[ISN] Linux Advisory Watch - January 21st 2005

From: InfoSec News (isn@private)
Date: Mon Jan 24 2005 - 01:36:55 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  January 21st, 2005                          Volume 6, Number 3a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for twiki, xine, libtiff, mc,
gatos, playmidi, chbg, cups, imagemagick, mysql, xpdf, xtrlock,
mysql, sword, squid, gimp, dovecot, dhcp, bind, vixie-cron, sysklogd,
alsa-lib, grep, kernel-utils, ethereal, mpg123, playmidi, and krb5.
The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake,
Red Hat, SuSE, and TurboLinux.

---

>> Enterprise Security for the Small Business <<
Never before has a small business productivity solution been designed
with such robust security features.  Engineered with security as a main
focus, the Guardian Digital Internet Productivity Suite is the
cost-effective solution small businesses have been waiting for.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn07

---

Assurance via Documentation

In all business environments management must give a certain
level of trust to staff in order for work to get done.  In
security, trust is extremely important.  Security managers must
trust staff to properly setup and configure systems, give
appropriate access, and fix vulnerabilities as they arise.
Trusting staff to get the job done is a fundamental part of
doing business.  As a manager, how can one be sure that the
security staff is properly addressing security issues?  How
can one be sure that vulnerabilities are fixed and logs are
monitored?  Peter F. Drucker, a well known writer on business
management topics once wrote, "if you cannot measure it, you
cannot manage it."

This is directly relevant to security.  How can a manager be
sure that the backups are getting done?  Are the IDS and
firewall logs properly monitored?  A manager can easily have
trust in employees, but assurance also must be provided.
Management should require staff to log backups, log reviews,
server patching, etc.  Rather than trusting staff to get the
job done, it is necessary to have assurance.  All general
security maintenance tasks can be, and should be audit-able.

How will extra paper work help security?  Will staff get fed
up with all of the extra documentation?  The purpose of extra
documentation is not to burden staff, it is to increasingly
justify security spending.  If a security department is
properly doing its job, incidents will have little affect.
However, if the department isn't doing its job, something
catastrophic could happen.  It is hard for people not in
security to see the value in spending more money when
there are no security incidents.  Having audit-able
documented evidence of thwarted security attempts, log
reviews, etc. can have a huge impact on the image of the
security department.  Rather than relying on trust, giving
assurance and quantifying security will help get the budget
necessary to have the appropriate level of protection.

Until next time, cheers!
Benjamin D. Thomas

----------------------

Encrypting Shell Scripts

Do you have scripts that contain sensitive information like
passwords and you pretty much depend on file permissions to keep
it secure?  If so, then that type of security is good provided
you keep your system secure and some user doesn't have a "ps -ef"
loop running in an attempt to capture that sensitive info (though
some applications mask passwords in "ps" output).

http://www.linuxsecurity.com/content/view/117920/49/

---

A 2005 Linux Security Resolution

Year 2000, the coming of the new millennium, brought us great joy
and celebration, but also brought great fear.  Some believed it would
result in full-scale computer meltdown, leaving Earth as a nuclear
wasteland.  Others predicted minor glitches leading only to
inconvenience.  The following years (2001-2004) have been tainted
with the threat of terrorism worldwide.

http://www.linuxsecurity.com/content/view/117721/49/

---

State of Linux Security 2004

In 2004, security continued to be a major concern. The beginning of the
year was plagued with several kernel flaws and Linux vendor advisories
continue to be released at an ever-increasing rate. This year, we have
seen the reports touting Window's security superiority, only to be
debunked by other security experts immediately after release. Also,
Guardian Digital launched the new LinuxSecurity.com, users continue to
be targeted by automated attacks, and the need for security awareness
and education continues to rise.

http://www.linuxsecurity.com/content/view/117655/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

* Conectiva: twiki Fix for twiki remote vulnerability
  14th, January, 2005

A vulnerability in twiki was found where a remote attacker could
exploit it to run arbitrary shell commands on the server. For further

information on this vulnerability, please, refer to the authors'
announcement[2].

http://www.linuxsecurity.com/content/view/117926


* Conectiva: xine-lib Fixes for xine-lib vulnerabilities
  19th, January, 2005

Ariel Berkman discovered a buffer overflow vulnerability[2] in
demux_aiff.c, where it reads specific input data into an array
without checking the input size.

http://www.linuxsecurity.com/content/view/117967


* Conectiva: libtiff3 Fixes for libtiff vulnerabilities
  20th, January, 2005

This announcement fixes several integer overflow vulnerabilities[3,4]

that were encountered in libtiff by iDefense which could lead to
remote arbitrary code execution.

