[ISN] Linux Advisory Watch - November 24th 2006

From: InfoSec News (alerts@private)
Date: Sun Nov 26 2006 - 23:29:11 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  November 24th 2006                           Volume 7, Number 48a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for imagemagick, phpmyadmin, gv,
xine-lib, flexbackup, linux-ftpd, proftpd, libpng, TikiWiki, Ruby,
netlink, qmailAdmin, Texinfo, fvwm, libpng, syslinux, pxelinux,
doxygen, chromium, xorg, avahi, links, openldap, apache-mod_auth_kerb,
asterisk, powerdns, and libpng.  The distributors include Debian,
Gentoo, Mandriva, SuSE, and Ubuntu.

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec/

---

* EnGarde Secure Linux v3.0.10 Now Available

Guardian Digital is pleased to announce the release of
EnGarde Secure Community 3.0.10 (Version 3.0, Release 10). This
release includes  our new SELinux Control Console and our new
context-sensitive Guardian Digital help system, along with bug fixes
and upgrades to major applications including Apache, Postfix, and
Snort.

http://www.engardelinux.org/modules/index/releases/3.0.10.cgi

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New imagemagick packages fix several vulnerabilities
  19th, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125816


* Debian: New phpmyadmin packages fix regression
  19th, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125817


* Debian: New gv packages fix arbitrary code execution
  20th, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125838


* Debian: New xine-lib packages fix execution of arbitrary code
  20th, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125839


* Debian: New flexbackup packages fix denial of service
  20th, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125840


* Debian: New linux-ftpd packages fix access control bypass
  20th, November, 2006

Updated package.

http://www.linuxsecurity.com/content/view/125841


* Debian: New proftpd packages fix denial of service
  21st, November, 2006

It was discovered that the proftpd FTP daemon performs insufficient
validation of FTP command buffer size limits, which may lead to
denial of service. CVEID CVE-2006-5815 is addressed by this
vulnerability.

http://www.linuxsecurity.com/content/view/125858


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: libpng Denial of Service
  17th, November, 2006

A vulnerability in libpng may allow a remote attacker to crash
applications that handle untrusted images.

http://www.linuxsecurity.com/content/view/125808


* Gentoo: WordPress Multiple vulnerabilities
  17th, November, 2006

Flaws in WordPress allow a Denial of Service, the disclosure of user
metadata and the overwriting of restricted files.

http://www.linuxsecurity.com/content/view/125809


* Gentoo: TikiWiki Multiple vulnerabilities
  20th, November, 2006

TikiWiki allows for the disclosure of MySQL database authentication
credentials and for cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/125834


* Gentoo: Ruby Denial of Service vulnerability
  20th, November, 2006

The Ruby cgi.rb CGI library is vulnerable to a Denial of Service
attack.

http://www.linuxsecurity.com/content/view/125835


* Gentoo: Avahi "netlink" message vulnerability
  20th, November, 2006

Avahi fails to verify the origin of netlink messages, which could
allow local users to spoof network changes.

http://www.linuxsecurity.com/content/view/125836


* Gentoo: TORQUE Insecure temproary file creation
  20th, November, 2006

TORQUE creates temporary files in an insecure manner which could lead
to the execution of arbitrary code with elevated privileges.

http://www.linuxsecurity.com/content/view/125837


* Gentoo: qmailAdmin Buffer overflow
  21st, November, 2006

qmailAdmin is vulnerable to a buffer overflow that could lead to the
remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/125854


* Gentoo: TORQUE Insecure temporary file creation
  21st, November, 2006

TORQUE creates temporary files in an insecure manner which could lead
to the execution of arbitrary code with elevated privileges.

http://www.linuxsecurity.com/content/view/125855


* Gentoo: Texinfo Buffer overflow
  21st, November, 2006

Texinfo is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/125856


* Gentoo: fvwm fvwm-menu-directory fvwm command injection
  23rd, November, 2006

A flaw in fvwm-menu-directory may permit a local attacker to execute
arbitrary commands with the privileges of another user.

http://www.linuxsecurity.com/content/view/125886


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated libpng packages fix vulnerabilities
  16th, November, 2006

 Buffer overflow in the png_decompress_chunk function in pngrutil.c
in libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name".

http://www.linuxsecurity.com/content/view/125794


* Mandriva: Updated syslinux packages to fix embedded libpng
vulnerabilities
  16th, November, 2006

SYSLINUX is a boot loader for the Linux operating system which
operates off an MS-DOS/Windows FAT filesystem. It is built with a
private copy of libpng, and as such could be susceptible to some
of the same vulnerabilities.

http://www.linuxsecurity.com/content/view/125795


* Mandriva: Updated pxelinux packages to fix embedded libpng
vulnerabilities
  16th, November, 2006

PXELINUX is a PXE bootloader.  It is built with a private copy of
libpng, and as such could be susceptible to some of the same
vulnerabilities.

http://www.linuxsecurity.com/content/view/125796


* Mandriva: Updated doxygen packages to fix embedded libpng
vulnerabilities
  16th, November, 2006

Doxygen is a documentation system for C, C++ and IDL. It is built
with a private copy of libpng, and as such could be susceptible to
some of the same vulnerabilities.

http://www.linuxsecurity.com/content/view/125803


* Mandriva: Updated chromium packages to fix embedded libpng vulnerabilities
  16th, November, 2006

