[ISN] Linux Advisory Watch - November 10th 2006

From: InfoSec News (alerts@private)
Date: Sun Nov 12 2006 - 22:08:02 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  November 10th 2006                           Volume 7, Number 46a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for libpam-ldap, ingol, thttpd,
php4, phpmyadmin, firefox, screen, Qt, NVIDIA driver, wireshark, kernel,
libx11, rpm, jabber, wv, openssh, texinfo, seamonkey, thunderbird,
ruby, bind, and imlib2.  The distributors include Debian, Fedora,
Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec/

---

EnGarde Secure Linux v3.0.9 Now Available

Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.10 (Version 3.0, Release 10). This release
includes several bug fixes and feature enhancements to Guardian
Digital WebTool and the SELinux policy, several updated packages,
and several new features.

EnGarde Secure Community is a secure distribution of Linux
engineered from the ground-up to provide organizations with the
level of security required to create a corporate Web presence or
even conduct e-business on the Web. It can be used as a Web, DNS,
e-mail, database, e-commerce, and general Internet server where
security is a primary concern.


* Guardian Digital WebTool help system. All of the existing
WebTool modules now have help -- just roll your mouse pointer
over any help-enabled field for assistance. Special thanks to
Ankit Patel and Eric Lubow for all their hard work writing the
help text.

* Guardian Digital WebTool SELinux Control Console. This new
WebTool module gives you greater control over the SELinux
subsystem of EnGarde Secure Linux. With it you may monitor
the audit logs, toggle enforcing mode and booleans, download
the policy to your local computer, and trigger a relabel of
the filesystems.

* A new SELinux policy boolean: httpd_script_remote. This
boolean was added in response to bug #0000093 and grants PHP
and CGI scripts to external websites (such as RSS feeds).

* Major upgrades of apache (from 2.0.59 to 2.2.3), postfix
(2.2.11 to 2.3.3), and snort (2.4.5 to 2.6.0.2).

* The latest stable versions of MySQL (5.0.27), aide (0.12),
asterisk (1.2.13), libapache-mod_mono (1.1.18), mod_perl
(2.0.2), postgresql (8.1.5), and zaptel (1.2.10).

http://www.engardelinux.org/modules/index/releases/3.0.10.cgi

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New libpam-ldap packages fix access control bypass
  2nd, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125542


* Debian: New ingo1 packages fix arbitrary shell command execution
  2nd, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125549


* Debian: New thttpd packages fix insecure temporary file creation
  3rd, November, 2006

Marco d'Itri discovered that thttpd, a small, fast and secure
webserver, makes use of insecure temporary files when its logfiles
are rotated, which might lead to a denial of service through a
symlink attack.

http://www.linuxsecurity.com/content/view/125557


* Debian: New php4 packages fix several vulnerabilities
  6th, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125592


* Debian: New phpmyadmin packages fix several vulnerabilities
  9th, November, 2006

The following CVEIDs are addressed: CVE-2006-1678 CVE-2006-2418
CVE-2005-3621 CVE-2005-3665 CVE-2006-5116

http://www.linuxsecurity.com/content/view/125670




+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 5 Update: firefox-1.5.0.8-1.fc5
  9th, November, 2006

Mozilla Firefox is an open source Web browser. Several flaws were
found in the way Firefox processes certain malformed Javascript code.
A malicious web page could cause the execution of Javascript code in
such a way that could cause Firefox to crash or execute arbitrary
code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747,
CVE-2006-5748) Several flaws were found in the way Firefox renders
web pages. A malicious web page could cause the browser to crash or
possibly execute arbitrary code as the user running Firefox.
(CVE-2006-5464) Users of Firefox are advised to upgrade to this
update, which contains Firefox version 1.5.0.8 that corrects these
issues.

http://www.linuxsecurity.com/content/view/125654


* Fedora Extras
  9th, November, 2006

CVE IDs: CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809
M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify
the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images.  If a
user were tricked into viewing or processing a specially crafted
image with an application that uses imlib2, the flaws could be
exploited to execute arbitrary code with the user's privileges.
Fedora Extras versions earlier then the versions mentioned above are
vulnerable to this problem, upgrade to fix this vulnerability.

http://www.linuxsecurity.com/content/view/125656



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Screen UTF-8 character handling vulnerability
  3rd, November, 2006

