[ISN] Linux Advisory Watch - June 1st 2007

From: InfoSec News (alerts@private)
Date: Sun Jun 03 2007 - 23:22:43 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  June 1st 2007                                 Volume 8, Number 22a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for the Linux kernel PulseAudio,
freetype, gforge-plugin-scm, otrs2, php, mutt, selinux, firefox,
epiphany, devhelp, yelp, thunderbird, seamonkey, Mplayer,
gnome-media, tomcat, jbossas, evolution, quagga, file, and
mod_jk.  The distributors include Debian, Fedora, Gentoo,
Mandriva, Red Hat, and Ubuntu.

---

Vyatta - Linux-based Router, Firewall & VPN

Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.

    Free Vyatta Software & Live Webinars
 >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.

http://www.linuxsecurity.com/content/view/125052/171/

---


Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New gforge-plugin-scmcvs packages fix arbitrary shell
  command execution
  24th, May, 2007

Bernhard R. Link discovered that the CVS browsing interface of
Gforge, a collaborative development tool, performs insufficient
escaping of URLs, which allows the execution of arbitrary shell
commands with the privileges of the www-data user.

http://www.linuxsecurity.com/content/view/128325


* Debian: New otrs2 packages fix cross-site scripting
  28th, May, 2007

It was discovered that the Open Ticket Request System performs
insufficient input sanitising for the Subaction parameter, which
allows the injection of arbitrary web script code.

http://www.linuxsecurity.com/content/view/128349


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 5 Update: php-5.1.6-1.6
  24th, May, 2007

This update fixes a number of security issues in PHP.
A heap buffer overflow flaw was found in the PHP 'xmlrpc'
extension. A PHP script which implements an XML-RPC server
using this extension could allow a remote attacker to
execute arbitrary code as the 'apache' user.

http://www.linuxsecurity.com/content/view/128317


* Fedora Core 6 Update: mutt-1.4.2.3-1.fc6
  30th, May, 2007

The APOP protocol allows remote attackers to guess the first 3
characters of a password via man-in-the-middle (MITM) attacks that
use crafted message IDs and MD5 collisions. Also, a Buffer overflow
in Mutt 1.4.2 might allow local users to execute arbitrary code via
"&" characters in the GECOS field, which triggers the overflow during
alias expansion.

http://www.linuxsecurity.com/content/view/128378


* Fedora Core 5 Update: mutt-1.4.2.1-8.fc5
  30th, May, 2007

The APOP protocol allows remote attackers to guess the first 3
characters of a password via man-in-the-middle (MITM) attacks that
use crafted message IDs and MD5 collisions. Buffer overflow in Mutt
1.4.2 might allow local users to execute arbitrary code via "&"
characters in the GECOS field, which triggers the overflow during
alias expansion.

http://www.linuxsecurity.com/content/view/128379


* Fedora Core 6 Update: selinux-policy-2.4.6-72.fc6
  30th, May, 2007

This Updates Fedora Core 6 SELinux policy. One change is Allow
prelink sys_resource,  Add transition rule to allow apps to run java
in different context. Another is Allow netlable to read etc and work
with init terminals and changes the file context to have all of
policy at SystemLow.

http://www.linuxsecurity.com/content/view/128380


* Fedora Core 6 Update: firefox-1.5.0.12-1.fc6
  31st, May, 2007

Updated firefox packages that fix several security bugs are
now available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.
http://www.linuxsecurity.com/content/view/128388


* Fedora Core 6 Update: epiphany-2.16.3-5.fc6
  31st, May, 2007

Updated firefox packages that fix several security bugs are now
available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser. Several flaws were
found in the way Firefox processed certain malformed JavaScript code.
A web page containing malicious JavaScript code could cause Firefox
to crash or potentially execute arbitrary code as the user running
Firefox.

http://www.linuxsecurity.com/content/view/128389


* Fedora Core 6 Update: devhelp-0.12-11.fc6
  31st, May, 2007

Updated firefox packages that fix several security bugs are
now available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.

http://www.linuxsecurity.com/content/view/128390


* Fedora Core 6 Update: yelp-2.16.0-13.fc6
  31st, May, 2007

Updated firefox packages that fix several security bugs are
now available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.

http://www.linuxsecurity.com/content/view/128391


* Fedora Core 6 Update: thunderbird-1.5.0.12-1.fc6
  31st, May, 2007

Updated thunderbird packages that fix several security bugs
are now available for Fedora Core. This update has been rated as
having critical security impact by the Fedora Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain
malformed JavaScript code. A web page containing
malicious JavaScript code could cause Thunderbird to crash or
potentially execute arbitrary code as the user running Thunderbird.