http://www.linuxsecurity.com/content/view/117982


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New mc packages fix several vulnerabilities
  14th, January, 2005

ndrew V. Samoilov has noticed that several bugfixes which were
applied to the source by upstream developers of mc, the midnight
commander, a file browser and manager, were not backported to the
current version of mc that Debian ships in their stable release.

http://www.linuxsecurity.com/content/view/117925


* Debian: New gatos packages fix arbitrary code execution
  17th, January, 2005

Erik Sj=C3=B6lund discovered a buffer overflow in xatitv, one of the
programs in the gatos package, that is used to display video with
certain ATI video cards.  xatitv is installed setuid root in order to

gain direct access to the video hardware.

http://www.linuxsecurity.com/content/view/117938


* New playmidi packages fix local root exploit
  17th, January, 2005

Erik Sjolund discovered that playmidi, a MIDI player, contains a
setuid root program with a buffer overflow that can be exploited by a

local attacker.

http://www.linuxsecurity.com/content/view/117939


* Debian: New gallery packages fix several vulnerabilities
  17th, January, 2005

Several vulnerabilities have been discovered in gallery, a web-based
photo album written in PHP4.

http://www.linuxsecurity.com/content/view/117942


* Debian: New queue packages fix buffer overflows
  18th, January, 2005

"jaguar" of the Debian Security Audit Project has discovered several
buffer overflows in queue, a transparent load balancing system.

http://www.linuxsecurity.com/content/view/117951


* Debian: New chbg packages fix arbitrary code execution
  18th, January, 2005

Danny Lungstrom discoverd a vulnerability in chbg, a tool to change
background pictures.  A maliciously crafted configuration/scenario
file could overflow a buffer and lead to the execution of arbitrary
code on the victim's machine.

http://www.linuxsecurity.com/content/view/117952


* Debian: New CUPS packages fix arbitrary code execution
  19th, January, 2005

iDEFENSE has reported a buffer overflow in xpdf, the portable
document format (PDF) suite.  Similar code is present in the PDF
processing part of CUPS.  A maliciously crafted PDF file could
exploit this problem, resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117963


* Debian: New ImageMagick packages fix arbitrary code execution
  19th, January, 2005

Andrei Nigmatulin discovered a buffer overflow in the PSD
image-decoding module of ImageMagick, a commonly used image
manipulation library.  Remote exploition with a carefully crafted
image could lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117964


* Debian: New mysql packages fix insecure temporary files
  19th, January, 2005

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project

discoverd a temporary file vulnerability in the mysqlaccess script of

MySQL that could allow an unprivileged user to let root overwrite
arbitrary files via a symlink attack and could also could unveil the
contents of a temporary file which might contain sensitive
information.

http://www.linuxsecurity.com/content/view/117965


* Debian: New xpdf packages fix arbitrary code execution
  19th, January, 2005

iDEFENSE has reported a buffer overflow in xpdf, the portable
document format (PDF) suite.  A maliciously crafted PDF file
could exploit this problem, resulting in the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/117966


* Debian: New xtrlock packages fix authentication bypass
  20th, January, 2005

A buffer overflow has been discovered in xtrlock, a minimal X display
lock program which can be exploited by a malicious local attacker to
crash the lock program and take over the desktop session.

http://www.linuxsecurity.com/content/view/117981


* Debian: New sword packages fix arbitrary command execution
  20th, January, 2005

Ulf Harnhammar discovered that due to missing input sanitising in
diatheke, a CGI script for making and browsing a bible website, it is
possible to execute arbitrary commands via a specially crafted URL.

http://www.linuxsecurity.com/content/view/117990


* Debian: New squid packages fix denial of service
  20th, January, 2005

Several vulnerabilities have been discovered in Squid, the internet
object cache, the popular WWW proxy cache.

http://www.linuxsecurity.com/content/view/117991


* Fedora Core 3 Update: kernel-2.6.10-1.741_FC3
  14th, January, 2005

Fix slab corruption in ACPI video code.

http://www.linuxsecurity.com/content/view/117924


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 2 Update: system-config-kickstart-2.5.19-1.fc2
  14th, January, 2005

This update fixes bug #143946, where system-config-kickstart cannot
load kickstart configuration files.  It also incorporates all the
other fixes and improvements that have taken place since the FC2
version of this utility.

