitrary code when opened.
http://www.linuxsecurity.com/advisories/fedora_advisory-4992.html
10/21/2004 - openoffice.org-1.1.2-10.fc2 update
arbitrary code execution fix
This update is equivalent to the Fedora Core 3 version of
OpenOffice.org. The changes since the previous version of
OpenOffice.org in Fedora Core 2 are too numerous to list here, but
there are quite a few notable improvements.
http://www.linuxsecurity.com/advisories/fedora_advisory-4996.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
10/15/2004 - BNC
Input validation flaw
BNC contains an input validation flaw which might allow a remote
attacker to issue arbitrary IRC related commands.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4957.html
10/18/2004 - phpMyAdmin
Vulnerability in MIME-based transformation system
A vulnerability has been found in the MIME-based transformation
system of phpMyAdmin, which may allow remote execution of
arbitrary commands if PHP's "safe mode" is disabled.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4962.html
10/18/2004 - Squid
Remote DoS vulnerability
Squid contains a vulnerability in the SNMP module which may lead
to a denial of service.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4968.html
10/18/2004 - PostgreSQL
Insecure temporary file use in make_oidjoins_check
The make_oidjoins_check script, part of the PostgreSQL package, is
vulnerable to symlink attacks, potentially allowing a local user
to overwrite arbitrary files with the rights of the user running
the utility.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4969.html
10/20/2004 - OpenOffice.org Temporary files disclosure
Insecure temporary file use in make_oidjoins_check
OpenOffice.org uses insecure temporary files which could allow a
malicious local user to gain knowledge of sensitive information
from other users' documents.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4982.html
10/20/2004 - Ghostscript
Insecure temporary file use in multiple scripts
Multiple scripts in the Ghostscript package are vulnerable to
symlink attacks, potentially allowing a local user to overwrite
arbitrary files with the rights of the user running the script.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4983.html
10/21/2004 - glibc
Insecure tempfile handling in catchsegv script
The catchsegv script in the glibc package is vulnerable to symlink
attacks, potentially allowing a local user to overwrite arbitrary
files with the rights of the user running the script.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4989.html
10/21/2004 - CUPS
Multiple integer overflows
Multiple integer overflows were discovered in Xpdf, potentially
resulting in execution of arbitrary code upon viewing a malicious
PDF file. CUPS includes Xpdf code and therefore is vulnerable to
the same issues.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4990.html
10/21/2004 - mod_ssl
Bypass of SSLCipherSuite directive
In certain configurations, it can be possible to bypass
restrictions set by the "SSLCipherSuite" directive of mod_ssl.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4995.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
10/20/2004 - mozilla
update fix
A number of vulnerabilities were fixed in mozilla 1.7.3.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4971.html
10/20/2004 - libtiff
update fix
Several vulnerabilities have been discovered in the libtiff
package.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4972.html
10/20/2004 - cvs
update fix
iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an
undocumented switch implemented in CVS' history command. The -X
switch specifies the name of the history file which allows an
attacker to determine whether arbitrary system files and
directories exist and whether or not the CVS process has access to
them.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4973.html
10/20/2004 - libtiff
multiple vulnerabilities fix
Several vulnerabilities have been discovered in the libtiff
package.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4976.html
10/21/2004 - cvs
vulnerability fix
iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an
undocumented switch implemented in CVS' history command. The -X
switch specifies the name of the history file which allows an
attacker to determine whether arbitrary system files and
directories exist and whether or not the CVS process has access to
them.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4984.html
10/21/2004 - mozilla
vulnerabilities fix
A number of vulnerabilities were fixed in mozilla 1.7.3.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4985.html