Screen contains an error in its UTF-8 character handling code that
would allow a remote Denial of Service or possibly the remote
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/125554


* Gentoo: Qt Integer overflow
  6th, November, 2006

An integer overflow flaw in the Qt pixmap handling could possibly
lead to a Denial of Service or the remote execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/125574


* Gentoo: NVIDIA binary graphics driver Privilege escalation
vulnerability
  7th, November, 2006

The NVIDIA binary graphics driver is vulnerable to a local privilege
escalation through an X session.

http://www.linuxsecurity.com/content/view/125617



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated php packages to address buffer overflow issue
  3rd, November, 2006

The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project.
Of course the whole purpose of these functions is to be filled with
user input. (The overflow can only be when UTF-8 is used) In
addition, selected patches backported from php cvs that address other
issues that may or may not have security implications have been
applied to this release. Updated packages have been patched to
correct these issues. Users must restart Apache for the changes to
take effect.

http://www.linuxsecurity.com/content/view/125551


* Mandriva: Updated wireshark packages fix multiple vulnerabilities
  3rd, November, 2006

Vulnerabilities in the HTTP, LDAP, XOT, WBXML, and MIME Multipart
dissectors were discovered in versions of wireshark less than 0.99.4,
as well as various other bugs. This updated provides wireshark 0.99.4
which is not vulnerable to these issues.

http://www.linuxsecurity.com/content/view/125552


* Mandriva: Updated kernel packages fix multiple vulnerabilities and bugs
  3rd, November, 2006

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel.

http://www.linuxsecurity.com/content/view/125564


* Mandriva: Updated imlib2 packages fix several vulnerabilities
  6th, November, 2006

M Joonas Pihlaja discovered several vulnerabilities in the Imlib2
graphics library.


http://www.linuxsecurity.com/content/view/125606


* Mandriva: Updated libx11 packages fix file descriptor leak
vulnerability
  6th, November, 2006

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2
and 1.0.3 opens a file for reading twice using the same file
descriptor, which causes a file descriptor leak that allows local
users to read files specified by the XCOMPOSEFILE environment
variable via the duplicate file descriptor.

http://www.linuxsecurity.com/content/view/125607


* Mandriva: Updated rpm packages fix vulnerability
  7th, November, 2006

A heap-based buffer overflow was discovered in librpm when the LANG
or LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly
other locales), which could allow for  ser-assisted attackers to
execute arbitrary code via crafted RPM packages.

http://www.linuxsecurity.com/content/view/125622


* Mandriva: Updated jabber package fix SSL support issue
  7th, November, 2006

The OpenSSL library was not properly initialized in the jabber SSL
support code, which prevented SSL support for incoming client
connections on the jabber server.  This update corrects this issue.

http://www.linuxsecurity.com/content/view/125623


* Mandriva: Updated pam_ldap packages fix PasswordPolicyReponse
coding error
  7th, November, 2006

Pam_ldap does not return an error condition when an LDAP directory
server responds with a PasswordPolicyResponse control response, which
causes the pam_authenticate function to return a success code even if
authentication has failed, as originally reported for xscreensaver.
This might lead to an attacker being able to login into a suspended
system account.

http://www.linuxsecurity.com/content/view/125624


* Mandriva: Updated imlib2 packages fix several vulnerabilities
  7th, November, 2006

M Joonas Pihlaja discovered several vulnerabilities in the Imlib2
graphics library.

http://www.linuxsecurity.com/content/view/125625


* Mandriva: Updated wv packages fix vulnerabilities
  7th, November, 2006

Multiple integer overflows in the WV library in wvWare (formerly
mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly
other products, allow user-assisted remote attackers to execute
arbitrary code via a crafted Microsoft Word (DOC) file that produces
(1) large LFO clfolvl values in the wvGetLFO_records function or (2)
a large LFO nolfo value in the wvGetFLO_PLF function.

http://www.linuxsecurity.com/content/view/125626


* Mandriva: Updated openssh packages fix vulnerability
  8th, November, 2006

A vulnerability in the privilege separation functionality in OpenSSH
was discovered, caused by an incorrect checking for bad signatures in
sshd's privsep monitor.  As a result, the monitor and the
unprivileged process can get out sync.	The OpenSSH team indicated
that this bug is not known to be exploitable in the abence of
additional vulnerabilities.