http://www.linuxsecurity.com/content/view/117934


* Fedora Core 3 Update: gimp-2.2.2-0.fc3.2
  16th, January, 2005

This is a major version upgrade from 2.0.x to 2.2.x but it is
designed to be binary compatible in order that old plug-ins and
scripts continue to work.

http://www.linuxsecurity.com/content/view/117937


* Fedora: NetworkManager-0.3.3-1.cvs20050112.1.fc3 update
  17th, January, 2005

Please see RPM Changelog for fixes and new features
since the last version.

http://www.linuxsecurity.com/content/view/117948


* Fedora Core 3 Update: gimp-help-2-0.1.0.6.0.fc3.1
  18th, January, 2005

The GIMP User Manual is a newly written User Manual for the GIMP.

http://www.linuxsecurity.com/content/view/117953


* Fedora Core 3 Update: gimp-2.2.2-0.fc3.3
  18th, January, 2005

clip thumbnail quality at 75 and don't barf on saving images at
quality 0

http://www.linuxsecurity.com/content/view/117954


* Fedora Core 2 Update: dovecot-0.99.13-4.FC2
  18th, January, 2005

This is a bug fix update for the Dovecot IMAP server. This brings the

Red Hat Dovecot rpm up to date with the latest upstream release from
Timo Sirainen, version 0.99.13 released on Jan 6th 2005.

http://www.linuxsecurity.com/content/view/117955


* Fedora Core 3 Update: dovecot-0.99.13-3.FC3
  18th, January, 2005

This is a bug fix update for the Dovecot IMAP server. This brings the

Red Hat Dovecot rpm up to date with the latest upstream release from
Timo Sirainen, version 0.99.13 released on Jan 6th 2005.

http://www.linuxsecurity.com/content/view/117956


* Fedora Core 3 Update: dhcpv6-0.10-11_FC3
  19th, January, 2005

Updated dhcpv6 package, adding Relay Agent support, Support for
prefix delegation to radvd on interface other than lease reception
interface and Fix cores on resolv.conf and radvd.conf update

http://www.linuxsecurity.com/content/view/117969


* Fedora Core 3 Update: dhcp-3.0.1-30_FC3
  19th, January, 2005

Updated DHCP and DHCLIENT packages.

http://www.linuxsecurity.com/content/view/117970


* Fedora Core 3 Update: bind-9.2.4-8_FC3
  19th, January, 2005

Updated BIND packages.

http://www.linuxsecurity.com/content/view/117971


* Fedora Core 3 Update: vixie-cron-4.1-20_FC3
  19th, January, 2005

Updated vixie-cron package.

http://www.linuxsecurity.com/content/view/117972


* Fedora Core 3 Update: sysklogd-1.4.1-26_FC3
  19th, January, 2005

Updated sysklogd packages.

http://www.linuxsecurity.com/content/view/117973


* Fedora Core 3 Update: gpdf-2.8.2-2.2
  19th, January, 2005

Add patch for CAN-2005-0064

http://www.linuxsecurity.com/content/view/117976


* Fedora Core 2 Update: gpdf-2.8.2-2.1
  19th, January, 2005

Add patch for CAN-2005-0064

http://www.linuxsecurity.com/content/view/117977


* Fedora Core 2 Update: cups-1.1.20-11.10
  20th, January, 2005

This package fixes a buffer overflow which may possibly allow
attackers to execute arbitrary code as the "lp" user.  The Common
Vulnerabilities and Exposures projects (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue.

http://www.linuxsecurity.com/content/view/117983


* Fedora Core 3 Update: cups-1.1.22-0.rc1.8.4
  20th, January, 2005

This package fixes a buffer overflow which may possibly allow
attackers to execute arbitrary code as the "lp" user.  The
Common Vulnerabilities and Exposures projects (cve.mitre.org)
has assigned the name CAN-2005-0064 to this issue.

http://www.linuxsecurity.com/content/view/117984


* Fedora Core 3 Update: alsa-lib-1.0.6-7.FC3
  20th, January, 2005

A flaw in the alsa mixer code was discovered, which disabled stack
execution protection for the libasound.so library distributed with
Fedora Core 3. The effect of this flaw resulted in stack execution
protection, through NX or Exec-Shield, which was disabled for any
application linked to libasound.

http://www.linuxsecurity.com/content/view/117985


* Fedora Core 3 Update: grep-2.5.1-31.4
  20th, January, 2005

This update fixes a small regression in handling multibyte input for
"grep -Fi", and further improves performance when processing UTF-8
input.

