+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 4th 2007 Volume 8, Number 18a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for php4, php5, qemu, wordpress, selinux-policy, policycoreutils, bind, kernel, capi4k-utils, Ktorrent, Tomcat, mod_perl, Quagga, postgresql, xscreensaver, unzip, w3c, gcc, gdb, util-linux, busybox, cpio, sendmail, openssh, shadow-utils, gdm, openldap, rdesktop, and net-snmp. The distributors include Debian, Fedora, Gentoo, Red Hat, and Ubuntu. --- Vyatta: Open-Source Router / Firewall / VPN Vyatta software and appliances combine the features, performance and reliability of an enterprise-class router and firewall with the cost savings and flexibility of open source solutions. > > Free Vyatta Community Edition 2 Software & Live Demo Webinars > > http://www.linuxsecurity.com/ads/adclick.php?bannerid=28 --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New php4 packages fix several vulnerabilities 26th, April, 2007 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/127952 * Debian: New php5 packages fix several vulnerabilities 29th, April, 2007 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/127980 * Debian: New qemu packages fix several vulnerabilities 1st, May, 2007 Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems. http://www.linuxsecurity.com/content/view/128002 * Debian: New wordpress packages fix multiple vulnerabilities 1st, May, 2007 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. http://www.linuxsecurity.com/content/view/128019 * Debian: New Linux 2.6.18 packages fix several vulnerabilities 2nd, May, 2007 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the http://www.linuxsecurity.com/content/view/128049 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 6 Update: selinux-policy-2.4.6-62.fc6 30th, April, 2007 - Revert patch to stop secadm and sysadm from having audit_control - Allow clamav to create pid files in amavis_var_run - Allow apcupsd to send itselef signals http://www.linuxsecurity.com/content/view/127993 * Fedora Core 6 Update: policycoreutils-1.34.1-8.fc6 30th, April, 2007 policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context. http://www.linuxsecurity.com/content/view/127994 * Fedora Core 6 Update: bind-9.3.4-4.fc6 30th, April, 2007 - race-condition has been discovered in bind's dbus code - some minor issues in bind-chroot-admin script http://www.linuxsecurity.com/content/view/127995 * Fedora Core 6 Update: kernel-2.6.20-1.2948.fc6 1st, May, 2007 The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. http://www.linuxsecurity.com/content/view/128016 * Fedora Core 5 Update: kernel-2.6.20-1.2316.fc5 1st, May, 2007 The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. http://www.linuxsecurity.com/content/view/128017 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: BEAST Denial of Service 27th, April, 2007 A vulnerability has been discovered in BEAST allowing for a Denial of Service. http://www.linuxsecurity.com/content/view/127973 * Gentoo: capi4k-utils Buffer overflow 27th, April, 2007 capi4k-utils is vulnerable to a buffer overflow in the bufprint() function. http://www.linuxsecurity.com/content/view/127974 * Gentoo: Ktorrent Multiple vulnerabilities 1st, May, 2007 Multiple vulnerabilities have been discovered in Ktorrent allowing for the remote execution of arbitrary code and a Denial of Service. A remote attacker could entice a user to download a specially crafted torrent file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running Ktorrent. http://www.linuxsecurity.com/content/view/128032 * Gentoo: FreeType User-assisted execution of arbitrary code 1st, May, 2007 A vulnerability has been discovered in FreeType allowing for user-assisted remote execution of arbitrary code. A remote attacker could entice a user to use a specially crafted BDF font, possibly resulting in a heap-based buffer overflow and the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/128033 * Gentoo: Tomcat Information disclosure 1st, May, 2007 A vulnerability has been discovered in Tomcat that allows for the disclosure of sensitive information.A remote attacker could send a specially crafted URL to the vulnerable Tomcat server, possibly resulting in a directory traversal and read access to arbitrary files with the privileges of the user running Tomcat. Note that this vulnerability can only be exploited when using apache proxy modules like mod_proxy, mod_rewrite or mod_jk. http://www.linuxsecurity.com/content/view/128034 * Gentoo: Apache mod_perl Denial of Service 2nd, May, 2007 The mod_perl Apache module is vulnerable to a Denial of Service when processing regular expressions. A remote attacker could send a specially crafted URL to the vulnerable server, possibly resulting in a massive resource consumption. http://www.linuxsecurity.com/content/view/128037 * Gentoo: Quagga Denial of Service 2nd, May, 2007 A vulnerability has been discovered in Quagga allowing for a Denial of Service. A malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon. http://www.linuxsecurity.com/content/view/128039 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated postgresql packages fix vulnerability 26th, April, 2007 A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function. http://www.linuxsecurity.com/content/view/127947 * Mandriva: Updated ktorrent packages fix vulnerability 1st, May, 2007 A directory traversal vulnerability was found in KTorrent prior to 2.1.2, due to an incomplete fix for a prior directory traversal vulnerability that was corrected in version 2.1.2. Previously, KTorrent would only check for the string .., which could permit strings such as ../. http://www.linuxsecurity.com/content/view/128036 * Mandriva: Updated quagga packages fix DoS vulnerability 2nd, May, 2007 The BGP routing daemon in Quagga did not properly validate length values in NLRI attributes which could allow a remote attacker to cause a denial of service via a crafted UPDATE message that triggered an assertion error or out of bounds read. