[ISN] Linux Advisory Watch - January 19th 2007

From: InfoSec News (alerts@private)
Date: Sun Jan 21 2007 - 22:26:15 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  January 19th 2007                             Volume 8, Number 3a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for libsoup, xfree86, cacti, kfile,
w3m, oftpd, wordpress, kronolith, mono, kdenetwork, nmap, lirc,
thunderbird, bluez-utils, perl, wvstreams, fetchmail, wget, tripwire,
openoffice, flash-plugin, mozilla, cmd, krb5, ksirc, and poppler.
The distributors include Debian, Gentoo, Mandriva, Red Hat, SuSE,
and Ubuntu.

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec/

---

* EnGarde Secure Linux v3.0.11 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.11 (Version 3.0, Release 11). This release includes
several bug fixes and feature enhancements to the SELinux policy
and several updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New libsoup packages fix denial of service
  12th, January, 2007

Roland Lezuo and Josselin Mouette discovered that the libsoup HTTP
library performs insufficient sanitising when parsing HTTP headers,
which might lead to denial of service.

http://www.linuxsecurity.com/content/view/126565


* Debian: New xfree86 packages fix privilege escalation
  15th, January, 2007

Updated package.

http://www.linuxsecurity.com/content/view/126596


* Debian: New cacti packages fix arbitrary code execution
  17th, January, 2007

Updated package.

http://www.linuxsecurity.com/content/view/126624


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: KDE kfile JPEG info plugin Denial of Service
  12th, January, 2007

The KDE kfile JPEG info plugin of kdegraphics could enter an endless
loop leading to a Denial of Service.

http://www.linuxsecurity.com/content/view/126550


* Gentoo: w3m Format string vulnerability
  12th, January, 2007

w3m does not correctly handle format string specifiers in SSL
certificates.

http://www.linuxsecurity.com/content/view/126551


* Gentoo: OpenOffice.org EMF/WMF file handling vulnerabilities
  12th, January, 2007

A truncation error and integer overflows in the EMF/WMF file handling
of OpenOffice.org could be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/126552


* Gentoo: Opera Two remote code execution vulnerabilities
  12th, January, 2007

Two vulnerabilities may allow the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/126553


* Gentoo: oftpd Denial of Service
  15th, January, 2007

An assertion in oftpd could lead to a denial of service
vulnerability.

http://www.linuxsecurity.com/content/view/126593


* Gentoo: WordPress Multiple vulnerabilities
  15th, January, 2007

WordPress is vulnerable to SQL injection, information disclosure, and
cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/126597


* Gentoo: Kronolith Local file inclusion
  16th, January, 2007

Kronolith contains a flaw that could allow the execution of arbitrary
files.

http://www.linuxsecurity.com/content/view/126612


* Gentoo: Mono Information disclosure
  16th, January, 2007

Mono does not properly sanitize pathnames allowing unauthorized
information disclosure.

http://www.linuxsecurity.com/content/view/126613



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated kdenetwork packages fix ksirc vulnerability
  11th, January, 2007

KsIRC 1.3.12 allows remote attackers to cause a denial of service
(crash) via a long PRIVMSG string when connecting to an Internet
Relay Chat (IRC) server, which causes an assertion failure and
results in a NULL pointer dereference. Updated packages are patched
to address this issue.

http://www.linuxsecurity.com/content/view/126518


* Mandriva: Updated nmap packages to resolve issue using nmap as root
  11th, January, 2007

The version of nmap shipped with Mandriva Linux 2007 was built
against the system copies of the libpcap and libdnet libraries.
However, nmap actually requires changes to be made to these libraries
which have not yet been made to the upstream versions, and
consequently should be compiled against its own built-in copies of
these libraries. This problem causes nmap not to work as the root
user: it would simply freeze up. The updated package fixes this
problem. It also fixes the menu entry for the package.

http://www.linuxsecurity.com/content/view/126526


* Mandriva: Updated desktop-common-data packages add Writer menu item
  11th, January, 2007

When using "Discovery" menus, there is no menu item for Writer in the
Office category. Updated packages correct this issue.

http://www.linuxsecurity.com/content/view/126530


* Mandriva: Updated Firefox packages fix multiple vulnerabilities
  11th, January, 2007

A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Firefox program, version 1.5.0.9.
This update provides the latest Firefox to correct these issues.

http://www.linuxsecurity.com/content/view/126531


* Mandriva: Updated lirc packages fixes issue with dkms-lirc and SMP
kernels
  11th, January, 2007

Dkms-lirc allows one to install LIRC drivers on non-Mandriva kernels.
 It contains a driver named lirc_parallel.ko which does not work on
SMP-enabled kernels, preventing the driver installation on such
kernels. The lirc_parallel.ko driver has been removed from the
updated
package and moved to a separate package named dkms-lirc-parallel.

http://www.linuxsecurity.com/content/view/126532


* Mandriva: Updated Thunderbird packages fix multiple vulnerabilities
  11th, January, 2007

