[ISN] Linux Advisory Watch - December 15th 2006

From: InfoSec News (alerts@private)
Date: Mon Dec 18 2006 - 02:04:26 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  December 15th 2006                           Volume 7, Number 50a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for l2tpns, gnupg, clamav, ruby,
enemies-of-carlotta, wv, xine-lib, ModPlug, KOffice, Mozilla,
SeaMonkey, MadWifi, tar, F-Prot, libgsf, Trac, samba, radius,
powermanga, phpmyadmin, php-eaccelaerator, squirrelmail,
kdegraphics, tomboy, evince, flashplayer, kernel, and avahi.
The distributors include Debian, Gentoo, Mandriva, SuSE and
Ubuntu.

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec/

---

* EnGarde Secure Linux v3.0.11 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.11 (Version 3.0, Release 11). This release includes
several bug fixes and feature enhancements to the SELinux policy
and several updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: new l2tpns packages fix buffer overflow
  8th, December, 2006

Rhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunnelling
protocol network server, which could be triggered by a remote user to
execute arbitary code.

http://www.linuxsecurity.com/content/view/126116


* Debian: New gnupg packages fix arbitrary code execution
  9th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126123


* Debian: New clamav packages fix denial of service
  9th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126124


* Debian: New Linux 2.6.8 packages fix several vulnerabilities
  10th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126131


* Debian: New ruby1.6 package fix denial of service
  13th, December, 2006

A denial of service vulnerability has been discovered in the CGI
library included with Ruby, the intepreted scripting langauge for
quick and easy object-orientated programming.

http://www.linuxsecurity.com/content/view/126196


* Debian: New ruby1.8 package fix denial of service
  13th, December, 2006

A denial of service vulnerability has been discovered in the CGI
library included with Ruby, the intepreted scripting langauge for
quick and easy object-orientated programming.

http://www.linuxsecurity.com/content/view/126197


* Debian: New enemies-of-carlotta package fix missing sanity checks
  13th, December, 2006

Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple
manager for mailing lists, does not properly sanitise email addresses
before passing them through to the system shell.

http://www.linuxsecurity.com/content/view/126198


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: wv library Multiple integer overflows
  7th, December, 2006

The wv library is vulnerable to multiple integer overflows which
could lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/126099


* Gentoo: xine-lib Buffer overflow
  9th, December, 2006

xine-lib is vulnerable to a buffer overflow in the Real Media input
plugin, which could lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/126122


* Gentoo: GnuPG Multiple vulnerabilities
  10th, December, 2006

GnuPG is vulnerable to a buffer overflow and an erroneous function
pointer dereference that can result in the execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/126125


* Gentoo: ModPlug Multiple buffer overflows
  10th, December, 2006

ModPlug contains several boundary errors that could lead to buffer
overflows resulting in the possible execution of arbitrary code.

http://www.linuxsecurity.com/content/view/126126


* Gentoo: KOffice shared libraries Heap corruption
  10th, December, 2006

An integer overflow in koffice-libs allows for a Denial of Service
and possibly the execution of arbitrary code when viewing malicious
PowerPoint files.

http://www.linuxsecurity.com/content/view/126127


* Gentoo: Mozilla Thunderbird Multiple vulnerabilities
  10th, December, 2006

Multiple vulnerabilities have been identified in Mozilla Thunderbird.

http://www.linuxsecurity.com/content/view/126128


* Gentoo: Mozilla Firefox Multiple vulnerabilities
  10th, December, 2006

Multiple vulnerabilities have been reported in Mozilla Firefox.

http://www.linuxsecurity.com/content/view/126129


* Gentoo: SeaMonkey Multiple vulnerabilities
  10th, December, 2006

Multiple vulnerabilities have been identified in the SeaMonkey
project.

http://www.linuxsecurity.com/content/view/126130


* Gentoo: MadWifi Kernel driver buffer overflow
  10th, December, 2006

MadWifi is vulnerable to a buffer overflow that could potentially
lead to the remote execution of arbitrary code with root privileges.

