[ISN] Linux Advisory Watch - May 11th 2007

From: InfoSec News (alerts@private)
Date: Mon May 14 2007 - 01:23:52 PDT


+---------------------------------------------------------------------+
| LinuxSecurity.com                               Weekly Newsletter  |
| May 11th 2007                                 Volume 8, Number 19a |
+---------------------------------------------------------------------+

Editors:      Dave Wreski                     Benjamin D. Thomas
dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for ldap-account-manager, pptpd,
vim, evolution-data-server, X11, Lighttpd, GIMP, IPsec, MySQL,
ImageMagick, xscreenserver, bind, clamav, python, postgsql, php,
freeradius, elinks, and MoinMoin.  The distributors include
Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, SuSE,
and Ubuntu.

---

Vyatta: Open-Source Router / Firewall / VPN

Vyatta software and appliances combine the features, performance and
reliability of an enterprise-class router and firewall with the cost
savings and flexibility of open source solutions.

> > Free Vyatta Community Edition 2 Software & Live Demo Webinars
> > http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.

http://www.linuxsecurity.com/content/view/125052/171/

---


Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
| Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New ldap-account-manager packages fix multiple
vulnerabilities
7th, May, 2007

Two vulnerabilities have been identified in the version of
ldap-account-manager shipped with Debian 3.1 (sarge). An untrusted
PATH vulnerability could allow a local attacker to execute arbitrary
code with elevated privileges by providing a malicious rm executable
and specifying a PATH environment variable referencing this
executable.

http://www.linuxsecurity.com/content/view/128085


* Debian: New pptpd packages fix denial of service
8th, May, 2007

It was discovered that the PoPToP Point to Point Tunneling Server
contains a programming error, which allows the tear-down of a PPTP
connection through a malformed GRE packet, resulting in denial of
service.

http://www.linuxsecurity.com/content/view/128122



+---------------------------------+
| Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 6 Update: vim-7.0.235-1.fc6
7th, May, 2007

This update fixes several issues where opening a malicious
file with vim can run an arbitrary command via modeline

http://www.linuxsecurity.com/content/view/128099


* Fedora Core 5 Update: evolution-data-server-1.6.3-4.fc5
7th, May, 2007

This update fixes a security vulnerability in APOP authentication.
This only affects POP mail accounts.

http://www.linuxsecurity.com/content/view/128100


* Fedora Core 6 Update: evolution-data-server-1.8.3-6.fc6
7th, May, 2007

This update fixes a security vulnerability in APOP authentication.
This only affects POP mail accounts.

http://www.linuxsecurity.com/content/view/128102



+---------------------------------+
| Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: X.Org X11 library Multiple integer overflows
5th, May, 2007

The X.Org X11 library contains multiple integer overflows, which
could lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/128077


* Gentoo: Lighttpd Two Denials of Service
7th, May, 2007

Two vulnerabilities have been discovered in Lighttpd, each allowing
for a Denial of Service.Robert Jakabosky discovered an infinite loop
triggered by a connection abort when Lighttpd processes carriage
return and line feed sequences. Marcus Rueckert discovered a NULL
pointer dereference when a server running Lighttpd tries to access
a file with a mtime of 0.

http://www.linuxsecurity.com/content/view/128088


* Gentoo: GIMP Buffer overflow
7th, May, 2007

GIMP is vulnerable to a buffer overflow which may lead to the
execution of arbitrary code.Marsu discovered that the "set_color_table()"
function in the SUNRAS plugin is vulnerable to a stack-based buffer
overflow.

http://www.linuxsecurity.com/content/view/128089


* Gentoo: IPsec-Tools Denial of Service
8th, May, 2007

IPsec-Tools contains a vulnerability that allows a remote attacker to

crash the IPsec tunnel. A remote attacker could send a specially
crafted IPsec message to one of the two peers during the beginning of
phase 1, resulting in the
termination of the IPsec exchange.

http://www.linuxsecurity.com/content/view/128111


* Gentoo: LibXfont, TightVNC Multiple vulnerabilities
8th, May, 2007

Multiple vulnerabilities have been reported in libXfont and TightVNC,

allowing for the execution of arbitrary code with root privileges.
The libXfont code is prone to several integer overflows, in functions
ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable().
TightVNC contains a local copy of this code and is also affected.

http://www.linuxsecurity.com/content/view/128118


* Gentoo: MySQL Two Denial of Service vulnerabilities
8th, May, 2007

Two Denial of Service vulnerabilities have been discovered in MySQL.
Mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when
processing certain types of SQL requests. Sec Consult also discovered
another NULL pointer dereference when sorting certain types of
queries on the database metadata.

http://www.linuxsecurity.com/content/view/128119


* Gentoo: PostgreSQL Privilege escalation
10th, May, 2007

An error involving insecure search_path settings in the SECURITY
DEFINER functions has been reported in PostgreSQL. This error
contains a vulnerability that could result in SQL privilege
escalation.

http://www.linuxsecurity.com/content/view/128148


* Gentoo: ImageMagick Multiple buffer overflows
10th, May, 2007

iDefense Labs has discovered multiple integer overflows in
ImageMagick in the functions ReadDCMImage() and ReadXWDImage(),
that are used to process DCM and XWD files. It can allow for the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/128149


+---------------------------------+
| Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated xscreensaver packages fix vulnerability
3rd, May, 2007

 A problem with the way xscreensaver verifies user passwords
was discovered by Alex Yamauchi.  When a system is using remote
authentication (i.e. LDAP) for logins, a local attacker able to cause
a network outage on the system could cause xscreensaver to crash,
which would unlock the screen. Updated packages have been patched to
correct this issue.