A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Thunderbird program, version 1.5.0.9.
This update provides the latest Thunderbird to correct these issues.

http://www.linuxsecurity.com/content/view/126535


* Mandriva: Updated kernel packages fix multiple vulnerabilities and bugs
  12th, January, 2007

Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel.  The following CVEIDs have been addressed by this
vulnerability: (CVE-2006-4813), (CVE-2006-4997), (CVE-2006-5158),
(CVE-2006-5619), (CVE-2006-5749), (CVE-2006-5751), (CVE-2006-5757),
(CVE-2006-6106)

http://www.linuxsecurity.com/content/view/126549


* Mandriva: Updated libneon0.26 packages fix vulnerability
  12th, January, 2007

An array index error in the URI parser in neon 0.26.0 to 0.26.2 could
possibly allow remote malicious servers to cause a crash via a URI
with non-ASCII characters.  This vulnerability may only exist on
64bit systems. Updated packages are patched to address this issue.

http://www.linuxsecurity.com/content/view/126566


* Mandriva: Updated bluez-utils packages fix bluetooth authentication issues
  12th, January, 2007

In Mandriva 2007.0, authentication with bluetooth devices was broken
(#24359). This update provides an agent that will prompt for passkeys
(PIN code) when needed.

http://www.linuxsecurity.com/content/view/126567


* Mandriva: Updated perl-SOAP-Lite packages fix crash issue
  15th, January, 2007

SOAP::Lite makes use of auto-generated methods with names that clash
with methods exported by UNIVERSAL::require.  As a result, using the
two modules simultaneously will result in an immediate program crash.
The package has been patched with an upstream fix to correct the
issue.

http://www.linuxsecurity.com/content/view/126591


* Mandriva: Updated wvstreams packages fix openssl linkage issue
  15th, January, 2007

In Mandriva 2007.0, the wvstreams package was built with openssl
0.9.7, which was not available in the final 2007.0 release. This made
the wvstreams package impossible to install on Mandriva 2007.0 (bug
26240). This update is built with openssl 0.9.8, so that it can be
installed on a Mandriva 2007.0 system.<P>

http://www.linuxsecurity.com/content/view/126592


* Mandriva: Updated bluez-utils packages fix hidd vulnerability
  15th, January, 2007

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to
obtain control of the (1) Mouse and (2) Keyboard Human Interface
Device (HID) via a certain configuration of two HID (PSM) endpoints,
operating as a server, aka HidAttack.

http://www.linuxsecurity.com/content/view/126598


* Mandriva: Updated cacti packages SQL injection vulnerability
  15th, January, 2007

SQL injection vulnerability in Cacti 0.8.6i and earlier, when
register_argc_argv is enabled, allows remote attackers to execute
arbitrary SQL commands via the (1) second or (2) third arguments to
cmd.php. NOTE: this issue can be leveraged to execute arbitrary
commands since the SQL query results are later used in the
polling_items array and popen function.

http://www.linuxsecurity.com/content/view/126599


* Mandriva: Updated fetchmail packages fix vulnerability
  15th, January, 2007

Fetchmail before 6.3.6-rc4 does not properly enforce TLS and may
transmit cleartext passwords over unsecured links if certain
circumstances occur, which allows remote attackers to obtain
sensitive information via man-in-the-middle (MITM) attacks. The
updated packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/126600


* Mandriva: Updated wget packages fix ftp vulnerability
  15th, January, 2007

The ftp_syst function in ftp-basic.c in Free Software Foundation
(FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of
service (application crash) via a malicious FTP server with a large
number of blank 220 responses to the SYST command. The updated
packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/126603


* Mandriva: Updated tripwire packages fix key generation issue
  16th, January, 2007

The version of tripwire included with Mandriva 2007 would hang while
generating keys.  The problem has been corrected by avoiding using
optimization at compile-time.

http://www.linuxsecurity.com/content/view/126611



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: openoffice.org security update
  12th, January, 2007

Updated openoffice.org packages are now available. This update has
been rated as having important security impact by the Red Hat
Security Response Team.

http://www.linuxsecurity.com/content/view/126538


* RedHat: Moderate: flash-plugin security update
  12th, January, 2007

An updated Adobe Flash Player package that fixes a security issue is
now available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126539


* RedHat: Important: XFree86 security update
  12th, January, 2007

Updated XFree86 packages that fix a security issue are now available
for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as
having important security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126540


* RedHat: Important: xorg-x11 security update
  12th, January, 2007

Updated X.org packages that fix a security issue are now available
for Red Hat Enterprise Linux 4. This update has been rated as having
important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126541


* RedHat: Critical: Adobe Acrobat Reader security update
  12th, January, 2007

Updated acroread packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126542


* RedHat: Moderate: libgsf security update
  12th, January, 2007

Updated libgsf packages that fix a buffer overflow flaw are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126543


* RedHat: Moderate: kernel security update
  17th, January, 2007

Updated kernel packages that fix a number of security issues as well
as other bugs are now available for Red Hat Enterprise Linux 2.1 (64
bit architectures) This security advisory has been rated as having
moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126614


