[ISN] Linux Advisory Watch - May 4th 2007

From: InfoSec News (alerts@private)
Date: Sun May 06 2007 - 23:06:51 PDT


+---------------------------------------------------------------------+
| LinuxSecurity.com                               Weekly Newsletter  |
| May 4th 2007                                  Volume 8, Number 18a |
+---------------------------------------------------------------------+

Editors:      Dave Wreski                     Benjamin D. Thomas
dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for php4, php5, qemu, wordpress,
selinux-policy, policycoreutils, bind, kernel, capi4k-utils, Ktorrent,
Tomcat, mod_perl, Quagga, postgresql, xscreensaver, unzip, w3c, gcc,
gdb, util-linux, busybox, cpio, sendmail, openssh, shadow-utils,
gdm, openldap, rdesktop, and net-snmp.  The distributors include
Debian, Fedora, Gentoo, Red Hat, and Ubuntu.

---

Vyatta: Open-Source Router / Firewall / VPN

Vyatta software and appliances combine the features, performance and
reliability of an enterprise-class router and firewall with the cost
savings and flexibility of open source solutions.

> > Free Vyatta Community Edition 2 Software & Live Demo Webinars
> > http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.

http://www.linuxsecurity.com/content/view/125052/171/

---


Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
| Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New php4 packages fix several vulnerabilities
26th, April, 2007

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

http://www.linuxsecurity.com/content/view/127952


* Debian: New php5 packages fix several vulnerabilities
29th, April, 2007

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures

project identifies the following problems:

http://www.linuxsecurity.com/content/view/127980


* Debian: New qemu packages fix several vulnerabilities
1st, May, 2007

Several vulnerabilities have been discovered in the QEMU processor
emulator, which may lead to the execution of arbitrary code or denial
of service. The Common Vulnerabilities and Exposures project identifies
the following problems.

http://www.linuxsecurity.com/content/view/128002


* Debian: New wordpress packages fix multiple vulnerabilities
1st, May, 2007

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in
WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series,
allows remote authenticated users with theme privileges to inject
arbitrary web script or HTML via the PATH_INFO in the administration
interface, related to loose regular expression processing of
PHP_SELF.

http://www.linuxsecurity.com/content/view/128019


* Debian: New Linux 2.6.18 packages fix several vulnerabilities
2nd, May, 2007

Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the

http://www.linuxsecurity.com/content/view/128049


+---------------------------------+
| Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 6 Update: selinux-policy-2.4.6-62.fc6
30th, April, 2007

- Revert patch to stop secadm and sysadm from having audit_control
- Allow clamav to create pid files in amavis_var_run
- Allow apcupsd to send itselef signals

http://www.linuxsecurity.com/content/view/127993


* Fedora Core 6 Update: policycoreutils-1.34.1-8.fc6
30th, April, 2007

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the
proper
context.

http://www.linuxsecurity.com/content/view/127994


* Fedora Core 6 Update: bind-9.3.4-4.fc6
30th, April, 2007

- race-condition has been discovered in bind's dbus code
- some minor issues in bind-chroot-admin script

http://www.linuxsecurity.com/content/view/127995


* Fedora Core 6 Update: kernel-2.6.20-1.2948.fc6
1st, May, 2007

The IPv6 protocol allows remote attackers to cause a denial
of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification
between two routers.

http://www.linuxsecurity.com/content/view/128016


* Fedora Core 5 Update: kernel-2.6.20-1.2316.fc5
1st, May, 2007

The IPv6 protocol allows remote attackers to cause a denial
of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification
between two routers.

http://www.linuxsecurity.com/content/view/128017



+---------------------------------+
| Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: BEAST Denial of Service
27th, April, 2007

A vulnerability has been discovered in BEAST allowing for a Denial of

Service.

http://www.linuxsecurity.com/content/view/127973


* Gentoo: capi4k-utils Buffer overflow
27th, April, 2007

capi4k-utils is vulnerable to a buffer overflow in the bufprint()
function.

http://www.linuxsecurity.com/content/view/127974


* Gentoo: Ktorrent Multiple vulnerabilities
1st, May, 2007

Multiple vulnerabilities have been discovered in Ktorrent allowing for 
the remote execution of arbitrary code and a Denial of Service. A remote 
attacker could entice a user to download a specially crafted torrent 
file, possibly resulting in the remote execution of arbitrary code with 
the privileges of the user running Ktorrent.

http://www.linuxsecurity.com/content/view/128032


* Gentoo: FreeType User-assisted execution of arbitrary code
1st, May, 2007

A vulnerability has been discovered in FreeType allowing for
user-assisted remote execution of arbitrary code. A remote attacker
could entice a user to use a specially crafted BDF font, possibly
resulting in a heap-based buffer overflow and the remote execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/128033


* Gentoo: Tomcat Information disclosure
1st, May, 2007

A vulnerability has been discovered in Tomcat that allows for the
disclosure of sensitive information.A remote attacker could send a
specially crafted URL to the vulnerable Tomcat server, possibly
resulting in a directory traversal and read access to arbitrary files
with the privileges of the user running Tomcat. Note that this
vulnerability can only be exploited when using
apache proxy modules like mod_proxy, mod_rewrite or mod_jk.