http://www.linuxsecurity.com/content/view/128055


* Mandriva: Updated bind packages fix vulnerability
9th, May, 2007

A vulnerability in ISC BIND 9.4.0, when recursion is enabled, could
allow a remote attacker to cause a denial of service (daemon exit)
via a certain sequence of queries. BIND 9.4.1, which corrects this
issue, is provided with this update.

http://www.linuxsecurity.com/content/view/128132


* Mandriva: Updated clamav packages fix vulnerabilities
8th, May, 2007

iDefense discovered a stack-based overflow in ClamAV when processing
negative values in .cab files.	As well, multiple file descriptor
leaks were also reported and fixed in chmunpack.c, pdf.c, and
dblock.c. This update provides ClamAV 0.90.2 which corrects these
problems and provides new functionality.

http://www.linuxsecurity.com/content/view/128123


* Mandriva: Updated python packages fix vulnerabilities
8th, May, 2007

 An off-by-one error was discovered in the PyLocale_strxfrm function
in Python 2.4 and 2.5 that could allow context-dependent attackers
the ability to read portions of memory via special manipulations that
trigger a buffer over-read due to missing null termination.
The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/128124


* Mandriva: Updated bind packages fix vulnerability
9th, May, 2007

 A vulnerability in vim 7.0's modeline processing capabilities was
discovered where a user with modelines enabled could open a text file
containing a carefully crafted modeline, executing arbitrary commands
as the user running vim.Updated packages have been patched to prevent
this issue.

http://www.linuxsecurity.com/content/view/128138


+---------------------------------+
| Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: postgresql security update
3rd, May, 2007

Updated postgresql packages that fix several security vulnerabilities
are now available for the Red Hat Application Stack. A flaw was found in
the way PostgreSQL allows authenticated users to execute
security-definer functions.  It was possible for an unprivileged user
to execute arbitrary code with the privileges of the security-definer
function. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128061


* RedHat: Moderate: postgresql security update
8th, May, 2007

Updated postgresql packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5. A flaw was found
in the way PostgreSQL allows authenticated users to execute
security-definer functions.  It was possible for an unprivileged user
to execute arbitrary code with the privileges of the security-definer
function.

http://www.linuxsecurity.com/content/view/128116


* RedHat: Important: php security update
8th, May, 2007

Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.A heap buffer overflow
flaw was found in the PHP 'xmlrpc' extension.  A PHP script which
implements an XML-RPC server using this extension could allow a
remote attacker to execute arbitrary code as the 'apache' user. This
update has been rated as having important security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128117


* RedHat: Moderate: vim security update
9th, May, 2007

Updated vim packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.An arbitrary command execution flaw was found
in the way VIM processes modelines.  If a user with modelines enabled
opened a text file containing a carefully crafted modeline, arbitrary
commands could be executed as the user running VIM. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/128128


* RedHat: Important: php security update
9th, May, 2007

Updated PHP packages that fix two security issues are now available
for Red Hat Enterprise Linux 4.A heap buffer overflow flaw was found
in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC
server using this extension could allow a remote attacker to execute
arbitrary code as the 'apache' user. Note that this flaw does not affect
PHP applications using the pure-PHP XML_RPC class provided in
/usr/share/pear.


http://www.linuxsecurity.com/content/view/128129


* RedHat: Important: php security update
10th, May, 2007

Updated PHP packages that fix several security issues are now
available for Red Hat Application Stack.This update has been rated
as having important security impact by the Red Hat Security Response
Team.

http://www.linuxsecurity.com/content/view/128144


* RedHat: Moderate: freeradius security update
10th, May, 2007

Updated freeradius packages that fix a memory leak flaw are now
available for Red Hat Enterprise Linux 3, 4, and 5. A remote attacker
could send a specially crafted authentication request which could cause
FreeRADIUS to leak a small amount of memory. If enough of these requests
are sent, the FreeRADIUS daemon would consume a vast quantity of system
memory leading to a possible denial of service.

http://www.linuxsecurity.com/content/view/128146



+---------------------------------+
| Distribution: Slasware         | ----------------------------//
+---------------------------------+

* Slackware:  php
8th, May, 2007

New php packages are available for Slackware 10.2, 11.0, and -current
to improve the stability and security of PHP.  Quite a few bugs were
fixed please see http://www.php.net for a detailed list.

http://www.linuxsecurity.com/content/view/128106



+---------------------------------+
| Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: Linux kernel (SUSE-SA:2007:029)
3rd, May, 2007

A NULL pointer dereference in the IPv6 sockopt handling could
potentially be used by local attackers to read arbitrary kernel
memory and thereby gain access to
private information.

http://www.linuxsecurity.com/content/view/128064


* SuSE: Linux kernel (SUSE-SA:2007:030)
10th, May, 2007

This kernel update is for SUSE Linux 9.3 which fixes the some
security problems. The ftdi_sio driver allowed local users to cause
a denial of service (memory consumption) by writing more data to the
serial port than the hardware can handle, which causes the data to
be queued. This requires this driver to be loaded, which only happens
if such a device is plugged in.

http://www.linuxsecurity.com/content/view/128140


+---------------------------------+
| Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  elinks vulnerability
7th, May, 2007

Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path.	If a user were tricked into
running elinks from a specific directory, a local attacker could
execute code with user privileges.

http://www.linuxsecurity.com/content/view/128086


* Ubuntu:  MoinMoin vulnerabilities
8th, May, 2007

A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action.  By tricking a user into viewing a crafted
MoinMoin URL, an attacker could execute arbitrary JavaScript as the
current MoinMoin user, possibly exposing the user's authentication
information for the domain where MoinMoin was hosted.

http://www.linuxsecurity.com/content/view/128107


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 14 2007 - 01:37:54 PDT