10/21/2004 - gaim
vulnerabilities fix
More vulnerabilities in gaim include nstalling smiley themes could
allow remote attackers to execute arbitrary commands via shell
metacharacters in the filename of the tar file that is dragged to
the smiley selector. There is also a buffer overflow in the way
gaim handles receiving very long URLs.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4993.html
10/21/2004 - wxGTK2
vulnerabilities fix
Several vulnerabilities have been discovered in the libtiff
package; wxGTK2 uses a libtiff code tree, so it may have the same
vulnerabilities.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4994.html
10/21/2004 - squid
SNMP processing vulnerability fix
iDEFENSE discovered a Denial of Service vulnerability in squid
version 2.5.STABLE6 and previous. The problem is due to an ASN1
parsing error where certain header length combinations can slip
through the validations performed by the ASN1 parser, leading to
the server assuming there is heap corruption or some other
exceptional condition, and closing all current connections then
restarting.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4997.html
10/21/2004 - wxGTK2
vulnerabilities fix
Several vulnerabilities have been discovered in the libtiff
package; wxGTK2 uses a libtiff code tree, so it may have the same
vulnerabilities.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4998.html
10/21/2004 - gaim
vulnerabilities fix
More vulnerabilities have been discovered in the gaim instant
messenger client.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4999.html
10/22/2004 - xpdf
vulnerabilities fix
Chris Evans discovered numerous vulnerabilities in the xpdf
package which can result in DOS or possibly arbitrary code
execution.
http://www.linuxsecurity.com/advisories/mandrake_advisory-5000.html
10/22/2004 - gpdf
DoS vulnerability fix
Chris Evans discovered numerous vulnerabilities in the xpdf
package, which also effect software using embedded xpdf code, such
as gpdf.
http://www.linuxsecurity.com/advisories/mandrake_advisory-5001.html
10/22/2004 - cups
DoS vulnerabilities fix
Chris Evans discovered numerous vulnerabilities in the xpdf
package, which also effect software using embedded xpdf code.
http://www.linuxsecurity.com/advisories/mandrake_advisory-5002.html
10/22/2004 - kdegraphics
DoS vulnerability fix
Chris Evans discovered numerous vulnerabilities in the xpdf
package, which also effect software using embedded xpdf code, such
as kpdf.
http://www.linuxsecurity.com/advisories/mandrake_advisory-5003.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
10/20/2004 - ImageMagick
security vulnerabilities fix
Updated ImageMagick packages that fix various security
vulnerabilities are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4977.html
10/20/2004 - mysql
minor security issues and bugs fix
Updated mysql packages that fix various temporary file security
issues, as well as a number of bugs, are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4978.html
10/20/2004 - squid
vulnerability fix
An updated squid package that fixes a remote denial of service
vulnerability is now avaliable.
http://www.linuxsecurity.com/advisories/redhat_advisory-4979.html
10/20/2004 - mysql
security issues and bugs fixes
Updated mysql packages that fix various security issues, as well
as a number of bugs, are now available for Red Hat Enterprise
Linux 2.1.
http://www.linuxsecurity.com/advisories/redhat_advisory-4980.html
10/20/2004 - gaim
security issues and bugs fixes
An updated gaim package that fixes security issues, fixes various
bugs, and includes various enhancements for Red Hat Enterprise
Linux 3 is now avaliable.
http://www.linuxsecurity.com/advisories/redhat_advisory-4981.html
+---------------------------------+
| Distribution: Suse | ----------------------------//
+---------------------------------+
10/21/2004 - kernel
remote denial of service
An integer underflow problem in the iptables firewall logging
rules can allow a remote attacker to crash the machine by using a
handcrafted IP packet. This attack is only possible with
firewalling enabled.
http://www.linuxsecurity.com/advisories/suse_advisory-4987.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
10/15/2004 - libtiff, mysql, squid, cyrus-sasl Multiple security
vulnerabilities
remote denial of service
Multiple security vulnerabilities in mysql, squid, cyrus-sasl and
libtiff.
http://www.linuxsecurity.com/advisories/trustix_advisory-4959.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Mon Oct 25 2004 - 07:10:21 PDT