http://www.linuxsecurity.com/content/view/128392


* Fedora Core 5 Update: thunderbird-1.5.0.12-1.fc5
  31st, May, 2007

Updated thunderbird packages that fix several security bugs are now
available for Fedora Core. This update has been rated as having
critical security impact by the Fedora Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain
malformed JavaScript code. A web page containing malicious JavaScript
code could cause Thunderbird to crash or potentially execute
arbitrary code as the user running Thunderbird.

http://www.linuxsecurity.com/content/view/128393


* Fedora Core 5 Update: seamonkey-1.0.9-1.fc5
  31st, May, 2007

Updated seamonkey packages that fix several security bugs
are now available for Fedora Core 5. This update has been rated as
having critical security impact by the Fedora Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

http://www.linuxsecurity.com/content/view/128394


* Fedora Core 5 Update: devhelp-0.11-7.fc5
  31st, May, 2007

Updated seamonkey packages that fix several security bugs are now
available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor. Several flaws were found in
the way SeaMonkey processed certain malformed JavaScript code. A web
page containing malicious JavaScript code could cause SeaMonkey to
crash or potentially execute arbitrary code as the user running
SeaMonkey.

http://www.linuxsecurity.com/content/view/128395


* Fedora Core 5 Update: yelp-2.14.3-5.fc5
  31st, May, 2007

Updated seamonkey packages that fix several security bugs are now
available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor. Several flaws were found in
the way SeaMonkey processed certain malformed JavaScript code. A web
page containing malicious JavaScript code could cause SeaMonkey to
crash or potentially execute arbitrary code as the user running
SeaMonkey.

http://www.linuxsecurity.com/content/view/128396


* Fedora Core 5 Update: epiphany-2.14.3-6.fc5
  31st, May, 2007

Updated seamonkey packages that fix several security bugs are now
available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team. SeaMonkey
is an open source Web browser, advanced email and newsgroup client, IRC chat
client, and HTML editor. Several flaws were found in the way SeaMonkey
processed certain malformed JavaScript code. A web page containing malicious
JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary
code as the user running SeaMonkey.

http://www.linuxsecurity.com/content/view/128397


* Fedora Core 5 Update: firefox-1.5.0.12-1.fc5
  31st, May, 2007

Updated firefox packages that fix several security bugs are
now available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser. Several flaws were
found in the way Firefox processed
certain malformed JavaScript code. A web page containing malicious
JavaScript code could cause Firefox to crash or potentially execute
arbitrary code as the user running Firefox.

http://www.linuxsecurity.com/content/view/128398


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: PHP Multiple vulnerabilities
  26th, May, 2007

PHP contains several vulnerabilities including buffer and integer
overflows which could under certain conditions lead to the remote
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/128345


* Gentoo: Blackdown Java Applet privilege escalation
  26th, May, 2007

The Blackdown JDK and the Blackdown JRE suffer from the multiple
unspecified vulnerabilities that already affected the Sun JDK and
JRE. Chris Evans has discovered multiple buffer overflows in the Sun
JDK and the Sun JRE possibly related to various AWT and font layout
functions.

http://www.linuxsecurity.com/content/view/128346


* Gentoo: MPlayer Two buffer overflows
  30th, May, 2007

Two vulnerabilities have been discovered in MPlayer, each one could
lead to the execution of arbitrary code.A buffer overflow has been
reported in the DMO_VideoDecoder_Open() function in file
loader/dmo/DMO_VideoDecoder.c. Another buffer overflow has been
reported in the DS_VideoDecoder_Open() function in file
loader/dshow/DS_VideoDecoder.c.

http://www.linuxsecurity.com/content/view/128368


* Gentoo: FreeType Buffer overflow
  30th, May, 2007

Victor Stinner discovered a heap-based buffer overflow in the
function Get_VMetrics() in src/truetype/ttgload.c when processing TTF
files with a negative n_points attribute. A remote attacker could entice
a user to open a specially crafted TTF file, possibly resulting in the
execution of arbitrary code with the privileges of the user running
FreeType.

http://www.linuxsecurity.com/content/view/128369



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated samba packages fix multiple
  24th, May, 2007

A number of bugs were discovered in the NDR parsing support in Samba
that is used to decode MS-RPC requests.  A remote attacker could
send a carefully crafted request that would cause a heap overflow,
possibly leading to the ability to execute arbitrary code on the
server.

http://www.linuxsecurity.com/content/view/128313


* Mandriva: Updated gnome-media packages fix bug
  24th, May, 2007

A window modality bug was preventing audio profile editing from 
Sound-juicer or Rhythmbox applications.  This bug is fixed with the 
updated gnome-media package.

http://www.linuxsecurity.com/content/view/128330



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: tomcat security update
  24th, May, 2007

