+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 1st 2007 Volume 8, Number 22a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for the Linux kernel PulseAudio, freetype, gforge-plugin-scm, otrs2, php, mutt, selinux, firefox, epiphany, devhelp, yelp, thunderbird, seamonkey, Mplayer, gnome-media, tomcat, jbossas, evolution, quagga, file, and mod_jk. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and Ubuntu. --- Vyatta - Linux-based Router, Firewall & VPN Vyatta software and appliances combine the features, performance and reliability of enterprise-class networking gear with the cost-savings and flexibility of linux-based solutions. Vyatta empowers you to replace overpriced proprietary router, firewall and VPN equipment with commercially supported open-source solutions. Free Vyatta Software & Live Webinars >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28 --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New gforge-plugin-scmcvs packages fix arbitrary shell command execution 24th, May, 2007 Bernhard R. Link discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user. http://www.linuxsecurity.com/content/view/128325 * Debian: New otrs2 packages fix cross-site scripting 28th, May, 2007 It was discovered that the Open Ticket Request System performs insufficient input sanitising for the Subaction parameter, which allows the injection of arbitrary web script code. http://www.linuxsecurity.com/content/view/128349 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 5 Update: php-5.1.6-1.6 24th, May, 2007 This update fixes a number of security issues in PHP. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. http://www.linuxsecurity.com/content/view/128317 * Fedora Core 6 Update: mutt-1.4.2.3-1.fc6 30th, May, 2007 The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. Also, a Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. http://www.linuxsecurity.com/content/view/128378 * Fedora Core 5 Update: mutt-1.4.2.1-8.fc5 30th, May, 2007 The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. http://www.linuxsecurity.com/content/view/128379 * Fedora Core 6 Update: selinux-policy-2.4.6-72.fc6 30th, May, 2007 This Updates Fedora Core 6 SELinux policy. One change is Allow prelink sys_resource, Add transition rule to allow apps to run java in different context. Another is Allow netlable to read etc and work with init terminals and changes the file context to have all of policy at SystemLow. http://www.linuxsecurity.com/content/view/128380 * Fedora Core 6 Update: firefox-1.5.0.12-1.fc6 31st, May, 2007 Updated firefox packages that fix several security bugs are now available Fedora Core 6. This update has been rated as having critical security impact by the Fedora Security Response Team. http://www.linuxsecurity.com/content/view/128388 * Fedora Core 6 Update: epiphany-2.16.3-5.fc6 31st, May, 2007 Updated firefox packages that fix several security bugs are now available Fedora Core 6. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. http://www.linuxsecurity.com/content/view/128389 * Fedora Core 6 Update: devhelp-0.12-11.fc6 31st, May, 2007 Updated firefox packages that fix several security bugs are now available Fedora Core 6. This update has been rated as having critical security impact by the Fedora Security Response Team. http://www.linuxsecurity.com/content/view/128390 * Fedora Core 6 Update: yelp-2.16.0-13.fc6 31st, May, 2007 Updated firefox packages that fix several security bugs are now available Fedora Core 6. This update has been rated as having critical security impact by the Fedora Security Response Team. http://www.linuxsecurity.com/content/view/128391 * Fedora Core 6 Update: thunderbird-1.5.0.12-1.fc6 31st, May, 2007 Updated thunderbird packages that fix several security bugs are now available for Fedora Core. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. http://www.linuxsecurity.com/content/view/128392 * Fedora Core 5 Update: thunderbird-1.5.0.12-1.fc5 31st, May, 2007 Updated thunderbird packages that fix several security bugs are now available for Fedora Core. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. http://www.linuxsecurity.com/content/view/128393 * Fedora Core 5 Update: seamonkey-1.0.9-1.fc5 31st, May, 2007 Updated seamonkey packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. http://www.linuxsecurity.com/content/view/128394 * Fedora Core 5 Update: devhelp-0.11-7.fc5 31st, May, 2007 Updated seamonkey packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. http://www.linuxsecurity.com/content/view/128395 * Fedora Core 5 Update: yelp-2.14.3-5.fc5 31st, May, 2007 Updated seamonkey packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. http://www.linuxsecurity.com/content/view/128396 * Fedora Core 5 Update: epiphany-2.14.3-6.fc5 31st, May, 2007 Updated seamonkey packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. http://www.linuxsecurity.com/content/view/128397 * Fedora Core 5 Update: firefox-1.5.0.12-1.fc5 31st, May, 2007 Updated firefox packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. http://www.linuxsecurity.com/content/view/128398 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: PHP Multiple vulnerabilities 26th, May, 2007 PHP contains several vulnerabilities including buffer and integer overflows which could under certain conditions lead to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/128345 * Gentoo: Blackdown Java Applet privilege escalation 26th, May, 2007 The Blackdown JDK and the Blackdown JRE suffer from the multiple unspecified vulnerabilities that already affected the Sun JDK and JRE. Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. http://www.linuxsecurity.com/content/view/128346 * Gentoo: MPlayer Two buffer overflows 30th, May, 2007 Two vulnerabilities have been discovered in MPlayer, each one could lead to the execution of arbitrary code.A buffer overflow has been reported in the DMO_VideoDecoder_Open() function in file loader/dmo/DMO_VideoDecoder.c. Another buffer overflow has been reported in the DS_VideoDecoder_Open() function in file loader/dshow/DS_VideoDecoder.c. http://www.linuxsecurity.com/content/view/128368 * Gentoo: FreeType Buffer overflow 30th, May, 2007 Victor Stinner discovered a heap-based buffer overflow in the function Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with a negative n_points attribute. A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. http://www.linuxsecurity.com/content/view/128369 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated samba packages fix multiple 24th, May, 2007 A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. http://www.linuxsecurity.com/content/view/128313 * Mandriva: Updated gnome-media packages fix bug 24th, May, 2007 A window modality bug was preventing audio profile editing from Sound-juicer or Rhythmbox applications. This bug is fixed with the updated gnome-media package. http://www.linuxsecurity.com/content/view/128330 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: tomcat security update 24th, May, 2007 Updated tomcat packages that fix multiple security issues and a bug are now available for Red Hat Developer Suite 3. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. http://www.linuxsecurity.com/content/view/128320 * RedHat: Important: jbossas security update 24th, May, 2007 Updated jbossas packages that fix multiple security issues in tomcat are now available for Red Hat Application Stack. This update has been rated as having Important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128327 * RedHat: Moderate: evolution-data-server security update 30th, May, 2007 Updated evolution-data-server package that fixes a security bug are now available for Red Hat Enterprise Linux 5.A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128360 * RedHat: Important: mod_jk security update 30th, May, 2007 Updated mod_jk packages that fix a security issue are now available for Red Hat Application Server.If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content. This update has been rated as having Important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128361 * RedHat: Moderate: quagga security update 30th, May, 2007 An updated quagga package that fixes a security bug is now available for Red Hat Enterprise Linux 3, 4 and 5.An out of bounds memory read flaw was discovered in Quagga's bgpd. A configured peer of bgpd could cause Quagga to crash, leading to a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128362 * RedHat: Moderate: file security update 30th, May, 2007 An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5.The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128363 * RedHat: Important: mod_jk security update 30th, May, 2007 Updated mod_jk packages that fix a security issue are now available for Red Hat Application Stack v1.1. If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content. This update has been rated as having Important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128367 * RedHat: Critical: firefox security update 30th, May, 2007 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128383 * RedHat: Critical: thunderbird security update 30th, May, 2007 Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128384 * RedHat: Critical: seamonkey security update 30th, May, 2007 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4.Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128385 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: Linux kernel vulnerabilities 24th, May, 2007 Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. http://www.linuxsecurity.com/content/view/128329 * Ubuntu: PulseAudio vulnerability 25th, May, 2007 Luigi Auriemma discovered multiple flaws in pulseaudio's network processing code. If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service. http://www.linuxsecurity.com/content/view/128343 * Ubuntu: freetype vulnerability 30th, May, 2007 Victor Stinner discovered that freetype did not correctly verify the number of points in a TrueType font. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/128382 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sun Jun 03 2007 - 23:31:04 PDT