+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 15th 2006 Volume 7, Number 50a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for l2tpns, gnupg, clamav, ruby,
enemies-of-carlotta, wv, xine-lib, ModPlug, KOffice, Mozilla,
SeaMonkey, MadWifi, tar, F-Prot, libgsf, Trac, samba, radius,
powermanga, phpmyadmin, php-eaccelaerator, squirrelmail,
kdegraphics, tomboy, evince, flashplayer, kernel, and avahi.
The distributors include Debian, Gentoo, Mandriva, SuSE and
Ubuntu.
---
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.
http://www.msia.norwich.edu/linsec/
---
* EnGarde Secure Linux v3.0.11 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.11 (Version 3.0, Release 11). This release includes
several bug fixes and feature enhancements to the SELinux policy
and several updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: new l2tpns packages fix buffer overflow
8th, December, 2006
Rhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunnelling
protocol network server, which could be triggered by a remote user to
execute arbitary code.
http://www.linuxsecurity.com/content/view/126116
* Debian: New gnupg packages fix arbitrary code execution
9th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126123
* Debian: New clamav packages fix denial of service
9th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126124
* Debian: New Linux 2.6.8 packages fix several vulnerabilities
10th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126131
* Debian: New ruby1.6 package fix denial of service
13th, December, 2006
A denial of service vulnerability has been discovered in the CGI
library included with Ruby, the intepreted scripting langauge for
quick and easy object-orientated programming.
http://www.linuxsecurity.com/content/view/126196
* Debian: New ruby1.8 package fix denial of service
13th, December, 2006
A denial of service vulnerability has been discovered in the CGI
library included with Ruby, the intepreted scripting langauge for
quick and easy object-orientated programming.
http://www.linuxsecurity.com/content/view/126197
* Debian: New enemies-of-carlotta package fix missing sanity checks
13th, December, 2006
Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple
manager for mailing lists, does not properly sanitise email addresses
before passing them through to the system shell.
http://www.linuxsecurity.com/content/view/126198
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: wv library Multiple integer overflows
7th, December, 2006
The wv library is vulnerable to multiple integer overflows which
could lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/126099
* Gentoo: xine-lib Buffer overflow
9th, December, 2006
xine-lib is vulnerable to a buffer overflow in the Real Media input
plugin, which could lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/126122
* Gentoo: GnuPG Multiple vulnerabilities
10th, December, 2006
GnuPG is vulnerable to a buffer overflow and an erroneous function
pointer dereference that can result in the execution of arbitrary
code.
http://www.linuxsecurity.com/content/view/126125
* Gentoo: ModPlug Multiple buffer overflows
10th, December, 2006
ModPlug contains several boundary errors that could lead to buffer
overflows resulting in the possible execution of arbitrary code.
http://www.linuxsecurity.com/content/view/126126
* Gentoo: KOffice shared libraries Heap corruption
10th, December, 2006
An integer overflow in koffice-libs allows for a Denial of Service
and possibly the execution of arbitrary code when viewing malicious
PowerPoint files.
http://www.linuxsecurity.com/content/view/126127
* Gentoo: Mozilla Thunderbird Multiple vulnerabilities
10th, December, 2006
Multiple vulnerabilities have been identified in Mozilla Thunderbird.
http://www.linuxsecurity.com/content/view/126128
* Gentoo: Mozilla Firefox Multiple vulnerabilities
10th, December, 2006
Multiple vulnerabilities have been reported in Mozilla Firefox.
http://www.linuxsecurity.com/content/view/126129
* Gentoo: SeaMonkey Multiple vulnerabilities
10th, December, 2006
Multiple vulnerabilities have been identified in the SeaMonkey
project.
http://www.linuxsecurity.com/content/view/126130
* Gentoo: MadWifi Kernel driver buffer overflow
10th, December, 2006
MadWifi is vulnerable to a buffer overflow that could potentially
lead to the remote execution of arbitrary code with root privileges.