http://www.linuxsecurity.com/content/view/125650


* Mandriva: Updated texinfo packages fix vulnerability
  8th, November, 2006

Miloslav Trmac discovered a buffer overflow in texinfo. This issue
can cause texi2dvi or texindex to crash when processing a carefully
crafted file. Updated packages have been patched to correct this
issue.

http://www.linuxsecurity.com/content/view/125645



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: php security update
  6th, November, 2006

Updated PHP packages that fix a security issue are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/125605


* RedHat: Critical: firefox security update
  8th, November, 2006

Updated firefox packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/125627


* RedHat: Critical: seamonkey security update
  8th, November, 2006

Updated seamonkey packages that fix several security bugs are now
available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has
been rated as having critical security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/125628


* RedHat: Critical: thunderbird security update
  8th, November, 2006

Updated thunderbird packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/125629


* RedHat: Moderate: texinfo security update
  8th, November, 2006

New Texinfo packages that fix various security vulnerabilities are
now available.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/125630


* RedHat: Moderate: ruby security update
  8th, November, 2006

Updated ruby packages that fix a denial of service issue for the CGI
instance are now available. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/125646


* RedHat: Moderate: wireshark security update
  9th, November, 2006

New Wireshark packages that fix various security vulnerabilities are
now available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/125672



+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

* Slackware:   screen
  4th, November, 2006

New screen packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and 11.0 to fix a security issue. More details about this
issue may be found in the Common Vulnerabilities and Exposures (CVE)
database.

http://www.linuxsecurity.com/content/view/125568


* Slackware:   php
  4th, November, 2006

New php packages are available for Slackware 10.2 and 11.0 to fix
security issues.  More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database.

http://www.linuxsecurity.com/content/view/125569


* Slackware:   bind
  7th, November, 2006

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and 11.0 to fix security issues.  The minimum OpenSSL
version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid
exposure to known security flaws in older versions (these patches
were already issued for Slackware).  If you have not upgraded yet,
get those as well to prevent a potentially exploitable security
problem in named.

http://www.linuxsecurity.com/content/view/125608



+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  PHP vulnerability
  2nd, November, 2006

Stefan Esser discovered two buffer overflows in the htmlentities()
and htmlspecialchars() functions. By supplying specially crafted
input to PHP applications which process that input with these
functions, a remote attacker could potentially exploit this to
execute arbitrary code with the privileges of the application. This
update also fixes bugs in the chdir() and tempnam() functions, which
did not perform proper open_basedir checks. This could allow local
scripts to bypass intended restrictions.

http://www.linuxsecurity.com/content/view/125548


* Ubuntu:  imlib2 vulnerabilities
  3rd, November, 2006

M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify
the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images.  If a
user were tricked into viewing or processing a specially crafted
image with an application that uses imlib2, the flaws could be
exploited to execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/125565


* Ubuntu:  NVIDIA vulnerability
  3rd, November, 2006

Derek Abdine discovered that the NVIDIA Xorg driver did not correctly
verify the size of buffers used to render text glyphs.	When
displaying very long strings of text, the Xorg server would crash.
If a user were tricked into viewing a specially crafted series of
glyphs, this flaw could be exploited to run arbitrary code with root
privileges.

http://www.linuxsecurity.com/content/view/125566


* Ubuntu:  RPM vulnerability
  3rd, November, 2006

An error was found in the RPM library's handling of query reports.
In some locales, certain RPM packages would cause the library to
crash.	If a user was tricked into querying a specially crafted RPM
package, the flaw could be exploited to execute arbitrary code with
the user's privileges.

http://www.linuxsecurity.com/content/view/125567


* Ubuntu:  imlib2 regression fix
  6th, November, 2006

USN-376-1 provided an update to imlib2 to fix several security
vulnerabilities.  Unfortunately the update broke JPG file handling in
certain situations.  This update corrects this problem.  We apologize
for the inconvenience.

http://www.linuxsecurity.com/content/view/125604


* Ubuntu:  texinfo vulnerability
  9th, November, 2006

Miloslav Trmac discovered a buffer overflow in texinfo's index
processor.  If a user is tricked into processing a .texi file with
texindex, this could lead to arbitrary code execution with user
privileges.

http://www.linuxsecurity.com/content/view/125671

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Sun Nov 12 2006 - 22:19:37 PST