http://www.linuxsecurity.com/content/view/126132


* Gentoo: GnuPG Multiple vulnerabilities
  11th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126136


* Gentoo: Tar Directory traversal vulnerability
  11th, December, 2006

Tar is vulnerable to directory traversal possibly allowing for the
overwriting of arbitrary files.

http://www.linuxsecurity.com/content/view/126170


* Gentoo: MadWifi Kernel driver buffer overflow
  11th, December, 2006

OpenSSL contains multiple vulnerabilities including the possible
execution of remote arbitrary code.

http://www.linuxsecurity.com/content/view/126174


* Gentoo: F-PROT Antivirus Multiple vulnerabilities
  12th, December, 2006

F-Prot Antivirus contains a buffer overflow and other unspecified
vulnerabilities, possibly allowing the remote execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/126190


* Gentoo: libgsf Buffer overflow
  12th, December, 2006

libgsf improperly allocates memory allowing for a heap overflow and
possibly the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/126191


* Gentoo: Trac Cross-site request forgery
  12th, December, 2006

Trac allows remote attackers to execute unauthorized actions as other
users.

http://www.linuxsecurity.com/content/view/126192


* Gentoo: McAfee VirusScan Insecure DT_RPATH
  14th, December, 2006

McAfee VirusScan for Linux is distributed with an insecure DT_RPATH,
potentially allowing a remote attacker to execute arbitrary code.

http://www.linuxsecurity.com/content/view/126229


* Gentoo: Links Arbitrary Samba command execution
  14th, December, 2006

Links does not properly validate "smb://" URLs, making it vulnerable
to the execution of arbitrary Samba commands.

http://www.linuxsecurity.com/content/view/126236


* Gentoo: GNU Radius Format string vulnerability
  14th, December, 2006

A format string vulnerabilty has been found in GNU Radius, which
could lead to the remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/126237


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated powermanga to fix startup bug.
  8th, December, 2006

Powermanga fails to to start with a "can't locate file
:texts/text_en.txt" error message. The required files have been
included in this update.

http://www.linuxsecurity.com/content/view/126121


* Mandriva: Updated phpMyAdmin to address several bugs.
  11th, December, 2006

phpmMyAdmin 2.8.2.2 fails and does core dump to /tmp when doing some
work. like: 1. Export database structure to file.sql using tab
"export" 2. Move a table to another database using tab "operation"
The ssl redirection has been deactivated in this package because it
could fail under some circumstances using virtual hosts.

http://www.linuxsecurity.com/content/view/126139


* Mandriva: Updated php-eaccelerator to address issue of being built
against the  wrong php version.
  11th, December, 2006

The php-eaccelerator package that comes with CS4 was not built
against the correct php version. This update addresses this problem.
The eloader and encoder portions are being dropped upstream because
they do not work properly. Therefore, there will be no
php-eaccelerator-eloader sub package provided with this release. In
addition, the version has been upgraded from 0.9.5 RC1 to 0.9.5
final.

http://www.linuxsecurity.com/content/view/126140


* Mandriva: Updated logrotate to fix rotation issue for syslogd.
  11th, December, 2006

The log rotation script that rotates the system logs was moved from
the backported sysklogd package (used in CS4) to the logrotate
package. The new logrotate package will see to it that the system log
files will be rotated as usual.

http://www.linuxsecurity.com/content/view/126141


* Mandriva: Updated squirrelmail packages fix vulnerabilities
  11th, December, 2006

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail
1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web
script or HTML via the (1) mailto parameter in (a) webmail.php, the
(2) session and (3) delete_draft parameters in (b) compose.php, and
(4) unspecified vectors involving "a shortcoming in the magicHTML
filter."

http://www.linuxsecurity.com/content/view/126164


* Mandriva: Updated kdegraphics packages fix EXIF vulnerability
  11th, December, 2006

Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3,
as used by konqueror, digikam, and other KDE image browsers, allows
remote attackers to cause a denial of service (stack consumption) via
a crafted EXIF section in a JPEG file, which results in an infinite
recursion.