http://www.linuxsecurity.com/content/view/126132
* Gentoo: GnuPG Multiple vulnerabilities
11th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126136
* Gentoo: Tar Directory traversal vulnerability
11th, December, 2006
Tar is vulnerable to directory traversal possibly allowing for the
overwriting of arbitrary files.
http://www.linuxsecurity.com/content/view/126170
* Gentoo: MadWifi Kernel driver buffer overflow
11th, December, 2006
OpenSSL contains multiple vulnerabilities including the possible
execution of remote arbitrary code.
http://www.linuxsecurity.com/content/view/126174
* Gentoo: F-PROT Antivirus Multiple vulnerabilities
12th, December, 2006
F-Prot Antivirus contains a buffer overflow and other unspecified
vulnerabilities, possibly allowing the remote execution of arbitrary
code.
http://www.linuxsecurity.com/content/view/126190
* Gentoo: libgsf Buffer overflow
12th, December, 2006
libgsf improperly allocates memory allowing for a heap overflow and
possibly the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/126191
* Gentoo: Trac Cross-site request forgery
12th, December, 2006
Trac allows remote attackers to execute unauthorized actions as other
users.
http://www.linuxsecurity.com/content/view/126192
* Gentoo: McAfee VirusScan Insecure DT_RPATH
14th, December, 2006
McAfee VirusScan for Linux is distributed with an insecure DT_RPATH,
potentially allowing a remote attacker to execute arbitrary code.
http://www.linuxsecurity.com/content/view/126229
* Gentoo: Links Arbitrary Samba command execution
14th, December, 2006
Links does not properly validate "smb://" URLs, making it vulnerable
to the execution of arbitrary Samba commands.
http://www.linuxsecurity.com/content/view/126236
* Gentoo: GNU Radius Format string vulnerability
14th, December, 2006
A format string vulnerabilty has been found in GNU Radius, which
could lead to the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/126237
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated powermanga to fix startup bug.
8th, December, 2006
Powermanga fails to to start with a "can't locate file
:texts/text_en.txt" error message. The required files have been
included in this update.
http://www.linuxsecurity.com/content/view/126121
* Mandriva: Updated phpMyAdmin to address several bugs.
11th, December, 2006
phpmMyAdmin 2.8.2.2 fails and does core dump to /tmp when doing some
work. like: 1. Export database structure to file.sql using tab
"export" 2. Move a table to another database using tab "operation"
The ssl redirection has been deactivated in this package because it
could fail under some circumstances using virtual hosts.
http://www.linuxsecurity.com/content/view/126139
* Mandriva: Updated php-eaccelerator to address issue of being built
against the wrong php version.
11th, December, 2006
The php-eaccelerator package that comes with CS4 was not built
against the correct php version. This update addresses this problem.
The eloader and encoder portions are being dropped upstream because
they do not work properly. Therefore, there will be no
php-eaccelerator-eloader sub package provided with this release. In
addition, the version has been upgraded from 0.9.5 RC1 to 0.9.5
final.
http://www.linuxsecurity.com/content/view/126140
* Mandriva: Updated logrotate to fix rotation issue for syslogd.
11th, December, 2006
The log rotation script that rotates the system logs was moved from
the backported sysklogd package (used in CS4) to the logrotate
package. The new logrotate package will see to it that the system log
files will be rotated as usual.
http://www.linuxsecurity.com/content/view/126141
* Mandriva: Updated squirrelmail packages fix vulnerabilities
11th, December, 2006
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail
1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web
script or HTML via the (1) mailto parameter in (a) webmail.php, the
(2) session and (3) delete_draft parameters in (b) compose.php, and
(4) unspecified vectors involving "a shortcoming in the magicHTML
filter."
http://www.linuxsecurity.com/content/view/126164
* Mandriva: Updated kdegraphics packages fix EXIF vulnerability
11th, December, 2006
Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3,
as used by konqueror, digikam, and other KDE image browsers, allows
remote attackers to cause a denial of service (stack consumption) via
a crafted EXIF section in a JPEG file, which results in an infinite
recursion.
http://www.linuxsecurity.com/content/view/126168
* Mandriva: Updated gnupg packages fix vulnerability
11th, December, 2006
A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to
execute arbitrary code via crafted OpenPGP packets that cause GnuPG
to dereference a function pointer from deallocated stack memory.
Updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/126175
* Mandriva: Updated glibc package are available for new kernels
11th, December, 2006
Updated glibc packages are being provided to ensure that kernel and
user-space tools are in sync. This update also fixes a bug present
on x86_64 platforms where strncmp() is mis-optimized.
http://www.linuxsecurity.com/content/view/126176
* Mandriva: Updated tomboy package to address missing dependencies on
x86_64
13th, December, 2006
A bug in the build system made the tomboy package miss some
dependencies like gnome-sharp2 on x86_64. The rebuilt package now
installs all required packages.
http://www.linuxsecurity.com/content/view/126199
* Mandriva: Updated evince packages fix buffer overflow vulnerability
14th, December, 2006
Stack-based buffer overflow in ps.c for evince allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with
certain headers that contain long comments, as demonstrated using the
DocumentMedia header
http://www.linuxsecurity.com/content/view/126227
* Mandriva: Updated clamav packages fix vulnerability
14th, December, 2006
The latest version of ClamAV, 0.88.7, fixes some bugs, including
vulnerabilities with handling base64-encoded MIME attachment files
that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of
virus detection (CVE-2006-6406).
http://www.linuxsecurity.com/content/view/126228
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: Madwifi remote root exploit
11th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126163
* SuSE: gpg (SUSE-SA:2006:075)
13th, December, 2006
Updated package.
http://www.linuxsecurity.com/content/view/126193
* SuSE: libgsf buffer overflows
14th, December, 2006
The libgsf library is used by various GNOME programs to handle for
instance OLE2 data streams. Specially crafted OLE documents enabled
attackers to use a heap buffer overflow for potentially executing
code. This issue is tracked by the Mitre CVE ID CVE-2006-4514.
http://www.linuxsecurity.com/content/view/126233
* SuSE: flash-player CRLF injection
14th, December, 2006
This security update brings the Adobe Flash Player to version 7.0.69.
The update fixes the following security problem: CVE-2006-5330: CRLF
injection vulnerabilities in Adobe Flash Player allows remote
attackers to modify HTTP headers of client requests and conduct HTTP
Request Splitting attacks via CRLF sequences in arguments to the
ActionScript functions (1) XML.addRequestHeader and (2)
XML.contentType. The flexibility of the attack varies depending on
the type of web browser being used.
http://www.linuxsecurity.com/content/view/126234
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: GnuPG2 vulnerabilities
7th, December, 2006
USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update
provides the corresponding updates for gnupg2.
http://www.linuxsecurity.com/content/view/126105
* Ubuntu: Ruby vulnerability
8th, December, 2006
An error was found in Ruby's CGI library that did not correctly quote
the boundary of multipart MIME requests. Using a crafted HTTP
request, a remote user could cause a denial of service, where Ruby
CGI applications would end up in a loop, monopolizing a CPU.
http://www.linuxsecurity.com/content/view/126114
* Ubuntu: Linux kernel vulnerabilities
13th, December, 2006
The following CVEIDs are covered by this advisory: CVE-2006-4572,
CVE-2006-4813, CVE-2006-4997, CVE-2006-5158, CVE-2006-5173,
CVE-2006-5619, CVE-2006-5648, CVE-2006-5649, CVE-2006-5701,
CVE-2006-5751
http://www.linuxsecurity.com/content/view/126200
* Ubuntu: avahi regression
14th, December, 2006
USN-380-1 fixed a vulnerability in Avahi. However, if used with
Network manager, that version occasionally failed to resolve .local
DNS names until Avahi got restarted. This update fixes the problem.
We apologize for the inconvenience.
http://www.linuxsecurity.com/content/view/126235
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Dec 18 2006 - 02:20:04 PST