http://www.linuxsecurity.com/content/view/128034


* Gentoo: Apache mod_perl Denial of Service
2nd, May, 2007

The mod_perl Apache module is vulnerable to a Denial of Service when
processing regular expressions. A remote attacker could send a
specially crafted URL to the vulnerable server, possibly resulting in
a massive resource consumption.

http://www.linuxsecurity.com/content/view/128037


* Gentoo: Quagga Denial of Service
2nd, May, 2007

A vulnerability has been discovered in Quagga allowing for a Denial
of Service. A malicious peer inside a BGP area could send a specially
crafted packet to a Quagga instance, possibly resulting in a crash of
the Quagga daemon.

http://www.linuxsecurity.com/content/view/128039


+---------------------------------+
| Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated postgresql packages fix vulnerability
26th, April, 2007

 A weakness in previous versions of PostgreSQL was found in the
security definer functions in which an authenticated but otherwise
unprivileged SQL user could use temporary objects to execute arbitrary
code with the privileges of the security-definer function.

http://www.linuxsecurity.com/content/view/127947


* Mandriva: Updated ktorrent packages fix vulnerability
1st, May, 2007

 A directory traversal vulnerability was found in KTorrent prior to
2.1.2, due to an incomplete fix for a prior directory traversal
vulnerability that was corrected in version 2.1.2.  Previously,
KTorrent would only check for the string .., which could permit
strings such as ../.

http://www.linuxsecurity.com/content/view/128036


* Mandriva: Updated quagga packages fix DoS vulnerability
2nd, May, 2007

 The BGP routing daemon in Quagga did not properly validate length
values in NLRI attributes which could allow a remote attacker to
cause a denial of service via a crafted UPDATE message that triggered an
assertion error or out of bounds read. Updated packages have been
patched to correct this issue.

http://www.linuxsecurity.com/content/view/128052


* Mandriva: Updated xscreensaver packages fix vulnerability
3rd, May, 2007

 A problem with the way xscreensaver verifies user passwords
was discovered by Alex Yamauchi.  When a system is using remote
authentication (i.e. LDAP) for logins, a local attacker able to cause
a network outage on the system could cause xscreensaver to crash,
which would unlock the screen. Updated packages have been patched
to correct this issue.

http://www.linuxsecurity.com/content/view/128055



+---------------------------------+
| Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: kernel security and bug fix update
30th, April, 2007

Updated kernel packages that fix security issues and bugs in the Red Hat 
Enterprise Linux 5 kernel are now available. Fixes a flaw in the IPv6 
socket option handling that allowed a local user to read arbitrary 
kernel memory. Also flaw in the IPv6 socket option handling that allowed 
a local user to cause a denial of service. And a flaw in the utrace 
support that allowed a local user to cause a denial of service.

http://www.linuxsecurity.com/content/view/127990


* RedHat: Low: unzip security and bug fix update
1st, May, 2007

Updated unzip packages that fix two security issues and various bugs
are now available. A race condition was found in Unzip. Local users
could use this flaw to modify permissions of arbitrary files via a hard
link attack on a file while it was being decompressed (CVE-2005-2475)

http://www.linuxsecurity.com/content/view/128020


* RedHat: Low: w3c-libwww security and bug fix update
1st, May, 2007

Updated w3c-libwww packages that fix a security issue and a bug are
now available. Several buffer overflow flaws in w3c-libwww were found. If
a client application that uses w3c-libwww connected to a malicious HTTP
server, it could trigger an out of bounds memory access, causing the client
application to crash (CVE-2005-3183).

http://www.linuxsecurity.com/content/view/128021


* RedHat: Moderate: gcc security and bug fix update
1st, May, 2007

Updated gcc packages that fix a security issue and various bugs are
now available. Weigert discovered a directory traversal flaw in fastjar.
An attacker could create a malicious JAR file which, if unpacked using
fastjar, could write to any files the victim had write access to.

http://www.linuxsecurity.com/content/view/128022


* RedHat: Low: gdb security and bug fix update
1st, May, 2007

An updated gdb package that fixes a security issue and various bugs
is now available. Various buffer overflows and underflows were found
in the DWARF expression computation stack in GDB. If a user loaded an
executable containing malicious debugging information into GDB, an
attacker might be able to execute arbitrary code with the privileges
of the user.

http://www.linuxsecurity.com/content/view/128023


* RedHat: Low: util-linux security and bug fix update
1st, May, 2007

An updated util-linux package that corrects a security issue and
fixes several bugs is now available.A flaw was found in the way the login
process handled logins which did not require authentication. Certain
processes which conduct their own authentication could allow a remote
user to bypass intended access policies which would normally be
enforced by the login process.

http://www.linuxsecurity.com/content/view/128024


* RedHat: Low: busybox security update
1st, May, 2007

Updated busybox packages that fix a security issue are now available.
BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password
file.

