[ISN] Linux Advisory Watch - April 13th, 2007

From: InfoSec News (alerts@private)
Date: Sun Apr 15 2007 - 22:25:39 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  April 13th 2007                               Volume 8, Number 15a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for man-db, libX11, Evince, libwpd,
DokuWiki, krb5, freetype2, tightvnc, ipsec-tools, the Linux kernel, and
the KDE library.  The distributors include Debian, Fedora Gentoo,
Mandriva, Ubuntu.

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec
management education and the case study affords you unmatched consulting
experience. Using interactive e-Learning technology, you can earn this
esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec/

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.

http://www.linuxsecurity.com/content/view/125052/171/

---

Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New man-db packages fix arbitrary code execution
  6th, April, 2007

A buffer overflow has been dicovered in the man command that could allow
an attacker to execute code as the man user by providing specially crafted
arguments to the -H flag.  This is likely to be an issue only on machines
with the man and mandb programs installed setuid.

http://www.linuxsecurity.com/content/view/127722

+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 5 Update: libX11-1.0.0-4.fc5
  10th, April, 2007

Aadded libX11-1.0.1-setuid.diff to fix potential security issue (required)

http://www.linuxsecurity.com/content/view/127757

+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Evince Stack overflow in included gv code
  6th, April, 2007

Evince improperly handles user-supplied data possibly allowing for the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/127725


* Gentoo: libwpd Multiple vulnerabilities
  6th, April, 2007

libwpd is vulnerable to several heap overflows and an integer overflow.

http://www.linuxsecurity.com/content/view/127726


* Gentoo: DokuWiki Cross-site scripting vulnerability
  12th, April, 2007

DokuWiki is vulnerable to a cross-site scripting attack. An attacker could
entice a user to click a specially crafted link and inject CRLF characters
into the variable. This would allow the creation of new lines or fields in
the returned HTTP Response header, which would permit the attacker to
execute arbitrary scripts in the context of the user's browser.

http://www.linuxsecurity.com/content/view/127784

+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated krb5 packages fix vulnerabilities
  10th, April, 2007

A vulnerability was found in the username handling of the MIT krb5 telnet
daemon. A remote attacker that could access the telnet port of a target
machine could login as root without requiring a password (CVE-2007-0956).

http://www.linuxsecurity.com/content/view/127759


* Mandriva: Updated freetype2 packages fix vulnerability
  10th, April, 2007

iDefense integer overflows in the way freetype handled various font files.

http://www.linuxsecurity.com/content/view/127761


* Mandriva: Updated tightvnc packages fix integer overflow
vulnerabilities
  10th, April, 2007

Local exploitation of a memory corruption vulnerability in the X.Org and
XFree86 X server could allow an attacker to execute arbitrary code with
privileges of the X server, typically root.

http://www.linuxsecurity.com/content/view/127763


* Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow
vulnerabilities
  11th, April, 2007

Local exploitation of a memory corruption vulnerability in the X.Org and
XFree86 X server could allow an attacker to execute arbitrary code with
privileges of the X server, typically root.

http://www.linuxsecurity.com/content/view/127775


* Mandriva: Updated madwifi-source, wpa_supplicant packages fix
vulnerabilities
  11th, April, 2007

The ath_rate_sample function in the ath_rate/sample/sample.c sample code
in MadWifi before 0.9.3 allows remote attackers to cause a denial of
service (failed KASSERT and system crash) by moving a connected system to
a location with low signal strength, and possibly other vectors related to
a race condition between interface enabling and packet transmission.
(CVE-2005-4835)

http://www.linuxsecurity.com/content/view/127776


* Mandriva: Updated apache-mod_perl packages fix DoS vulnerability
  11th, April, 2007

PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm

in mod_perl 2.x, does not properly escape PATH_INFO before use in a
regular expression, which allows remote attackers to cause a denial of
service (resource consumption) via a crafted URI. Updated packages have
been patched to correct this issue.

http://www.linuxsecurity.com/content/view/127777

+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  ipsec-tools vulnerability
  9th, April, 2007

A flaw was discovered in the IPSec key exchange server "racoon".  Remote
attackers could send a specially crafted packet and disrupt established
IPSec tunnels, leading to a denial of service.

http://www.linuxsecurity.com/content/view/127743


* Ubuntu:  Linux kernel vulnerabilities
  10th, April, 2007

The kernel key management code did not correctly handle key reuse.  A
local attacker could create many key requests, leading to a denial of
service. (CVE-2007-0006)

http://www.linuxsecurity.com/content/view/127764


* Ubuntu:  KDE library vulnerability
  11th, April, 2007

The Qt library did not correctly handle truncated UTF8 strings, which
could cause some applications to incorrectly filter malicious strings.
If a Konqueror user were tricked into visiting a web site containing
specially crafted strings, normal XSS prevention could be bypassed
allowing a remote attacker to steal confidential data.

http://www.linuxsecurity.com/content/view/127778

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Sun Apr 15 2007 - 22:34:37 PDT