[ISN] Linux Advisory Watch - May 18th 2007

From: InfoSec News (alerts@private)
Date: Sun May 20 2007 - 23:26:34 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  May 18th 2007                                 Volume 8, Number 20a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for squirrelmail, samba, qt4-x11,
samba, php, postgresql, ImageMagick, Xscreensaver, phpwiki, mod_security,
free radius, tomcat, bluez-utils, ipsec tools, vixie-cron, evolution,
libpng, and pptpd.  The distributors include Debian, Fedora, Gentoo,
Mandriva, Red Hat, Slackware, SuSE, and Ubuntu.

---

Vyatta Open-Source Router, Firewall & VPN

Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of open-source solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.

 >> Free Webinars & Vyatta Community Edition 2 Software
 >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.

http://www.linuxsecurity.com/content/view/125052/171/

---


Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New Linux 2.6.18 packages fix several vulnerabilities
  13th, May, 2007

Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code. We recommend that you upgrade your kernel package immediately
and reboot the machine. If you have built a custom kernel from the kernel
source package, you will need to rebuild to take advantage of these
fixes.

http://www.linuxsecurity.com/content/view/128165


* Debian: New squirrelmail packages fix cross-site scripting
  13th, May, 2007

It was discovered that the webmail package Squirrelmail performs
insufficient sanitising inside the HTML filter, which allows the
injection of arbitrary web script code during the display of HTML
email messages.

http://www.linuxsecurity.com/content/view/128166


* Debian: New samba packages fix multiple vulnerabilities
  15th, May, 2007

Several issues have been identified in Samba, the SMB/CIFS file and
print-server implementation for GNU/Linux. When translating SIDs
to/from names using Samba local list of user and group accounts, a
logic error in the smbd daemon's internal security stack may result
in a transition to the root user id rather than the
non-root user.

http://www.linuxsecurity.com/content/view/128207


* Debian: New qt4-x11 packages fix cross-site scripting vulnerability
  15th, May, 2007

ndreas Nolden discovered a bug in the UTF8 decoding routines in
qt4-x11, a C++ GUI library framework, that could allow remote
attackers to conduct cross-site scripting (XSS) and directory
traversal attacks via long sequences that decode to dangerous
metacharacters.

http://www.linuxsecurity.com/content/view/128209


* Debian: New samba packages fix multiple vulnerabilities
  17th, May, 2007

Various bugs in Samba's NDR parsing can allow a user to send
specially crafted MS-RPC requests that will overwrite the heap space
with user defined data.

http://www.linuxsecurity.com/content/view/128228



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 6 Update: php-5.1.6-3.6.fc6
  14th, May, 2007

This update fixes a number of security issues in PHP. A heap buffer
overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script
which implements an XML-RPC server using this extension could allow a
remote attacker to execute arbitrary code as the 'apache' user. Note
that this flaw does not affect PHP applications using the pure-PHP
XML_RPC class provided in /usr/share/pear.

http://www.linuxsecurity.com/content/view/128184


* Fedora Core 5 Update: samba-3.0.24-5.fc5
  14th, May, 2007

This release of Samba fixes some Serious security bugs,
CVE-2007-2444, CVE-2007-2446 and CVE-2007-2447. Fixes the security
bugs which causes a Samba smbd denial of service.

http://www.linuxsecurity.com/content/view/128189


* Fedora Core 6 Update: samba-3.0.24-5.fc6
  14th, May, 2007

This release of Samba fixes some Serious security bugs CVE-2007-2444,
CVE-2007-2446, and CVE-2007-2447

http://www.linuxsecurity.com/content/view/128192



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: PostgreSQL Privilege escalation
  10th, May, 2007

An error involving insecure search_path settings in the SECURITY
DEFINER functions has been reported in PostgreSQL. This error
contains a vulnerability that could result in SQL privilege
escalation.

http://www.linuxsecurity.com/content/view/128148


* Gentoo: ImageMagick Multiple buffer overflows
  10th, May, 2007

iDefense Labs has discovered multiple integer overflows in
ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are
used to process DCM and XWD files. It can allow for the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/128149