http://www.linuxsecurity.com/content/view/126168


* Mandriva: Updated gnupg packages fix vulnerability
  11th, December, 2006

A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to
execute arbitrary code via crafted OpenPGP packets that cause GnuPG
to dereference a function pointer from deallocated stack memory.
Updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/126175


* Mandriva: Updated glibc package are available for new kernels
  11th, December, 2006

Updated glibc packages are being provided to ensure that kernel and
user-space tools are in sync.  This update also fixes a bug present
on x86_64 platforms where strncmp() is mis-optimized.

http://www.linuxsecurity.com/content/view/126176


* Mandriva: Updated tomboy package to address missing dependencies on
x86_64
  13th, December, 2006

A bug in the build system made the tomboy package miss some
dependencies like gnome-sharp2 on x86_64. The rebuilt package now
installs all required packages.

http://www.linuxsecurity.com/content/view/126199


* Mandriva: Updated evince packages fix buffer overflow vulnerability
  14th, December, 2006

Stack-based buffer overflow in ps.c for evince allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with
certain headers that contain long comments, as demonstrated using the
DocumentMedia header

http://www.linuxsecurity.com/content/view/126227


* Mandriva: Updated clamav packages fix vulnerability
  14th, December, 2006

The latest version of ClamAV, 0.88.7, fixes some bugs, including
vulnerabilities with handling base64-encoded MIME attachment files
that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of
virus detection (CVE-2006-6406).

http://www.linuxsecurity.com/content/view/126228


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: Madwifi remote root exploit
  11th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126163


* SuSE: gpg (SUSE-SA:2006:075)
  13th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126193


* SuSE: libgsf buffer overflows
  14th, December, 2006

The libgsf library is used by various GNOME programs to handle for
instance OLE2 data streams. Specially crafted OLE documents enabled
attackers to use a heap buffer overflow for potentially executing
code. This issue is tracked by the Mitre CVE ID CVE-2006-4514.

http://www.linuxsecurity.com/content/view/126233


* SuSE: flash-player CRLF injection
  14th, December, 2006

This security update brings the Adobe Flash Player to version 7.0.69.
The update fixes the following security problem: CVE-2006-5330: CRLF
injection vulnerabilities in Adobe Flash Player allows remote
attackers to modify HTTP headers of client requests and conduct HTTP
Request Splitting attacks via CRLF sequences in arguments to the
ActionScript functions (1) XML.addRequestHeader and (2)
XML.contentType. The flexibility of the attack varies depending on
the type of web browser being used.

http://www.linuxsecurity.com/content/view/126234


+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  GnuPG2 vulnerabilities
  7th, December, 2006

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg.  This update
provides the corresponding updates for gnupg2.

http://www.linuxsecurity.com/content/view/126105


* Ubuntu:  Ruby vulnerability
  8th, December, 2006

An error was found in Ruby's CGI library that did not correctly quote
the boundary of multipart MIME requests.  Using a crafted HTTP
request, a remote user could cause a denial of service, where Ruby
CGI applications would end up in a loop, monopolizing a CPU.

http://www.linuxsecurity.com/content/view/126114


* Ubuntu:  Linux kernel vulnerabilities
  13th, December, 2006

The following CVEIDs are covered by this advisory: CVE-2006-4572,
CVE-2006-4813, CVE-2006-4997, CVE-2006-5158, CVE-2006-5173,
CVE-2006-5619, CVE-2006-5648, CVE-2006-5649, CVE-2006-5701,
CVE-2006-5751

http://www.linuxsecurity.com/content/view/126200


* Ubuntu:  avahi regression
  14th, December, 2006

USN-380-1 fixed a vulnerability in Avahi. However, if used with
Network manager, that version occasionally failed to resolve .local
DNS names until Avahi got restarted. This update fixes the problem.
We apologize for the inconvenience.

http://www.linuxsecurity.com/content/view/126235

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Mon Dec 18 2006 - 02:20:04 PST