[ISN] Linux Advisory Watch - December 3rd 2004

From: InfoSec News (isn@private)
Date: Mon Dec 06 2004 - 01:27:04 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  December 3rd, 2004                          Volume 5, Number 48a   |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week advisories were released for java, abiworld, cyrus,
squirrelmail, libgd1, openssl, hpsockd, policycoreutils, prelink,
libselinux, udev, tcpdump, samba, gaim, FreeBSD kernel, phpMyAdmin,
libxpm4, kde, amavisd, open motif, linux kernel, and cyrus-imapd.
The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake,
Trustix, Red Hat, and SuSE.

-----

Open Letter to Linux Security Community

Welcome to the new LinuxSecurity.com! I must admit, I am really
proud of what we have been able to accomplish over the years.
LinuxSecurity.com has grown from a small idea that a couple of
security geeks had in 1999, to a major and well respected Linux
resource. With an all new look & feel, organizational changes,
security events, and additions to our staff, we hope to better
serve the Linux and open source community. Although there are
many aesthetic improvements, a major part of our development
has focused    on creating a content structure and backend
system that is easy to update.

Since the beginning, we have been able to maintain one of the
largest, if not the largest and most comprehensive Linux
advisory archive on the Internet. Through the years, we have
scoured the net for thousands of hours to bring fresh and
relevant articles, papers, and resources to you. It wasn't easy
in the beginning. We had to create the site from scratch and
build a community-wide reputation.  The site was started in 1999,
the middle of the dot-com boom. Dave Wreski, a Linux security
expert and the original founder of LinuxSecurity.com had great
foresight. He envisioned the widespread use of Linux as well as
many other open source tools. Rather than companies spending
thousands of dollars on proprietary tools, he saw a world
where open source would be respected and adopted because of its
flexibility and greater security through open standards and
full disclosure...

Read Full Text:
http://www.linuxsecurity.com/content/view/117288/49/

-----

Mass deploying Osiris

Osiris is a centralized file-integrity program that uses a
client/server architecture to check for changes on a system.
A central server maintains the file-integrity database and
configuration for a client and at a specified time, sends the
configuration file over to the client, runs a scan and sends
the results back to the server to compare any changes. Those
changes are then sent via email, if configured, to a system
admin or group of people.  The communication is all done over
an encrypted communication channel.

http://www.linuxsecurity.com/content/view/101883/49/

---------------------------------------------------------------------

AIDE and CHKROOTKIT

Network security is continuing to be a big problem for companies
and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide
and chkrootkit.

http://www.linuxsecurity.com/content/view/101882/49/

------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

* Conectiva: java plugin vulnerability
  26th, November, 2004

Jouko Pynnonen reported[2], through iDEFENSE, a vulnerability[3] in
the plugin mechanism which allows remote attackers to bypass the Java
sandbox through the use of javascript.

http://www.linuxsecurity.com/content/view/106930


* Conectiva: abiword buffer overflow vulnerability fix
  1st, December, 2004

iDefense[3] discovered[4] a buffer overflow vulnerability[5] in the
wv library which could allow an attacker to execute arbitrary code
with the privileges of the user running the vulnerable application.

http://www.linuxsecurity.com/content/view/117319


* Conectiva: cyrus-imapd Multiple vulnerabilities
  1st, December, 2004

Stefan Esser from e-matters security recently published[2] several
vulnerabilities in cyrus-imapd.

http://www.linuxsecurity.com/content/view/117320


* Conectiva: squirrelmail cross site scripting vulnerability fix
  2nd, December, 2004

Joost Pol noticed[2] that SquirrelMail is prone to a cross site
scripting issue in the decoding of encoded text in certain headers.
SquirrelMail correctly decodes the specially crafted header, but
doesn't sanitize the result.

http://www.linuxsecurity.com/content/view/117321


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: libgd1 arbitrary code execution fix
  29th, November, 2004

