[ISN] Linux Advisory Watch - March 16th 2007

From: InfoSec News (alerts@private)
Date: Sun Mar 18 2007 - 21:34:55 PST


+---------------------------------------------------------------------+
| LinuxSecurity.com                               Weekly Newsletter  |
| March 16th 2007                               Volume 8, Number 11a |
+---------------------------------------------------------------------+

Editors:      Dave Wreski                     Benjamin D. Thomas
dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for Mozilla, gnupg, SeaMonkey,
Smb4K, Amarok, xine-lib, tcpdump, mplayer, kdelibs, ekiga, gnupg,
timezone, kernel, php, and ktorrent.  The distributors include
Debian, Gentoo, Mandriva, Ubuntu.

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec/

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes
several bug fixes and feature enhancements to the SELinux policy
and several updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
| Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New Mozilla packages fix several vulnerabilities
  10th, March, 2007

Updated package.

http://www.linuxsecurity.com/content/view/127389


* Debian: New gnupg packages fix signature forgery
  13th, March, 2007

Updated package.

http://www.linuxsecurity.com/content/view/127426


+---------------------------------+
| Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: SeaMonkey Multiple vulnerabilities
  9th, March, 2007

Multiple vulnerabilities have been reported in SeaMonkey, some of
which may allow user-assisted arbitrary remote code execution.

http://www.linuxsecurity.com/content/view/127384


* Gentoo: Smb4K Multiple vulnerabilities
  9th, March, 2007

Multiple vulnerabilities have been identified in Smb4K.

http://www.linuxsecurity.com/content/view/127385


* Gentoo: KHTML Cross-site scripting (XSS) vulnerability
  10th, March, 2007

The KHTML component shipped with the KDE libraries is prone to a
cross-site scripting (XSS) vulnerability.

http://www.linuxsecurity.com/content/view/127388


* Gentoo: Amarok User-assisted remote execution of arbitrary code
  13th, March, 2007

The Magnatune component shipped with Amarok is vulnerable to the
injection of arbitrary shell code from a malicious Magnatune server.

http://www.linuxsecurity.com/content/view/127427


+---------------------------------+
| Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated xine-lib packages to address buffer overflow
  vulnerability
  8th, March, 2007

The DMO_VideoDecoder_Open function in dmo/DMO_VideoDecoder.c in
xine-lib does not set the biSize before use in a memcpy, which allows
user-assisted remote attackers to cause a buffer overflow and
possibly execute arbitrary code. Updated packages have been patched
to address this issue.

http://www.linuxsecurity.com/content/view/127374


* Mandriva: Updated tcpdump packages address off-by-one overflow
  8th, March, 2007

Off-by-one buffer overflow in the parse_elements function in the
802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier
allows remote attackers to cause a denial of service (crash) via a
crafted 802.11 frame. NOTE: this was originally referred to as
heap-based, but it might be stack-based. Updated packages have been
patched to address this issue.

http://www.linuxsecurity.com/content/view/127375


* Mandriva: Updated mplayer packages to address buffer overflow
  vulnerability
  8th, March, 2007

The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c
in MPlayer 1.0rc1 and earlier does not set the biSize before use in a
memcpy, which allows user-assisted remote attackers to cause a buffer
overflow and possibly execute arbitrary code. Updated packages have
been patched to address this issue.

http://www.linuxsecurity.com/content/view/127376


* Mandriva: Updated kdelibs packages to address DoS issue in KDE
  Javascript
  8th, March, 2007

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror,
allows remote attackers to cause a denial of service (crash) by
accessing the content of an iframe with an ftp:// URI in the src
attribute, probably due to a NULL pointer dereference. Updated
packages have been patched to address this issue.

http://www.linuxsecurity.com/content/view/127377


* Mandriva: Updated ekiga packages fix string vulnerabilities.
  9th, March, 2007

A format string flaw was discovered in how ekiga processes certain
messages, which could permit a remote attacker that can connect to
ekiga to potentially execute arbitrary code with the privileges of
the user running ekiga. This is similar to the previous
CVE-2007-1006, but the original evaluation/patches were incomplete.
Updated package have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/127381


* Mandriva: Updated gnupg packages provide enhanced forgery detection
  9th, March, 2007

GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the
command
line, did not visually distinguish signed and unsigned portions of
OpenPGP messages with multiple components.  This could allow a remote
attacker to forge the contents of an email message without detection.
GnuPG 1.4.7 is being provided with this update and GPGME has been
patched on Mandriva 2007.0 to provide better visual notification on
these types of forgeries.

http://www.linuxsecurity.com/content/view/127382


* Mandriva: Updated timezone packages provide updated DST information
  10th, March, 2007

Updated timezone packages are being provided for older Mandriva Linux
systems that do not contain the new Daylight Savings Time information
for 2007 for certain time zones.  These updated packages contain the
new information.

http://www.linuxsecurity.com/content/view/127390


* Mandriva: Updated kernel packages fix multiple vulnerabilities and
  bugs
  10th, March, 2007

The 2.6.17 kernel and earlier, when running on IA64 and SPARC
platforms would allow a local user to cause a DoS (crash) via a
malformed ELF file (CVE-2006-4538).

http://www.linuxsecurity.com/content/view/127391


* Mandriva: Updated mplayer packages to address buffer overflow
  vulnerability
  13th, March, 2007

The DS_VideoDecoder_Open function in loader/dshow/DS_VideoDecoder.c
in MPlayer 1.0rc1 and earlier does not set the biSize before use in a
memcpy, which allows user-assisted remote attackers to cause a buffer
overflow and possibly execute arbitrary code. Updated packages have
been patched to address this issue.

http://www.linuxsecurity.com/content/view/127424


* Mandriva: Updated xine-lib packages to address buffer overflow
  vulnerability
  13th, March, 2007

The DS_VideoDecoder_Open function in DirectShow/DS_VideoDecoder.c in
xine-lib does not set the biSize before use in a memcpy, which allows
user-assisted remote attackers to cause a buffer overflow and
possibly execute arbitrary code. packages have been patched to
address this issue.

http://www.linuxsecurity.com/content/view/127425


+---------------------------------+
| Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  GnuPG vulnerability
  8th, March, 2007

Gerardo Richarte from Core Security Technologies discovered that when
gnupg is used without --status-fd, there is no way to distinguish
initial unsigned messages from a following signed message.

http://www.linuxsecurity.com/content/view/127368


* Ubuntu:  PHP regression
  8th, March, 2007

USN-424-1 fixed vulnerabilities in PHP.  However, some upstream
changes  were not included, which caused errors in the stream
filters.  This update fixes the problem.

http://www.linuxsecurity.com/content/view/127369


* Ubuntu:  Xine vulnerability
  8th, March, 2007

Moritz Jodeit discovered that the DMO loader of Xine did not
correctly  validate the size of an allocated buffer.  By tricking a
user into opening a specially crafted media file, an attacker could
execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/127378


* Ubuntu:  Ekiga vulnerability
  8th, March, 2007

It was discovered that Ekiga had format string vulnerabilities beyond 
those fixed in USN-426-1.  If a user was running Ekiga and listening for 
incoming calls, a remote attacker could send a crafted call request, and 
execute arbitrary code with the user's privileges.


http://www.linuxsecurity.com/content/view/127380


* Ubuntu:  Xine vulnerability
  12th, March, 2007

Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer.  By tricking a
user into opening a specially crafted media file, an attacker could
execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/127411


* Ubuntu:  KTorrent vulnerabilities
  12th, March, 2007

Bryan Burns of Juniper Networks discovered that KTorrent did not
correctly validate the destination file paths nor the HAVE statements
sent by torrent peers.	A malicious remote peer could send specially
crafted messages to overwrite files or execute arbitrary code with
user privileges.

http://www.linuxsecurity.com/content/view/127413


* Ubuntu:  GnuPG2, GPGME vulnerability
  13th, March, 2007

USN-432-1 fixed a vulnerability in GnuPG.  This update provides the
corresponding updates for GnuPG2 and the GPGME library. Original
advisory details:  Gerardo Richarte from Core Security Technologies
discovered that when  gnupg is used without --status-fd, there is no
way to distinguish  initial unsigned messages from a following signed
message.  An attacker  could inject an unsigned message, which could
fool the user into thinking the message was entirely signed by the
original sender.

http://www.linuxsecurity.com/content/view/127422
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Sun Mar 18 2007 - 21:53:47 PST