http://www.linuxsecurity.com/content/view/128025


* RedHat: Low: cpio security and bug fix update
1st, May, 2007

An updated cpio package that fixes a security issue and various bugs
is now available. A buffer overflow was found in cpio on 64-bit platforms.
By tricking a user into adding a specially crafted large file to a cpio
archive, a local attacker may be able to exploit this flaw to execute
arbitrary code with the target user's privileges. (CVE-2005-4268)

http://www.linuxsecurity.com/content/view/128026


* RedHat: Low: sendmail security and bug fix update
1st, May, 2007

Updated sendmail packages that fix a security issue and various bugs
are now available for Red Hat Enterprise Linux 4.The configuration of
Sendmail on Red Hat Enterprise Linux was found to not reject the
"localhost.localdomain" domain name for e-mail messages that came
from external hosts. This could have allowed remote attackers to
disguise spoofed messages


http://www.linuxsecurity.com/content/view/128027


* RedHat: Low: openssh security and bug fix update
1st, May, 2007

Updated openssh packages that fix a security issue and various bugs
are now available. OpenSSH stores hostnames, IP addresses, and keys in
plaintext in the known_hosts file.  A local attacker that has already
compromised a user's SSH account could use this information to generate
a list of additional targets that are likely to have the same password
or key.

http://www.linuxsecurity.com/content/view/128028


* RedHat: Low: shadow-utils security and bug fix update
1st, May, 2007

Updated shadow-utils packages that fix a security issue and various
bugs are now available. A flaw was found in the useradd tool in
shadow-utils. A new user's mailbox, when created, could have random
permissions for a short period. This could allow a local attacker
to read or modify the mailbox.

http://www.linuxsecurity.com/content/view/128029


* RedHat: Low: gdm security and bug fix update
1st, May, 2007

An updated gdm package that fixes a security issue and a bug is now
available. Marcus Meissner discovered a race condition issue in the way Gdm
modifies the permissions on the .ICEauthority file. A local attacker could
exploit this flaw to gain privileges. Due to the nature of the flaw, however,
a successful exploitation was unlikely.

http://www.linuxsecurity.com/content/view/128030


* RedHat: Low: openldap security update
1st, May, 2007

A updated openldap packages that fix a security flaw is now available
for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP
handled selfwrite access. Users with selfwrite access were able to
modify the distinguished name of any user.

http://www.linuxsecurity.com/content/view/128031


* RedHat: Important: xscreensaver security update
2nd, May, 2007

An updated xscreensaver package that fixes a security flaw is now
available for Red Hat Enterprise Linux 2.1, 3, and 4.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128047


* RedHat: Moderate: postgresql security update
3rd, May, 2007

Updated postgresql packages that fix several security vulnerabilities
are now available for the Red Hat Application Stack. A flaw was found in
the way PostgreSQL allows authenticated users to execute
security-definer functions.  It was possible for an unprivileged user
to execute arbitrary code with the privileges of the security-definer
function. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128061


* SuSE: Linux kernel (SUSE-SA:2007:029)
3rd, May, 2007

A NULL pointer dereference in the IPv6 sockopt handling could
potentially be used by local attackers to read arbitrary kernel
memory and thereby gain access to private information.

http://www.linuxsecurity.com/content/view/128064


* Ubuntu:  rdesktop regression
26th, April, 2007

USN-453-1 provided an updated libx11 package to fix a security
vulnerability. This triggered an error in rdesktop so that it crashed
on startup. This update fixes the problem.

http://www.linuxsecurity.com/content/view/127949


* Ubuntu:  PHP vulnerabilities
27th, April, 2007

Stefan Esser discovered multiple vulnerabilities in the "Month of PHP 
bugs". The substr_compare() function did not sufficiently verify its 
length argument. This might be exploited to read otherwise unaccessible 
memory, which might lead to information disclosure. (CVE-2007-1375) The 
shared memory (shmop) functions did not verify resource types, thus they 
could be called with a wrong resource type that might contain user 
supplied data. This could be exploited to read and write arbitrary 
memory addresses of the PHP interpreter.  This issue does not affect 
Ubuntu 7.04. (CVE-2007-1376)

http://www.linuxsecurity.com/content/view/127959


* Ubuntu:  PostgreSQL vulnerability
27th, April, 2007

PostgreSQL did not handle the "search_path" configuration option in a 
secure way for functions declared as "SECURITY DEFINER". Previously, an 
attacker could override functions and operators used by the security 
definer function to execute arbitrary SQL commands with the privileges 
of the user who created the security definer function.

http://www.linuxsecurity.com/content/view/127967


* Ubuntu:  net-snmp vulnerability
2nd, May, 2007

The SNMP service did not correctly handle TCP disconnects.  Remote
subagents could cause a denial of service if they dropped a
connection at a specific time.

http://www.linuxsecurity.com/content/view/128048

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

To unsubscribe email newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Sun May 06 2007 - 23:16:32 PDT