More potential integer overflows have been found in the GD graphics
library which weren't covered by our security advisory DSA 589.  They
could be exploited by a specially crafted graphic and could lead to
the execution of arbitrary code on the victim's machine.

http://www.linuxsecurity.com/content/view/106931


* Debian: libgd2 arbitrary code execution fix
  29th, November, 2004

More potential integer overflows have been found in the GD graphics
library which weren't covered by our security advisory DSA 589.  They
could be exploited by a specially crafted graphic and could lead to
the execution of arbitrary code on the victim's machine.

http://www.linuxsecurity.com/content/view/106932


* Debian: openssl insecure temporary file creation fix
  1st, December, 2004

Trustix developers discovered insecure temporary file creation in a
supplemental script (der_chop) of the openssl package which may allow
local users to overwrite files via a symlink attack.

http://www.linuxsecurity.com/content/view/117312


* Debian: hpsockd denial of service fix
  3rd, December, 2004

"infamous41md" discovered a buffer overflow condition in hpsockd, the
socks server written at Hewlett-Packard.  An exploit could cause the
program to crash or may have worse effect.

http://www.linuxsecurity.com/content/view/117313


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora: policycoreutils-1.18.1-2 update Resend with correct id
  30th, November, 2004

FixFiles.cron is not needed for targeted policy and needs to be
reworked for strict policy.  Removing prevents possible relabeling
problems.

http://www.linuxsecurity.com/content/view/106953


* Fedora: policycoreutils-1.18.1-2 update
  30th, November, 2004

FixFiles.cron is not needed for targeted policy and needs to be
reworked for strict policy.  Removing prevents possible relabeling
problems.

http://www.linuxsecurity.com/content/view/106952


* Fedora: prelink-0.3.3-0.fc3 update
  30th, November, 2004

if layout code needs to re-prelink some library, make sure all
libraries that depend on it are re-prelinked too (#140081)

http://www.linuxsecurity.com/content/view/106950


* Fedora: libselinux-1.19.1-8 update
  30th, November, 2004

Change location of helper applications and remove some debug
applications that should not have been part of the distribution.

http://www.linuxsecurity.com/content/view/106951


* Fedora: udev-039-10.FC3.2 update
  30th, November, 2004

Forgot to turn of debugging logging. This release speeds up udev.

http://www.linuxsecurity.com/content/view/106948


* Fedora: tcpdump-3.8.2-6.FC2.1 update
  30th, November, 2004

fixed nfs protocol parsing for 64 bit architectures (bug 132781)

http://www.linuxsecurity.com/content/view/106949


* Fedora: abiword-2.0.12-7.fc3 update
  30th, November, 2004

Fixes for tempnam usages and startup geometry crashes

http://www.linuxsecurity.com/content/view/106947


* Fedora: system-config-securitylevel-1.4.18-2 update
  29th, November, 2004

This fixes tracebacks introduced by the libselinux update (#139155)

http://www.linuxsecurity.com/content/view/106944


* Fedora: samba-3.0.9-1.fc2 update
  29th, November, 2004

This update closes two security holes: CAN-2004-0882 and
CAN-2004-0930

http://www.linuxsecurity.com/content/view/106941


* Fedora: samba-3.0.9-1.fc3 update
  29th, November, 2004

This update closes two security holes: CAN-2004-0882 and
CAN-2004-0930.

http://www.linuxsecurity.com/content/view/106942


* Fedora: gaim-1.0.2-0.FC2 update
  29th, November, 2004

FC2 Update

http://www.linuxsecurity.com/content/view/106943


* Fedora: squirrelmail-1.4.3a-6.FC2 update
  28th, November, 2004

CAN-2004-1036 Cross Site Scripting in encoded text

http://www.linuxsecurity.com/content/view/106934


* Fedora: squirrelmail-1.4.3a-6.FC3 update
  28th, November, 2004

CAN-2004-1036 Cross Site Scripting in encoded text

http://www.linuxsecurity.com/content/view/106935


* Fedora: spamassassin-3.0.1-0.FC3 update
  28th, November, 2004

Several important bug fixes in upstream release.

