[ISN] Linux Advisory Watch - February 9th 2007

From: InfoSec News (alerts@private)
Date: Sun Feb 11 2007 - 22:38:51 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  February 9th 2007                             Volume 8, Number 6a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for samba, mozilla, kdelibs, mpg123,
wireshark, gd, libwmf, php, gtk, kernel, bind, java, postgresql, and
dbus.  The distributors include Debian, Mandriva, Red Hat, Slackware,
and Ubuntu.

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec/

---

* EnGarde Secure Linux v3.0.11 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.11 (Version 3.0, Release 11). This release includes
several bug fixes and feature enhancements to the SELinux policy
and several updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New samba packages fix several vulnerabilities
  5th, February, 2007

Updated package.

http://www.linuxsecurity.com/content/view/126891


* Debian: New Mozilla Firefox packages fix several vulnerabilities
  7th, February, 2007

Updated package.

http://www.linuxsecurity.com/content/view/126923



+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Mandriva: Updated kdelibs packages fix KHTML vulnerability
  2nd, February, 2007

FIXME Konqueror 3.5.5 does not properly parse HTML comments in title
tags, which allows remote attackers to conduct cross-site scripting
(XSS) attacks and bypass some XSS protection schemes by embedding
certain HTML tags within a comment, a related issue to CVE-2007-0478.

http://www.linuxsecurity.com/content/view/126861


* Mandriva: Updated mpg123 packages fix DoS vulnerability.
  2nd, February, 2007

The http_open function in httpget.c in mpg123 before 0.64 allows
remote attackers to cause a denial of service (infinite loop) by
closing the HTTP connection early. Packages have been patched to
correct this issue.

http://www.linuxsecurity.com/content/view/126862


* Mandriva: Updated wireshark packages fix multiple vulnerabilities
  3rd, February, 2007

Vulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors
were
discovered in versions of wireshark less than 0.99.5, as well as
various other bugs. This updated provides wireshark 0.99.5 which is
not vulnerable to these
issues.

http://www.linuxsecurity.com/content/view/126863


* Mandriva: Updated samba packages address multiple vulnerabilities
  5th, February, 2007

A logic error in the deferred open code for smbd may allow an
authenticated user to exhaust resources such as memory and CPU on the
server by opening multiple CIFS sessions, each of which will normally
spawn a new smbd process, and sending each connection into an
infinite..

http://www.linuxsecurity.com/content/view/126893


* Mandriva: Updated gd packages fix DoS vulnerability.
  6th, February, 2007

Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause
a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font.

http://www.linuxsecurity.com/content/view/126919


* Mandriva: Updated libwmf packages fix embedded gd DoS
vulnerability.
  6th, February, 2007

Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause
a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font. Libwmf
uses an embedded copy of the gd source and may also be affected by
this issue.  Packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/126920


* Mandriva: Updated postgresql packages address multiple
vulnerabilities
  6th, February, 2007

Jeff Trout discovered that the PostgreSQL server did not sufficiently
check data types of SQL function arguments in some cases.  A user
could then exploit this to crash the database server or read out
arbitrary locations of the server's memory, which could be used to
retrieve database contents that the user should not be able to see.
Note that a user must be authenticated in order to exploit this
(CVE-2007-0555).

http://www.linuxsecurity.com/content/view/126921


* Mandriva: Updated php packages to address multiple issues
  6th, February, 2007

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
open_basedir restrictions via a malicious path and a null byte before
a ";" in a session_save_path argument, followed by an allowed path,
which causes a parsing inconsistency in which PHP validates the
allowed path but sets session.save_path to the malicious path.

http://www.linuxsecurity.com/content/view/126922


* Mandriva: Updated gtk+2.0 packages address DoS, LSB issues, several
bugs
  7th, February, 2007

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2)
allows context-dependent attackers to cause a denial of service
(crash) via a malformed image file. (CVE-2007-0010)

http://www.linuxsecurity.com/content/view/126933


* Mandriva: Updated kernel packages fix multiple vulnerabilities and
bugs
  7th, February, 2007

The isdn_ppp_ccp_reset_alloc_state function in
drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4, as
well as the 2.6 kernel, does not call the init_timer function for the
ISDN PPP CCP reset state timer, which has unknown attack vectors and
results in a system crash. (CVE-2006-5749)

http://www.linuxsecurity.com/content/view/126934



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: bind security update
  6th, February, 2007

Updated bind packages that fix a security issue and a bug are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126914


* RedHat: Critical: java-1.4.2-ibm security update
  7th, February, 2007

Updated java-1.4.2-ibm packages to correct several security issues
are now available for Red Hat Enterprise Linux 3 and 4 Extras. This
update has been rated as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126930


* RedHat: Moderate: postgresql security update
  7th, February, 2007

Updated postgresql packages that fix two security issues are now
available for Red Hat Enterprise Linux 3 and 4. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/126931


* RedHat: Moderate: postgresql security update
  7th, February, 2007

Updated postgresql packages that fix several security vulnerabilities
are now available for the Red Hat Application Stack. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/126932


* RedHat: Moderate: dbus security update
  8th, February, 2007

Updated dbus packages that fix a security issue are now available for
Red Hat Enterprise Linux 4. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/126936




+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

* Slackware:   samba
  7th, February, 2007

New samba packages are available for Slackware 10.0, 10.1, 10.2, and
11.0 to fix a denial-of-service security issue.

http://www.linuxsecurity.com/content/view/126935


* Ubuntu:  GTK vulnerability
  1st, February, 2007

A flaw was discovered in the error handling of GTK's image loading
library.  Applications opening certain corrupted images could be made
to crash, causing a denial of service.

http://www.linuxsecurity.com/content/view/126851



+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  PostgreSQL vulnerabilities
  5th, February, 2007

Jeff Trout discovered that the PostgreSQL server did not sufficiently
check data types of SQL function arguments in some cases. An
authenticated attacker could exploit this to crash the database
server or read out arbitrary locations in the server's memory, which
could allow retrieving database content the attacker should not be
able to see. (CVE-2007-0555)

http://www.linuxsecurity.com/content/view/126876


* Ubuntu:  Bind vulnerabilities
  5th, February, 2007

A flaw was discovered in Bind's DNSSEC validation code.  Remote
attackers could send a specially crafted DNS query which would cause
the Bind server to crash, resulting in a denial of service.  Only
servers configured to use DNSSEC extensions were vulnerable.

http://www.linuxsecurity.com/content/view/126894


* Ubuntu:  Samba vulnerabilities
  6th, February, 2007

A flaw was discovered in Samba's file opening code, which in certain
situations could lead to an endless loop, resulting in a denial of
service.

http://www.linuxsecurity.com/content/view/126916


* Ubuntu:  KDE library vulnerability
  6th, February, 2007

Jose Avila III and Robert Tasarz discovered that the KDE HTML library
did not correctly parse HTML comments inside the "title" tag.  By
tricking a Konqueror user into visiting a malicious website, an
attacker could bypass cross-site scripting protections.

http://www.linuxsecurity.com/content/view/126917


* Ubuntu:  PostgreSQL 8.1 regression
  6th, February, 2007

USN-417-1 fixed several vulnerabilities in the PostgreSQL server.
Unfortunately this update had a regression that caused some valid
queries to be aborted with a type error. This update corrects that
problem. We apologize for the inconvenience.

http://www.linuxsecurity.com/content/view/126918

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


______________________________________
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Sun Feb 11 2007 - 22:51:20 PST