* Gentoo: XScreenSaver Privilege escalation
  13th, May, 2007

XScreenSaver allows local users to bypass authentication under
certain configurations.  XScreenSaver incorrectly handles the results of
the getpwuid() function in drivers/lock.c when using directory servers
during a network outage.

http://www.linuxsecurity.com/content/view/128167


* Gentoo: ImageMagick Multiple buffer overflows
  14th, May, 2007

Multiple integer overflows have been discovered in ImageMagick
allowing for the execution of arbitrary code. iDefense Labs has discovered
integer overflows in ImageMagick in the functions ReadDCMImage() and
ReadXWDImage(), that are used to process DCM and XWD files.

http://www.linuxsecurity.com/content/view/128177


* Gentoo: Samba Multiple vulnerabilities
  15th, May, 2007

Samba contains multiple vulnerabilities potentially resulting in the
execution of arbitrary code with root privileges. A remote attacker
could exploit these vulnerabilities to gain root privileges via
various vectors.

http://www.linuxsecurity.com/content/view/128202


* Gentoo: PhpWiki Remote execution of arbitrary code
  17th, May, 2007

A vulnerability has been discovered in PhpWiki allowing for the
remote execution of arbitrary code. A remote attacker could upload a
specially crafted PHP file to the vulnerable server, resulting in the
execution of arbitrary PHP code with the privileges of the user running
PhpWiki.

http://www.linuxsecurity.com/content/view/128229


* Gentoo: Apache mod_security Rule bypass
  17th, May, 2007

A vulnerability has been discovered in mod_security, allowing a
remote attacker to bypass rules.A remote attacker could send a specially
crafted POST request, possibly bypassing the module ruleset and
leading to the execution of arbitrary code in the scope of the web
server with the rights of the user running
the web server.

http://www.linuxsecurity.com/content/view/128230



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated php packages fix multiple vulnerabilities
  10th, May, 2007

A heap buffer overflow flaw was found in the xmlrpc extension for
PHP. A script that implements an XML-RPC server using this extension could
allow a remote attacker to execute arbitrary code as the apache user.
This flaw does not, however, affect PHP applications using the
pure-PHP XML_RPC class provided via PEAR.


http://www.linuxsecurity.com/content/view/128153


* Mandriva: Updated php packages fix multiple vulnerabilities
  10th, May, 2007

A heap buffer overflow flaw was found in the xmlrpc extension for
PHP. A script that implements an XML-RPC server using this extension
could allow a remote attacker to execute arbitrary code as the apache
user. This flaw does not, however, affect PHP applications using the
pure-PHP XML_RPC class provided via PEAR

http://www.linuxsecurity.com/content/view/128154


* Mandriva: Updated samba packages fix multiple vulnerabilities
  14th, May, 2007

A number of bugs were discovered in the NDR parsing support in Samba
that is used to decode MS-RPC requests.  A remote attacker could
send a carefully crafted request that would cause a heap overflow,
possibly leading to the ability to execute arbitrary code on the
server

http://www.linuxsecurity.com/content/view/128199


* RedHat: Important: php security update
  10th, May, 2007

Updated PHP packages that fix several security issues are now
available for Red Hat Application Stack.This update has been rated as
having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128144



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: freeradius security update
  10th, May, 2007

Updated freeradius packages that fix a memory leak flaw are now
available for Red Hat Enterprise Linux 3, 4, and 5. A remote attacker
could send a specially crafted authentication request which could cause
FreeRADIUS to leak a small amount of memory. If enough of these requests
are sent, the FreeRADIUS daemon would consume a vast quantity of
system memory leading to a possible denial of service.

http://www.linuxsecurity.com/content/view/128146


* RedHat: Critical: samba security update
  14th, May, 2007

Updated samba packages that fix several security flaws are now
available.Various bugs were found in NDR parsing, used to decode
MS-RPC requests in Samba.  A remote attacker could have sent
carefully crafted requests causing a heap overflow, which may have
led to the ability to execute arbitrary code on the server.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128174