http://www.linuxsecurity.com/content/view/106936


* Fedora: system-config-date-1.7.13-0.fc3.1 update
  29th, November, 2004

enable Gujarati and Tamil translations (#140881)

http://www.linuxsecurity.com/content/view/106937


+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

* FreeBSD: Kernel memory disclosure in procfs and linprocfs
  2nd, December, 2004

The implementation of the /proc/curproc/cmdline pseudofile in the
procfs(5) file system on FreeBSD 4.x and 5.x, and of the
/proc/self/cmdline pseudofile in the linprocfs(5) file system on
FreeBSD 5.x reads a process' argument vector from the process address
space.	During this operation, a pointer was dereferenced directly
without the necessary validation steps being performed.

http://www.linuxsecurity.com/content/view/117318


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Sun and Blackdown Java Applet privilege escalation
  29th, November, 2004

The Java plug-in security in Sun and Blackdown Java environments can
be bypassed to access arbitrary packages, allowing untrusted Java
applets to perform unrestricted actions on the host system.

http://www.linuxsecurity.com/content/view/106945


* Gentoo: Open DC Hub Remote code execution
  28th, November, 2004

Open DC Hub contains a buffer overflow that can be exploited to allow
remote code execution.

http://www.linuxsecurity.com/content/view/106940


* Gentoo: phpWebSite HTTP response splitting vulnerability
  26th, November, 2004

phpWebSite is vulnerable to possible HTTP response splitting attacks.

http://www.linuxsecurity.com/content/view/106929


* Gentoo: phpMyAdmin Multiple XSS vulnerabilities
  27th, November, 2004

phpMyAdmin is vulnerable to cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/106939


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

* Mandrake: libxpm4 correct issues with previous update
  30th, November, 2004

The previous libxpm4 update had a linking error that resulted in a
missing s_popen symbol error running applications dependant on the
library. In addition, the file path checking in the security updates
prevented some applications, like gimp-2.0 from being able to save
xpm format images.

http://www.linuxsecurity.com/content/view/106946


* Mandrake: kdepim various bugs fix
  27th, November, 2004

A number of bugs in kdepim are fixed with this update.

http://www.linuxsecurity.com/content/view/106938


* Mandrake: kdelibs various bugs fix
  26th, November, 2004

A number of bugs in kdelibs are fixed with this update.

http://www.linuxsecurity.com/content/view/106925


* Mandrake: kdebase various bugs fixes
  26th, November, 2004

A number of bugs in kdebase are fixed with this update.

http://www.linuxsecurity.com/content/view/106924


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

* Trustix: amavisd-new, anaconda, courier-imap, cyrus-imapd,
cyrus-sasl, file, kernel, mkbootdisk, mys
  29th, November, 2004

Fix amavis user creation on install. Support kickstart files on FTP.
Hyperthreading detection.

http://www.linuxsecurity.com/content/view/106933


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* Red Hat: openmotif image vulnerability fix
  2nd, December, 2004

Updated openmotif packages that fix flaws in the Xpm image library
are now available.

http://www.linuxsecurity.com/content/view/117314


* Red Hat: kernel security vulnerabilities fix
  2nd, December, 2004

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

http://www.linuxsecurity.com/content/view/117315


* SuSE: various kernel problems
  1st, December, 2004

Several security problems have been found and addressed by the SUSE
Security Team. The following issues are present in all SUSE Linux
based products.

http://www.linuxsecurity.com/content/view/117316


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: cyrus-imapd remote command execution
  3rd, December, 2004

Stefan Esser reported various bugs within the Cyrus IMAP Server.
These include buffer overflows and out-of-bounds memory access which
could allow remote attackers to execute arbitrary commands as root.
The bugs occur in the pre-authentication phase, therefore an update
is strongly recommended.

http://www.linuxsecurity.com/content/view/117317


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 07:13:11 PST