[ISN] Linux Advisory Watch - December 22nd 2006

From: InfoSec News (alerts@private)
Date: Fri Dec 22 2006 - 23:28:35 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  December 22nd 2006                           Volume 7, Number 51a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for clamav, sql-ledger, links2,
dbus, gdm, Radius, pam_ldap, imlib2, ruby, evince, xorg, sendmail,
evolution, hal, proftpd, mono, lsb, tar, firefox, seamonkey,
libgsf, and avahi.  The distributors include Debian, Fedora,
Gentoo, Mandriva, Red Hat, SuSE, and Ubuntu.

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec/

---

* EnGarde Secure Linux v3.0.11 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.11 (Version 3.0, Release 11). This release includes
several bug fixes and feature enhancements to the SELinux policy
and several updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New Linux 2.4.27 packages fix several vulnerabilities
  17th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126261


* Debian: New clamav packages fix several vulnerabilities
  17th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126262


* Debian: New sql-ledger packages fix arbitrary code execution
  17th, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126263


* Debian: New links2 packages fix arbitrary shell command execution
  21st, December, 2006

Teemu Salmela discovered that the links2 character mode web browser
performs insufficient sanitising of smb:// URIs, which might lead to
the execution of arbitrary shell commands.

http://www.linuxsecurity.com/content/view/126320


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 5 Update: dbus-0.62-0.2.fc5
  15th, December, 2006

Along with the security patch there is also a patch which protects
D-Bus from exiting when updating to versions greater than or equal to
1.0.0 (i.e. upgrading to fc6)

http://www.linuxsecurity.com/content/view/126252


* Fedora Core 5 Update: gdm-2.14.11-1.fc5
  15th, December, 2006

Fix for a recently reported security issue that has ID CVE-2006-6105.
 This fixes a problem where a user can enter strings like "%08x" into
the gdmchooser "Add"j host button and print out memory.

http://www.linuxsecurity.com/content/view/126253


* Fedora Core 6 Update: gdm-2.16.4-1.fc6
  15th, December, 2006

This update brings gdm to the latest stable upstream version, which
among other bug fixes and improvements contains a fix for a recently
reported security issue that has ID CVE-2006-6105. This fixes a
problem where a user can enter strings like "%08x" into the
gdmchooser "Add"j host button and print out memory.

http://www.linuxsecurity.com/content/view/126254



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: McAfee VirusScan Insecure DT_RPATH
  14th, December, 2006

McAfee VirusScan for Linux is distributed with an insecure DT_RPATH,
potentially allowing a remote attacker to execute arbitrary code.

http://www.linuxsecurity.com/content/view/126229


* Gentoo: Links Arbitrary Samba command execution
  14th, December, 2006

Links does not properly validate "smb://" URLs, making it vulnerable
to the execution of arbitrary Samba commands.

http://www.linuxsecurity.com/content/view/126236


* Gentoo: GNU Radius Format string vulnerability
  14th, December, 2006

A format string vulnerabilty has been found in GNU Radius, which
could lead to the remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/126237


* Gentoo: ClamAV Denial of Service
  18th, December, 2006

ClamAV is vulnerable to Denial of Service.

http://www.linuxsecurity.com/content/view/126268


* Gentoo: pam_ldap Authentication bypass vulnerability
  20th, December, 2006

pam_ldap contains a vulnerability that may allow a remote user with a
locked account to gain unauthorized system access.

http://www.linuxsecurity.com/content/view/126299


* Gentoo: imlib2 Multiple vulnerabilities
  20th, December, 2006

imlib2 contains several vulnerabilities that could lead to the remote
execution of arbitrary code or a Denial of Service.

http://www.linuxsecurity.com/content/view/126300


* Gentoo: Ruby Denial of Service vulnerability
  20th, December, 2006

The Ruby cgi.rb CGI library is vulnerable to a Denial of Service
attack.

http://www.linuxsecurity.com/content/view/126301


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated evince packages fix buffer overflow vulnerability
  14th, December, 2006

Stack-based buffer overflow in ps.c for evince allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with
certain headers that contain long comments, as demonstrated using the
DocumentMedia header

http://www.linuxsecurity.com/content/view/126227


* Mandriva: Updated clamav packages fix vulnerability
  14th, December, 2006

The latest version of ClamAV, 0.88.7, fixes some bugs, including
vulnerabilities with handling base64-encoded MIME attachment files
that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of
virus detection (CVE-2006-6406).

http://www.linuxsecurity.com/content/view/126228


* Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow
vulnerabilities
  14th, December, 2006

Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739). Local exploitation of an integer
overflow vulnerability in the 'scan_cidfont()' function in the X.Org
and XFree86 X server could allow an attacker to execute arbitrary
code with privileges of the X server, typically root (CVE-2006-3740).
Updated packages are patched to address this issue. Updated packages
for Corporate Server 4.0 have been patched

http://www.linuxsecurity.com/content/view/126241


* Mandriva: Updated sendmail packages to address init script issues
  14th, December, 2006

A bug in the sendmail service initscript prevented the sm-client
service from restarting if had not shut down cleanly from a previous
run. The updated packages address this issue.

http://www.linuxsecurity.com/content/view/126242


* Mandriva: Updated evolution-sharp packages fixes issues with beagle
  14th, December, 2006

The evolution-sharp bindings weren't configured properly, preventing
beagle from indexing Evolution mailboxes. This update fixes this
issue.