* RedHat: Important: tomcat security update
  14th, May, 2007

Updated tomcat packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5. Tomcat was found to accept
multiple content-length headers in a request. This could allow attackers
to poison a web-cache, bypass web application firewall protection, or conduct
cross-site scripting attacks.  This update has been rated as having important
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128175


* RedHat: Moderate: bluez-utils security update
  14th, May, 2007

Updated bluez-utils packages that fix a security flaw are now
available for Red Hat Enterprise Linux 4. A flaw was found in the
Bluetooth HID daemon (hidd). A remote attacker would have been able
to inject keyboard and mouse events via a Bluetooth connection without
any authorization. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128176


* RedHat: Important: kernel security and bug fix update
  16th, May, 2007

Updated kernel packages that fix security issues and bugs in the Red
Hat Enterprise Linux 5 kernel are now available.One of the flaws is in
the handling of IPv6 type 0 routing headers that allowed remote users
to cause a denial of service that led to a network amplification between
two routers. This update has been rated as having important security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128219


* RedHat: Moderate: ipsec-tools security update
  17th, May, 2007

Updated ipsec-tools packages that fix a denial of service flaw in
racoon are now available for Red Hat Enterprise Linux 5. A denial of
service flaw was found in the ipsec-tools racoon daemon. It was possible
for a remote attacker, with knowledge of an existing ipsec tunnel, to
terminate the ipsec connection between two machines. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/128231


* RedHat: Moderate: vixie-cron security update
  17th, May, 2007

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Raphael Marichez discovered a denial of service bug in the way
vixie-cron verifies crontab file integrity. A local user with the ability
to create a hardlink to /etc/crontab can prevent vixie-cron from executing
certain system cron jobs.

http://www.linuxsecurity.com/content/view/128232


* RedHat: Moderate: evolution security update
  17th, May, 2007

Updated evolution packages that fix a security bug are now available
for Red Hat Enterprise Linux 3 and 4. A flaw was found in the way
Evolution processed certain APOP authentication requests. A remote
attacker could potentially acquire certain portions of a user's
authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP
server.


http://www.linuxsecurity.com/content/view/128233


* RedHat: Moderate: squirrelmail security update
  17th, May, 2007

A new squirrelmail package that fixes security issues is now
available for Red Hat Enterprise Linux 3, 4 and 5.Several HTML
filtering bugs were discovered in SquirrelMail.  An attacker
could inject arbitrary JavaScript leading to cross-site scripting
attacks by sending an e-mail viewed by a user within SquirrelMail.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128234


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

* Slackware:   samba
  15th, May, 2007

New samba packages are available for Slackware 10.0, 10.1, 10.2,
11.0, and current to fix security issues. The security fixes local SID/Name
translation bug can result in user privilege elevation, multiple heap
overflows allow remote code execution, and Unescaped user input
parameters are passed as arguments to /bin/sh allowing for remote
command execution. Vulnerabilities and Exposures (CVE) database:

http://www.linuxsecurity.com/content/view/128200


* Slackware:   libpng
  16th, May, 2007

New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1,10.2, 11.0, and -current to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database.

http://www.linuxsecurity.com/content/view/128222



+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: Linux kernel (SUSE-SA:2007:030)
  10th, May, 2007

This kernel update is for SUSE Linux 9.3 which fixes the some
security problems. The ftdi_sio driver allowed local users to cause
a denial of service (memory consumption) by writing more data to the
serial port than the hardware can handle, which causes the data to be
queued. This requires this driver to be loaded, which only happens if
such a device is plugged in.

http://www.linuxsecurity.com/content/view/128140


+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  pptpd vulnerability
  14th, May, 2007

A flaw was discovered in the PPTP tunnel server. Remote attackers
could send a specially crafted packet and disrupt established PPTP tunnels,
leading to a denial of service.


http://www.linuxsecurity.com/content/view/128198


* Ubuntu:  Samba vulnerabilities
  15th, May, 2007

Paul Griffith and Andrew Hogue discovered that Samba did not fully
drop root privileges while translating SIDs.  A remote authenticated user
could issue SMB operations during a small window of opportunity and
gain root privileges.

http://www.linuxsecurity.com/content/view/128212

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun May 20 2007 - 23:38:03 PDT