* RedHat: Moderate: kernel security update
  17th, January, 2007

Updated kernel packages that fix a number of security issues as well
as other bugs are now available for Red Hat Enterprise Linux 2.1 (32
bit architectures) This security advisory has been rated as having
moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126615


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: XFree86/Xorg (SUSE-SA:2007:008)
  12th, January, 2007

This update fixes three memory corruptions within the X server which
could be used by local attackers with access to this display to crash
the X server and potentially execute code.  The following CVEIDs are
addressed by this vulnerability: CVE-2006-6101, CVE-2006-6102,
CVE-2006-6103

http://www.linuxsecurity.com/content/view/126547


* SuSE: mozilla (SUSE-SA:2007:006)
  12th, January, 2007

The following CVEIDs are addressed by this vulnerability:
CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6500,
CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504,
CVE-2006-6505, CVE-2006-6506, CVE-2006-6507

http://www.linuxsecurity.com/content/view/126537


* SuSE: cacti cmd injection
  12th, January, 2007

A command injection in cmd.php in cacti was fixed, which might have
allowed remote attackers to inject commands and so execute code. This
issue is tracked by the Mitre CVE ID CVE-2006-6799.

http://www.linuxsecurity.com/content/view/126546


* SuSE: Opera 9.10 (SUSE-SA:2007:009)
  15th, January, 2007

This update brings the Opera Web browser to version 9.10, including
fixes for the following 2 security problems: CVE-2007-0126: Opera
processes a JPEG DHT marker incorrectly, which can potentially lead
to remote code execution. CVE-2007-0127: Opera is affected by a
typecasting bug in its Javascripts SVG implementation which could
potentially be used to execute code.

http://www.linuxsecurity.com/content/view/126573


* SuSE: IBMJava (SUSE-SA:2007:010)
  18th, January, 2007

Various security problems and bugs have been fixed in the IBMJava JRE
and SDK. The IBM Java packages were updated to: IBM Java 1.4.2 to
Service Refresh 7. IBM JAVA 1.3.10 to Service Refresh 10. It contains
several security fixes also fixed in SUN Java including:
CVE-2006-4339: fix for the RSA exponent padding attack.
CVE-2006-6736,CVE-2006-6737: 2 unspecified vulnerabilities that allow
untrusted applets to access data in other applets. CVE-2006-6745:
Multiple unspecified vulnerabilities that allow applets to gain
privileges related to serialization bugs in the JRE. CVE-2006-6731:
Multiple buffer overflows in java image handling routines that allow
attackers to potentially read/write/execute local files.

http://www.linuxsecurity.com/content/view/126639



+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  fetchmail vulnerability
  11th, January, 2007

It was discovered that fetchmail did not correctly require TLS
negotiation in certain situations.  This would result in a user's
unencrypted password being sent across the network.If fetchmail has
been configured to use the "sslproto tls1", "sslcertck", or
"sslfingerprint" options with a server that does not correctly
support TLS negotiation, this update may cause fetchmail to
(correctly) abort authentication.

http://www.linuxsecurity.com/content/view/126528


* Ubuntu:  OpenOffice.org vulnerability
  12th, January, 2007

An integer overflow was discovered in OpenOffice.org's handling of
WMF files.  If a user were tricked into opening a specially crafted
WMF file, an attacker could execute arbitrary code with user
privileges.

http://www.linuxsecurity.com/content/view/126536


* Ubuntu:  libgtop2 vulnerability
  15th, January, 2007

Liu Qishuai discovered a buffer overflow in the /proc parsing
routines in libgtop. By creating and running a process in a specially
crafted long path and tricking an user into running
gnome-system-monitor, an attacker could exploit this to execute
arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/126572


* Ubuntu:  krb5 vulnerability
  15th, January, 2007

The server-side portion of Kerberos' RPC library had a memory
management flaw which allowed users of that library to call a
function pointer located in unallocated memory. By doing specially
crafted calls to the kadmind server, a remote attacker could exploit
this to execute arbitrary code with root privileges on the target
computer.

http://www.linuxsecurity.com/content/view/126587


* Ubuntu:  ksirc vulnerability
  15th, January, 2007

Federico L. Bossi Bonin discovered a Denial of Service vulnerability
in ksirc. By sending a special response packet, a malicious IRC
server could crash ksirc.

http://www.linuxsecurity.com/content/view/126589


* Ubuntu:  poppler vulnerability
  18th, January, 2007

The poppler PDF loader library did not limit the recursion depth of
the page model tree. By tricking a user into opening a specially
crafter PDF file, this could be exploited to trigger an infinite loop
and eventually crash an application that uses this library. kpdf in
Ubuntu 5.10, and KOffice in all Ubuntu releases contains a copy of
this code and thus is affected as well.

http://www.linuxsecurity.com/content/view/126640

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Sun Jan 21 2007 - 22:35:13 PST