http://www.linuxsecurity.com/content/view/117992


* Fedora Core 2 Update: xpdf-3.00-3.7
  20th, January, 2005

Applied patch to fix CAN-2005-0064 (bug #145050)

http://www.linuxsecurity.com/content/view/117993


* Fedora Core 3 Update: xpdf-3.00-10.2
  20th, January, 2005

Applied patch to fix CAN-2005-0064 (bug #145050)

http://www.linuxsecurity.com/content/view/117994


* Fedora Core 2 Update: kernel-utils-2.4-9.1.131_FC2
  20th, January, 2005

Update microcode_ctl to 1.11 (#131885)

http://www.linuxsecurity.com/content/view/117997


* Fedora Core 3 Update: kernel-utils-2.4-13.1.49_FC3
  20th, January, 2005

Update microcode_ctl to 1.11

http://www.linuxsecurity.com/content/view/117998


* Fedora Core 3 Update: hal-0.4.6-1.FC3
  20th, January, 2005

New upstream release

http://www.linuxsecurity.com/content/view/118004



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Squid Multiple vulnerabilities
  16th, January, 2005

Squid contains vulnerabilities in the the code handling NTLM (NT Lan
Manager), Gopher to HTML and WCCP (Web Cache Communication Protocol)
which could lead to denial of service and arbitrary code execution.

http://www.linuxsecurity.com/content/view/117936


* Gentoo: ImageMagick PSD decoding heap overflow
  20th, January, 2005

ImageMagick is vulnerable to a heap overflow when decoding Photoshop
Document (PSD) files, which could lead to arbitrary code execution.

http://www.linuxsecurity.com/content/view/118003


* Gentoo: Ethereal Multiple vulnerabilities
  20th, January, 2005

Multiple vulnerabilities exist in Ethereal, which may allow an
attacker to run arbitrary code, crash the program or perform DoS by
CPU and disk utilization.

http://www.linuxsecurity.com/content/view/118005


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

* Mandrake: CUPS multiple vulnerabilities fix
  17th, January, 2005

A buffer overflow was discovered in the ParseCommand function in the
hpgltops utility. An attacker with the ability to send malicious HPGL
files to a printer could possibly execute arbitrary code as the "lp"
user (CAN-2004-1267).

http://www.linuxsecurity.com/content/view/117947


* Mandrake: Updated mpg123 packages fix
  19th, January, 2005

A vulnerability in mpg123's ability to parse frame headers in input
streams could allow a malicious file to exploit a buffer overflow and
execute arbitray code with the permissions of the user running
mpg123.

http://www.linuxsecurity.com/content/view/117978


* Mandrake: Updated playmidi packages
  19th, January, 2005

Erik Sjolund discovered a buffer overflow in playmidi that could be
exploited by a local attacker if installed setuid root.  Note that by
default Mandrakelinux does not ship playmidi installed setuid root.

http://www.linuxsecurity.com/content/view/117979


* Mandrake: Updated xine packages fix
  19th, January, 2005

iDefense discovered that the PNA_TAG handling code in pnm_get_chunk()

does not check if the input size is larger than the buffer size
(CAN-2004-1187).  As well, they discovered that in this same
function, a negative value could be given to an unsigned variable
that specifies the read length of input data (CAN-2004-1188).

http://www.linuxsecurity.com/content/view/117980


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Updated kernel packages fix security
  18th, January, 2005

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

http://www.linuxsecurity.com/content/view/117962


* RedHat: Updated krb5 packages fix security
  19th, January, 2005

Updated Kerberos (krb5) packages that correct buffer overflow and
temporary file bugs are now available for Red Hat Enterprise Linux.

http://www.linuxsecurity.com/content/view/117974


* RedHat: Updated php packages fix security issues
  19th, January, 2005

Updated php packages that fix various security issues are now
available for Red Hat Enterprise Linux 2.1.

http://www.linuxsecurity.com/content/view/117975


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: php4, mod_php4 remote code execution
  17th, January, 2005

Stefan Esser and Marcus Boerger found several buffer overflow
problems in the unserializer functions of PHP (CAN-2004-1019) and
Ilia Alshanetsky (CAN-2004-1065) found one in the exif parser. Any of
them could allow remote attackers to execute arbitrary code as the
user running the PHP interpreter.

http://www.linuxsecurity.com/content/view/117944


+---------------------------------+
|  Distribution: Turbo Linux      | ----------------------------//
+---------------------------------+

* TurboLinux: xpdf Buffer overflow
  20th, January, 2005

These vulnerabilities may allow remote attackers to execute arbitrary
code via malformed PDF files.

http://www.linuxsecurity.com/content/view/117986

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Jan 24 2005 - 03:05:40 PST