Updated tomcat packages that fix multiple security issues and a bug
are now available for Red Hat Developer Suite 3. Tomcat was found to
accept multiple content-length headers in a request. This could allow
attackers to poison a web-cache, bypass web application firewall
protection, or conduct cross-site scripting attacks.


http://www.linuxsecurity.com/content/view/128320


* RedHat: Important: jbossas security update
  24th, May, 2007

Updated jbossas packages that fix multiple security issues in tomcat
are now available for Red Hat Application Stack. This update has been rated
as having Important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128327


* RedHat: Moderate: evolution-data-server security update
  30th, May, 2007

Updated evolution-data-server package that fixes a security bug are
now available for Red Hat Enterprise Linux 5.A flaw was found in the way
evolution-data-server processed certain APOP authentication requests.
By sending certain responses when evolution-data-server attempted to
authenticate against an APOP server, a remote attacker could
potentially acquire certain portions of a user's authentication
credentials. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128360


* RedHat: Important: mod_jk security update
  30th, May, 2007

Updated mod_jk packages that fix a security issue are now available
for Red Hat Application Server.If Tomcat was used behind mod_jk and
configured to only proxy some contexts, an attacker could construct a
carefully crafted HTTP request to work around the context restriction and
potentially access non-proxied content. This update has been rated as having
Important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128361


* RedHat: Moderate: quagga security update
  30th, May, 2007

An updated quagga package that fixes a security bug is now available for 
Red Hat Enterprise Linux 3, 4 and 5.An out of bounds memory read flaw 
was discovered in Quagga's bgpd.  A configured peer of bgpd could cause 
Quagga to crash, leading to a denial of service. This update has been 
rated as having moderate security impact by the Red Hat Security 
Response Team.

http://www.linuxsecurity.com/content/view/128362


* RedHat: Moderate: file security update
  30th, May, 2007

An updated file package that fixes a security flaw is now available
for Red Hat Enterprise Linux 4 and 5.The fix for CVE-2007-1536 introduced
a new integer underflow flaw in the file utility. An attacker could
create a carefully crafted file which, if examined by a victim using
the file utility, could lead to arbitrary code execution. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.

http://www.linuxsecurity.com/content/view/128363


* RedHat: Important: mod_jk security update
  30th, May, 2007

Updated mod_jk packages that fix a security issue are now available
for Red Hat Application Stack v1.1. If Tomcat was used behind mod_jk and
configured to only proxy some contexts, an attacker could construct a carefully
crafted HTTP request to work around the context restriction and potentially
access non-proxied content. This update has been rated as having Important
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128367


* RedHat: Critical: firefox security update
  30th, May, 2007

Updated firefox packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4 and 5. Several flaws were found
in the way Firefox processed certain malformed JavaScript code. A web page
containing malicious JavaScript code could cause Firefox to crash or
potentially execute arbitrary code as the user running Firefox. This
update has been rated as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128383


* RedHat: Critical: thunderbird security update
  30th, May, 2007

Updated thunderbird packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4 and 5.Several flaws were
found in the way Thunderbird processed certain malformed JavaScript
code. A web page containing malicious JavaScript code could cause
Thunderbird to crash or potentially execute arbitrary code as the
user running Thunderbird. This update has been rated as having
critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128384


* RedHat: Critical: seamonkey security update
  30th, May, 2007

Updated seamonkey packages that fix several security bugs are now 
available for Red Hat Enterprise Linux 2.1, 3, and 4.Several flaws were 
found in the way SeaMonkey processed certain malformed JavaScript code. 
A web page containing malicious JavaScript code could cause SeaMonkey to 
crash or potentially execute arbitrary code as the user running 
SeaMonkey. This update has been rated as having critical security impact 
by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128385


+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  Linux kernel vulnerabilities
  24th, May, 2007

Philipp Richter discovered that the AppleTalk protocol handler did
not sufficiently verify the length of packets. By sending a crafted
AppleTalk packet, a remote attacker could exploit this to crash the
kernel.

http://www.linuxsecurity.com/content/view/128329


* Ubuntu:  PulseAudio vulnerability
  25th, May, 2007

Luigi Auriemma discovered multiple flaws in pulseaudio's network
processing code.  If an unauthenticated attacker sent specially
crafted requests to the pulseaudio daemon, it would crash, resulting
in a denial of service.

http://www.linuxsecurity.com/content/view/128343


* Ubuntu:  freetype vulnerability
  30th, May, 2007

Victor Stinner discovered that freetype did not correctly verify the
number of points in a TrueType font.  If a user were tricked into
using a specially crafted font, a remote attacker could execute arbitrary
code with user privileges.

http://www.linuxsecurity.com/content/view/128382


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jun 03 2007 - 23:31:04 PDT