+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 22nd 2006 Volume 7, Number 51a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for clamav, sql-ledger, links2, dbus, gdm, Radius, pam_ldap, imlib2, ruby, evince, xorg, sendmail, evolution, hal, proftpd, mono, lsb, tar, firefox, seamonkey, libgsf, and avahi. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, SuSE, and Ubuntu. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- * EnGarde Secure Linux v3.0.11 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.11 (Version 3.0, Release 11). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New Linux 2.4.27 packages fix several vulnerabilities 17th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126261 * Debian: New clamav packages fix several vulnerabilities 17th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126262 * Debian: New sql-ledger packages fix arbitrary code execution 17th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126263 * Debian: New links2 packages fix arbitrary shell command execution 21st, December, 2006 Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. http://www.linuxsecurity.com/content/view/126320 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 5 Update: dbus-0.62-0.2.fc5 15th, December, 2006 Along with the security patch there is also a patch which protects D-Bus from exiting when updating to versions greater than or equal to 1.0.0 (i.e. upgrading to fc6) http://www.linuxsecurity.com/content/view/126252 * Fedora Core 5 Update: gdm-2.14.11-1.fc5 15th, December, 2006 Fix for a recently reported security issue that has ID CVE-2006-6105. This fixes a problem where a user can enter strings like "%08x" into the gdmchooser "Add"j host button and print out memory. http://www.linuxsecurity.com/content/view/126253 * Fedora Core 6 Update: gdm-2.16.4-1.fc6 15th, December, 2006 This update brings gdm to the latest stable upstream version, which among other bug fixes and improvements contains a fix for a recently reported security issue that has ID CVE-2006-6105. This fixes a problem where a user can enter strings like "%08x" into the gdmchooser "Add"j host button and print out memory. http://www.linuxsecurity.com/content/view/126254 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: McAfee VirusScan Insecure DT_RPATH 14th, December, 2006 McAfee VirusScan for Linux is distributed with an insecure DT_RPATH, potentially allowing a remote attacker to execute arbitrary code. http://www.linuxsecurity.com/content/view/126229 * Gentoo: Links Arbitrary Samba command execution 14th, December, 2006 Links does not properly validate "smb://" URLs, making it vulnerable to the execution of arbitrary Samba commands. http://www.linuxsecurity.com/content/view/126236 * Gentoo: GNU Radius Format string vulnerability 14th, December, 2006 A format string vulnerabilty has been found in GNU Radius, which could lead to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/126237 * Gentoo: ClamAV Denial of Service 18th, December, 2006 ClamAV is vulnerable to Denial of Service. http://www.linuxsecurity.com/content/view/126268 * Gentoo: pam_ldap Authentication bypass vulnerability 20th, December, 2006 pam_ldap contains a vulnerability that may allow a remote user with a locked account to gain unauthorized system access. http://www.linuxsecurity.com/content/view/126299 * Gentoo: imlib2 Multiple vulnerabilities 20th, December, 2006 imlib2 contains several vulnerabilities that could lead to the remote execution of arbitrary code or a Denial of Service. http://www.linuxsecurity.com/content/view/126300 * Gentoo: Ruby Denial of Service vulnerability 20th, December, 2006 The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack. http://www.linuxsecurity.com/content/view/126301 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated evince packages fix buffer overflow vulnerability 14th, December, 2006 Stack-based buffer overflow in ps.c for evince allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header http://www.linuxsecurity.com/content/view/126227 * Mandriva: Updated clamav packages fix vulnerability 14th, December, 2006 The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406). http://www.linuxsecurity.com/content/view/126228 * Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities 14th, December, 2006 Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739). Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3740). Updated packages are patched to address this issue. Updated packages for Corporate Server 4.0 have been patched http://www.linuxsecurity.com/content/view/126241 * Mandriva: Updated sendmail packages to address init script issues 14th, December, 2006 A bug in the sendmail service initscript prevented the sm-client service from restarting if had not shut down cleanly from a previous run. The updated packages address this issue. http://www.linuxsecurity.com/content/view/126242 * Mandriva: Updated evolution-sharp packages fixes issues with beagle 14th, December, 2006 The evolution-sharp bindings weren't configured properly, preventing beagle from indexing Evolution mailboxes. This update fixes this issue. http://www.linuxsecurity.com/content/view/126244 * Mandriva: Updated gdm packages fix string vulnerability 14th, December, 2006 Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/126246 * Mandriva: Updated hal packages to address several bugs 15th, December, 2006 A bug in partition detection for some SD/MMC card readers (those using the sdhci driver) was preventing correct detection by HAL, breaking automatic mounting/unmounting on card nsertion/removal. Another bug was preventing correct mounting of LUKS-encrypted removable media. This update fixes these bugs and also provides compatibility with D-Bus 1.0. http://www.linuxsecurity.com/content/view/126260 * Mandriva: Updated proftpd packages fix mod_ctrls vulnerability 18th, December, 2006 Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. Packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/126278 * Mandriva: Updated dbus packages fix vulnerability 18th, December, 2006 A vulnerability was discovered in D-Bus that could be exploited by a local attacker to cause a Denial of Service. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/126279 * Mandriva: Updated mono packages fix vulnerability 20th, December, 2006 XSP (the Mono ASP.NET server) is vulnerable to source disclosure attack which allow a malicious user to obtain the source code of the server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic. http://www.linuxsecurity.com/content/view/126316 * Mandriva: Updated lsb package to address missing libmesagl dependency 21st, December, 2006 When the xorg-x11 package was broken up into subpackages, libGL.so.1, which is required by LSB, ended up not being a requirement of the lsb meta-package. This update corrects this issue and should allow lsblibchk to run without failures. http://www.linuxsecurity.com/content/view/126319 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: tar security update 19th, December, 2006 Updated tar packages that fix a path traversal flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/126291 * RedHat: Critical: firefox security update 19th, December, 2006 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/126292 * RedHat: Critical: seamonkey security update 19th, December, 2006 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/126293 * RedHat: Critical: thunderbird security update 19th, December, 2006 Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/126294 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: libgsf buffer overflows 14th, December, 2006 The libgsf library is used by various GNOME programs to handle for instance OLE2 data streams. Specially crafted OLE documents enabled attackers to use a heap buffer overflow for potentially executing code. This issue is tracked by the Mitre CVE ID CVE-2006-4514. http://www.linuxsecurity.com/content/view/126233 * SuSE: flash-player CRLF injection 14th, December, 2006 This security update brings the Adobe Flash Player to version 7.0.69. The update fixes the following security problem: CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. The flexibility of the attack varies depending on the type of web browser being used. http://www.linuxsecurity.com/content/view/126234 * SuSE: clamav 0.88.7 (SUSE-SA:2006:078) 18th, December, 2006 The anti virus scan engine ClamAV has been updated to version 0.88.7 to fix various security problems: CVE-2006-5874: Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allowed remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. http://www.linuxsecurity.com/content/view/126266 * SuSE: Linux kernel (SUSE-SA:2006:079) 21st, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126321 * Ubuntu: avahi regression 14th, December, 2006 USN-380-1 fixed a vulnerability in Avahi. However, if used with Network manager, that version occasionally failed to resolve .local DNS names until Avahi got restarted. This update fixes the problem. We apologize for the inconvenience. http://www.linuxsecurity.com/content/view/126235 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: gdm vulnerability 14th, December, 2006 A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure. http://www.linuxsecurity.com/content/view/126245 * Ubuntu: mono vulnerability 20th, December, 2006 Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source. http://www.linuxsecurity.com/content/view/126315 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Fri Dec 22 2006 - 23:37:30 PST