Chromium is an OpenGL-based shoot them up game with fine graphics. It
is built with a private copy of libpng, and as such could be
susceptible to some of the same vulnerabilities.

http://www.linuxsecurity.com/content/view/125804


* Mandriva: Updated gv packages fix buffer overflow vulnerability
  17th, November, 2006

Stack-based buffer overflow in the ps_gettext function in ps.c for
GNU gv 3.6.2, and possibly earlier versions, allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with
certain headers that contain long comments, as demonstrated using the
DocumentMedia header.

http://www.linuxsecurity.com/content/view/125814


* Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow
vulnerabilities
  18th, November, 2006

Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739).

http://www.linuxsecurity.com/content/view/125815


* Mandriva: Updated avahi packages fix netlink vulnerability
  20th, November, 2006

Steve Grubb discovered that netlink messages were not being checked
for their sender identity.  This could lead to local users
manipulating the Avahi service.

http://www.linuxsecurity.com/content/view/125842


* Mandriva: Updated links packages fix smb vulnerability
  20th, November, 2006

The links web browser with smbclient installed allows remote
attackers to execute arbitrary code via shell metacharacters in an
smb:// URI, as demonstrated by using PUT and GET statements.

http://www.linuxsecurity.com/content/view/125843


* Mandriva: Updated proftpd packages fix vulnerabilities
  20th, November, 2006

As disclosed by an exploit (vd_proftpd.pm) and a related vendor
bugfix, a Denial of Service (DoS) vulnerability exists in the FTP
server ProFTPD, up to and including version 1.3.0.  The flaw is due
to both a potential bus error and a definitive buffer overflow in the
code which determines the FTP command buffer size limit. The
vulnerability can be exploited only if the "CommandBufferSize"
directive is explicitly used in the server configuration, which is
not the case in the default configuration of ProFTPD.

http://www.linuxsecurity.com/content/view/125848


* Mandriva: Updated openldap packages fixes Bind vulnerability
  21st, November, 2006

An unspecified vulnerability in OpenLDAP allows remote attackers to
cause a denial of service (daemon crash) via a certain combination of
SASL Bind requests that triggers an assertion failure in libldap.
Packages have been patched to correct this issue. Packages for Corp4
were built from the wrong src.rpm, breaking Heimdal Kerboros and
possibly other support. Updated packages are being provided to
correct this issue.

http://www.linuxsecurity.com/content/view/125867


* Mandriva: Updated apache-mod_auth_kerb packages fixes DoS
vulnerability
  23rd, November, 2006

An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0
allows remote attackers to cause a denial of service (crash) via a
crafted Kerberos message that triggers a heap-based buffer overflow
in the component array.  Packages have been patched to correct this
issue.

http://www.linuxsecurity.com/content/view/125887


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: Mozilla Firefox, Thunderbird,
  16th, November, 2006

The following CVEIDs are addresed by this vulnerability:
CVE-2006-5464 CVE-2006-5747 CVE-2006-5748 CVE-2006-5462 CVE-2006-5463

http://www.linuxsecurity.com/content/view/125790


* SuSE: asterisk (SUSE-SA:2006:069)
  16th, November, 2006

Two security problem have been found and fixed in the PBX software
Asterisk. CVE-2006-5444: Integer overflow in the get_input function
in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP
phones, allows remote attackers to potentially execute arbitrary code
via a certain dlen value that passes a signed integer comparison and
leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability
in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE
Linux 10.1 allows remote attackers to cause a denial of service
(resource consumption) via unspecified vectors that result in the
creation of "a real pvt structure" that uses more resources than
necessary.

http://www.linuxsecurity.com/content/view/125791


* SuSE: powerdns denial of service
  16th, November, 2006

Two security problems that have been found in PowerDNS are fixed by
this update: CVE-2006-4251: The PowerDNS Recursor can be made to
crash by sending malformed questions to it over TCP potentially
executing code. CVE-2006-4252: Zero second CNAME TTLs can make
PowerDNS exhaust allocated stack space and crash.

http://www.linuxsecurity.com/content/view/125792


+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  libpng vulnerability
  17th, November, 2006

Tavis Ormandy discovered that libpng did not correctly calculate the
size of sPLT structures when reading an image.	By tricking a user or
an automated system into processing a specially crafted PNG file, an
attacker could exploit this weakness to crash the application using
the library.

http://www.linuxsecurity.com/content/view/125806


* Ubuntu:  OpenLDAP vulnerability
  20th, November, 2006

Evgeny Legerov discovered that the OpenLDAP libraries did not
correctly truncate authcid names.  This situation would trigger an
assert and abort the program using the libraries.  A remote attacker
could send specially crafted bind requests that would lead to an LDAP
server denial of service.

http://www.linuxsecurity.com/content/view/125849


* Ubuntu:  Thunderbird vulnerabilities
  21st, November, 2006

USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462) Various flaws
have been reported that allow an attacker to execute arbitrary code
with user privileges by tricking the user into opening a malicious
email containing JavaScript. Please note that JavaScript is disabled
by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)

http://www.linuxsecurity.com/content/view/125860


* Ubuntu:  Firefox vulnerabilities
  21st, November, 2006

USN-351-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462) Various flaws
have been reported that allow an attacker to execute arbitrary code
with user privileges by tricking the user into opening a malicious
web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464,
CVE-2006-5747, CVE-2006-5748)

http://www.linuxsecurity.com/content/view/125861



------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Sun Nov 26 2006 - 23:36:06 PST