http://www.linuxsecurity.com/content/view/126244


* Mandriva: Updated gdm packages fix string vulnerability
  14th, December, 2006

Local exploitation of a format string vulnerability in GNOME
Foundation's GNOME Display Manager host chooser window (gdmchooser)
could allow an unauthenticated attacker to execute arbitrary code on
the affected system. The updated packages have been patched to
correct this issue.

http://www.linuxsecurity.com/content/view/126246


* Mandriva: Updated hal packages to address several bugs
  15th, December, 2006

A bug in partition detection for some SD/MMC card readers (those
using the sdhci driver) was preventing correct detection by HAL,
breaking automatic mounting/unmounting on card	nsertion/removal.
Another bug was preventing correct mounting of LUKS-encrypted
removable media. This update fixes these bugs and also provides
compatibility with D-Bus 1.0.

http://www.linuxsecurity.com/content/view/126260


* Mandriva: Updated proftpd packages fix mod_ctrls vulnerability
  18th, December, 2006

Stack-based buffer overflow in the pr_ctrls_recv_request function in
ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows
local users to execute arbitrary code via a large reqarglen length
value. Packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/126278


* Mandriva: Updated dbus packages fix vulnerability
  18th, December, 2006

A vulnerability was discovered in D-Bus that could be exploited by a
local attacker to cause a Denial of Service. Updated packages have
been patched to correct this issue.

http://www.linuxsecurity.com/content/view/126279


* Mandriva: Updated mono packages fix vulnerability
  20th, December, 2006

XSP (the Mono ASP.NET server) is vulnerable to source disclosure
attack which allow a malicious user to obtain the source code of the
server-side application. This vulnerability grants the attacker
deeper knowledge of the Web application logic.

http://www.linuxsecurity.com/content/view/126316


* Mandriva: Updated lsb package to address missing libmesagl
dependency
  21st, December, 2006

When the xorg-x11 package was broken up into subpackages, libGL.so.1,
which is required by LSB, ended up not being a requirement of the lsb
meta-package. This update corrects this issue and should allow
lsblibchk to run without failures.

http://www.linuxsecurity.com/content/view/126319


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: tar security update
  19th, December, 2006

Updated tar packages that fix a path traversal flaw are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126291


* RedHat: Critical: firefox security update
  19th, December, 2006

Updated firefox packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126292


* RedHat: Critical: seamonkey security update
  19th, December, 2006

Updated seamonkey packages that fix several security bugs are now
available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has
been rated as having critical security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/126293


* RedHat: Critical: thunderbird security update
  19th, December, 2006

Updated thunderbird packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126294



+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: libgsf buffer overflows
  14th, December, 2006

The libgsf library is used by various GNOME programs to handle for
instance OLE2 data streams. Specially crafted OLE documents enabled
attackers to use a heap buffer overflow for potentially executing
code. This issue is tracked by the Mitre CVE ID CVE-2006-4514.

http://www.linuxsecurity.com/content/view/126233


* SuSE: flash-player CRLF injection
  14th, December, 2006

This security update brings the Adobe Flash Player to version 7.0.69.
The update fixes the following security problem: CVE-2006-5330: CRLF
injection vulnerabilities in Adobe Flash Player allows remote
attackers to modify HTTP headers of client requests and conduct HTTP
Request Splitting attacks via CRLF sequences in arguments to the
ActionScript functions (1) XML.addRequestHeader and (2)
XML.contentType. The flexibility of the attack varies depending on
the type of web browser being used.

http://www.linuxsecurity.com/content/view/126234


* SuSE: clamav 0.88.7 (SUSE-SA:2006:078)
  18th, December, 2006

The anti virus scan engine ClamAV has been updated to version 0.88.7
to fix various security problems: CVE-2006-5874: Clam AntiVirus
(ClamAV) allows remote attackers to cause a denial of service (crash)
via a malformed base64-encoded MIME attachment that triggers a null
pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6
allowed remote attackers to cause a denial of service (stack overflow
and application crash) by wrapping many layers of multipart/mixed
content around a document, a different vulnerability than
CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus
(ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by
inserting invalid characters into base64 encoded content in a
multipart/mixed MIME file, as demonstrated with the EICAR test file.

http://www.linuxsecurity.com/content/view/126266


* SuSE: Linux kernel (SUSE-SA:2006:079)
  21st, December, 2006

Updated package.

http://www.linuxsecurity.com/content/view/126321


* Ubuntu:  avahi regression
  14th, December, 2006

USN-380-1 fixed a vulnerability in Avahi. However, if used with
Network manager, that version occasionally failed to resolve .local
DNS names until Avahi got restarted. This update fixes the problem.
We apologize for the inconvenience.


http://www.linuxsecurity.com/content/view/126235



+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  gdm vulnerability
  14th, December, 2006

A format string vulnerability was discovered in the gdmchooser
component of the GNOME Display Manager.  By typing a specially
crafted host name, local users could gain gdm user privileges, which
could lead to further account information exposure.

http://www.linuxsecurity.com/content/view/126245


* Ubuntu:  mono vulnerability
  20th, December, 2006

Jose Ramon Palanco discovered that the mono System.Web class did not
consistently verify local file paths.  As a result, the source code
for mono web applications could be retrieved remotely, possibly
leading to further compromise via the application's source.

http://www.linuxsecurity.com/content/view/126315

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Fri Dec 22 2006 - 23:37:30 PST