+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 26th 2007 Volume 8, Number 4a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for netrik, fetchmail, mod_auth_kerb, libgtop, xine-ui, openldap, centericq, koffice, pdftohtml, poppler, xpdf, tetex, libgtop, glibc, locale, kdegraphics, proftpd, squid, gtk2, IBMJava, xine, libsoup, GeoIP, and BlueZ. The distributors include Debian, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- * EnGarde Secure Linux v3.0.11 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.11 (Version 3.0, Release 11). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New netrik packages fix arbitary shell command execution 21st, January, 2007 Updated package. http://www.linuxsecurity.com/content/view/126665 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Fetchmail Denial of Service and password disclosure 22nd, January, 2007 Fetchmail has been found to have numerous vulnerabilities allowing for Denial of Service and password disclosure. http://www.linuxsecurity.com/content/view/126696 * Gentoo: Mod_auth_kerb Denial of Service 22nd, January, 2007 Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial of Service. http://www.linuxsecurity.com/content/view/126697 * Gentoo: Sun JDK/JRE Multiple vulnerabilities 22nd, January, 2007 Multiple unspecified vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). http://www.linuxsecurity.com/content/view/126698 * Gentoo: Adobe Acrobat Reader Multiple vulnerabilities 22nd, January, 2007 Adobe Acrobat Reader is vulnerable to remote code execution, Denial of Service, and cross-site scripting attacks. http://www.linuxsecurity.com/content/view/126699 * Gentoo: libgtop Privilege escalation 23rd, January, 2007 libgtop improperly handles filenames, possibly allowing for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/126705 * Gentoo: xine-ui Format string vulnerabilities 23rd, January, 2007 xine-ui improperly handles format strings, possibly allowing for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/126715 * Gentoo: OpenLDAP Insecure usage of /tmp during installation 23rd, January, 2007 A shell script commonly released with OpenLDAP makes insecure usage of files in /tmp during the emerge process. http://www.linuxsecurity.com/content/view/126716 * Gentoo: Centericq Remote buffer overflow in LiveJournal handling 23rd, January, 2007 Centericq does not properly handle communications with the LiveJournal service, allowing for the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/126720 * Gentoo: MIT Kerberos 5 Arbitrary Remote Code Execution 24th, January, 2007 Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/126731 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated koffice packages fix crafted pdf file vulnerability 18th, January, 2007 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/126649 * Mandriva: Updated pdftohtml packages fix crafted pdf file vulnerability 18th, January, 2007 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/126650 * Mandriva: Updated poppler packages fix crafted pdf file vulnerability 18th, January, 2007 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/126652 * Mandriva: Updated xpdf packages fix crafted pdf file vulnerability 18th, January, 2007 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/126653 * Mandriva: Updated tetex packages fix crafted pdf file vulnerability 18th, January, 2007 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/126654 * Mandriva: Updated libgtop2 packages fix buffer overflow vulnerability 18th, January, 2007 Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. The updated packages have been patched to correct this problem. http://www.linuxsecurity.com/content/view/126655 * Mandriva: Updated glibc, locale packages address several issues 21st, January, 2007 The version of glibc shipped with Mandriva 2007 has a bug that prevents the system from passing the lsb-runtime test suite (T.ttyname_r). This update also includes sparc64 updates and Unicode 5.0 support. http://www.linuxsecurity.com/content/view/126664 * Mandriva: Updated packages link to the correct version of Firefox 22nd, January, 2007 Due to an error in the compilation system, the firefox-dependant packages provided in MDKSA-2007:010 for Mandriva 2007/x86_64 were linked to the older version of Firefox. This update corrects the problem. http://www.linuxsecurity.com/content/view/126695 * Mandriva: Updated kdegraphics packages fix crafted pdf file vulnerability 22nd, January, 2007 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. http://www.linuxsecurity.com/content/view/126701 * Mandriva: Updated mandriva-doc-common packages fix help links 22nd, January, 2007 Due to changes in the structure of the documentation, the Help buttons of the Software Management tools led to broken links. This update fixes the links catalog system so the inline help works again. http://www.linuxsecurity.com/content/view/126702 * Mandriva: Updated kernel packages fix multiple vulnerabilities and bugs 23rd, January, 2007 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. http://www.linuxsecurity.com/content/view/126710 * Mandriva: Updated proftpd packages fix vulnerabilities 23rd, January, 2007 A stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier, allows remote attackers to cause a denial of service, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." http://www.linuxsecurity.com/content/view/126718 * Mandriva: Updated squid packages fix vulnerabilities 23rd, January, 2007 A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL (CVE-2007-0247) http://www.linuxsecurity.com/content/view/126719 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Critical: Adobe Acrobat Reader security update 22nd, January, 2007 Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/126694 * RedHat: Moderate: gtk2 security update 24th, January, 2007 Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/126728 +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ * Slackware: fetchmail 24th, January, 2007 New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix a security issue. http://www.linuxsecurity.com/content/view/126735 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: IBMJava (SUSE-SA:2007:010) 18th, January, 2007 Various security problems and bugs have been fixed in the IBMJava JRE and SDK. The IBM Java packages were updated to: IBM Java 1.4.2 to Service Refresh 7. IBM JAVA 1.3.10 to Service Refresh 10. It contains several security fixes also fixed in SUN Java including: CVE-2006-4339: fix for the RSA exponent padding attack. http://www.linuxsecurity.com/content/view/126639 * SuSE: Acrobat Reader 7.0.9 22nd, January, 2007 The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes: CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. http://www.linuxsecurity.com/content/view/126671 * SuSE: squid (SUSE-SA:2007:012) 23rd, January, 2007 This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. (CVE-2007-0247) Additionally the 10.2 package needed a fix for another DoS bug (CVE-2007-0248) and for max_user_ip handling in ntlm_auth. http://www.linuxsecurity.com/content/view/126706 * SuSE: xine (SUSE-SA:2007:013) 23rd, January, 2007 This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. Since SUSE Linux version 10.1 format string bugs are not exploitable anymore. (CVE-2007-0017) http://www.linuxsecurity.com/content/view/126707 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: poppler vulnerability 18th, January, 2007 The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library. kpdf in Ubuntu 5.10, and KOffice in all Ubuntu releases contains a copy of this code and thus is affected as well. http://www.linuxsecurity.com/content/view/126640 * Ubuntu: libsoup vulnerability 23rd, January, 2007 Roland Lezuo and Josselin Mouette discovered that the HTTP server code in libsoup did not correctly verify request headers. Remote attackers could crash applications using libsoup by sending a crafted HTTP request, resulting in a denial of service. http://www.linuxsecurity.com/content/view/126717 * Ubuntu: GeoIP vulnerability 23rd, January, 2007 Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing as a server, could write to arbitrary files with user privileges. http://www.linuxsecurity.com/content/view/126721 * Ubuntu: BlueZ vulnerability 23rd, January, 2007 A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled. http://www.linuxsecurity.com/content/view/126723 * Ubuntu: Squid vulnerabilities 24th, January, 2007 David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. http://www.linuxsecurity.com/content/view/126736 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Jan 28 2007 - 23:24:52 PST