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/128052 * Mandriva: Updated xscreensaver packages fix vulnerability 3rd, May, 2007 A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/128055 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: kernel security and bug fix update 30th, April, 2007 Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. Fixes a flaw in the IPv6 socket option handling that allowed a local user to read arbitrary kernel memory. Also flaw in the IPv6 socket option handling that allowed a local user to cause a denial of service. And a flaw in the utrace support that allowed a local user to cause a denial of service. http://www.linuxsecurity.com/content/view/127990 * RedHat: Low: unzip security and bug fix update 1st, May, 2007 Updated unzip packages that fix two security issues and various bugs are now available. A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475) http://www.linuxsecurity.com/content/view/128020 * RedHat: Low: w3c-libwww security and bug fix update 1st, May, 2007 Updated w3c-libwww packages that fix a security issue and a bug are now available. Several buffer overflow flaws in w3c-libwww were found. If a client application that uses w3c-libwww connected to a malicious HTTP server, it could trigger an out of bounds memory access, causing the client application to crash (CVE-2005-3183). http://www.linuxsecurity.com/content/view/128021 * RedHat: Moderate: gcc security and bug fix update 1st, May, 2007 Updated gcc packages that fix a security issue and various bugs are now available. Weigert discovered a directory traversal flaw in fastjar. An attacker could create a malicious JAR file which, if unpacked using fastjar, could write to any files the victim had write access to. http://www.linuxsecurity.com/content/view/128022 * RedHat: Low: gdb security and bug fix update 1st, May, 2007 An updated gdb package that fixes a security issue and various bugs is now available. Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If a user loaded an executable containing malicious debugging information into GDB, an attacker might be able to execute arbitrary code with the privileges of the user. http://www.linuxsecurity.com/content/view/128023 * RedHat: Low: util-linux security and bug fix update 1st, May, 2007 An updated util-linux package that corrects a security issue and fixes several bugs is now available.A flaw was found in the way the login process handled logins which did not require authentication. Certain processes which conduct their own authentication could allow a remote user to bypass intended access policies which would normally be enforced by the login process. http://www.linuxsecurity.com/content/view/128024 * RedHat: Low: busybox security update 1st, May, 2007 Updated busybox packages that fix a security issue are now available. BusyBox did not use a salt when generating passwords. This made it easier for local users to guess passwords from a stolen password file. http://www.linuxsecurity.com/content/view/128025 * RedHat: Low: cpio security and bug fix update 1st, May, 2007 An updated cpio package that fixes a security issue and various bugs is now available. A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. (CVE-2005-4268) http://www.linuxsecurity.com/content/view/128026 * RedHat: Low: sendmail security and bug fix update 1st, May, 2007 Updated sendmail packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 4.The configuration of Sendmail on Red Hat Enterprise Linux was found to not reject the "localhost.localdomain" domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages http://www.linuxsecurity.com/content/view/128027 * RedHat: Low: openssh security and bug fix update 1st, May, 2007 Updated openssh packages that fix a security issue and various bugs are now available. OpenSSH stores hostnames, IP addresses, and keys in plaintext in the known_hosts file. A local attacker that has already compromised a user's SSH account could use this information to generate a list of additional targets that are likely to have the same password or key. http://www.linuxsecurity.com/content/view/128028 * RedHat: Low: shadow-utils security and bug fix update 1st, May, 2007 Updated shadow-utils packages that fix a security issue and various bugs are now available. A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. http://www.linuxsecurity.com/content/view/128029 * RedHat: Low: gdm security and bug fix update 1st, May, 2007 An updated gdm package that fixes a security issue and a bug is now available. Marcus Meissner discovered a race condition issue in the way Gdm modifies the permissions on the .ICEauthority file. A local attacker could exploit this flaw to gain privileges. Due to the nature of the flaw, however, a successful exploitation was unlikely. http://www.linuxsecurity.com/content/view/128030 * RedHat: Low: openldap security update 1st, May, 2007 A updated openldap packages that fix a security flaw is now available for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. http://www.linuxsecurity.com/content/view/128031 * RedHat: Important: xscreensaver security update 2nd, May, 2007 An updated xscreensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128047 * RedHat: Moderate: postgresql security update 3rd, May, 2007 Updated postgresql packages that fix several security vulnerabilities are now available for the Red Hat Application Stack. A flaw was found in the way PostgreSQL allows authenticated users to execute security-definer functions. It was possible for an unprivileged user to execute arbitrary code with the privileges of the security-definer function. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128061 * SuSE: Linux kernel (SUSE-SA:2007:029) 3rd, May, 2007 A NULL pointer dereference in the IPv6 sockopt handling could potentially be used by local attackers to read arbitrary kernel memory and thereby gain access to private information. http://www.linuxsecurity.com/content/view/128064 * Ubuntu: rdesktop regression 26th, April, 2007 USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem. http://www.linuxsecurity.com/content/view/127949 * Ubuntu: PHP vulnerabilities 27th, April, 2007 Stefan Esser discovered multiple vulnerabilities in the "Month of PHP bugs". The substr_compare() function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. (CVE-2007-1375) The shared memory (shmop) functions did not verify resource types, thus they could be called with a wrong resource type that might contain user supplied data. This could be exploited to read and write arbitrary memory addresses of the PHP interpreter. This issue does not affect Ubuntu 7.04. (CVE-2007-1376) http://www.linuxsecurity.com/content/view/127959 * Ubuntu: PostgreSQL vulnerability 27th, April, 2007 PostgreSQL did not handle the "search_path" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. http://www.linuxsecurity.com/content/view/127967 * Ubuntu: net-snmp vulnerability 2nd, May, 2007 The SNMP service did not correctly handle TCP disconnects. Remote subagents could cause a denial of service if they dropped a connection at a specific time. http://www.linuxsecurity.com/content/view/128048 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ __________________________ Subscribe to InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun May 06 2007 - 23:16:32 PDT