+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 8th 2007 Volume 8, Number 23a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for samba, ipsec-tools, libexif, evolution, elinks, php-pear, util-linux, mutt, mplayer, clamav, file, libpng, lha, fetchmail, asterisk, and Thunderbird. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu. --- Vyatta - Linux-based Router, Firewall & VPN Vyatta software and appliances combine the features, performance and reliability of enterprise-class networking gear with the cost-savings and flexibility of linux-based solutions. Vyatta empowers you to replace overpriced proprietary router, firewall and VPN equipment with commercially supported open-source solutions. Free Vyatta Software & Live Webinars >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28 --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- Review: Practical Packet Analysis In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work. http://www.linuxsecurity.com/content/view/128459/171/ --- Robert Slade Review: "Information Security and Employee Behaviour" The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/128404/171/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New samba packages fix regression 4th, June, 2007 A security vulnerability in the samba packages was found. The security update for CVE-2007-2446 introduced a regression, which broke connection to domain member servers in some scenarios. This update fixes this regression. http://www.linuxsecurity.com/content/view/128425 * Debian: New ipsec-tools packages fix denial of service 7th, June, 2007 It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. We recommend that you upgrade your racoon package. http://www.linuxsecurity.com/content/view/128465 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 5 Update: samba-3.0.24-7.fc5 6th, June, 2007 Bugfixes against the recent security updates for Fedora Core 5 samba-3.0.24-7.fc5 package. Also this update fixes a samba denial of service vulnerability. http://www.linuxsecurity.com/content/view/128458 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: libexif Integer overflow vulnerability 5th, June, 2007 libexif fails to handle Exif (EXchangeable Image File) data inputs, making it vulnerable to an integer overflow. An attacker could entice a user to process a file with specially crafted Exif extensions with an application making use of libexif, which will trigger the integer overflow and potentially execute arbitrary code or crash the application. http://www.linuxsecurity.com/content/view/128438 * Gentoo: Evolution User-assisted execution of arbitrary code 6th, June, 2007 A vulnerability has been discovered in Evolution allowing for the execution of arbitrary code. A remote attacker could entice a user to open a specially crafted shared memo, possibly resulting in the execution of arbitrary code with the privileges of the user running Evolution. http://www.linuxsecurity.com/content/view/128460 * Gentoo: ELinks User-assisted execution of arbitrary code 6th, June, 2007 A vulnerability has been discovered in ELinks allowing for the user-assisted execution of arbitrary code.A local attacker could entice a user to run ELinks in a specially crafted directory environment containing a malicious ".po" file, possibly resulting in the execution of arbitrary code with the privileges of the user running ELinks. http://www.linuxsecurity.com/content/view/128461 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated php-pear packages fix directory traversal 4th, June, 2007 A security hole was discovered in all versions of the PEAR Installer (http://pear.php.net/PEAR). The security hole is the most serious hole found to date in the PEAR Installer, and would allow a malicious package to install files anywhere in the filesystem. The vulnerability only affects users who are installing an intentionally created package with a malicious intent. http://www.linuxsecurity.com/content/view/128428 * Mandriva: Updated util-linux packages address login access 4th, June, 2007 Th login in util-linux-2.12a (and later versions) skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/128429 * Mandriva: Updated mutt packages fix vulnerabilities 4th, June, 2007 A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials (CVE-2007-1558). http://www.linuxsecurity.com/content/view/128431 * Mandriva: Updated mplayer packages fix buffer overflow 4th, June, 2007 Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/128432 * Mandriva: Updated clamav packages fix vulnerabilities 4th, June, 2007 A vulnerability in the OLE2 parser in ClamAV was found that could allow a remote attacker to cause a denial of service via resource consumption with a carefully crafted OLE2 file. Other vulnerabilities and bugs have also been corrected in 0.90.3 which is being provided with this update. http://www.linuxsecurity.com/content/view/128433 * Mandriva: Updated file packages fix vulnerabilities 5th, June, 2007 The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an atacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/128439 * Mandriva: Updated libpng packages fix vulnerability 5th, June, 2007 A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/128440 * Mandriva: Updated lha packages fix unsafe temporary files 6th, June, 2007 lharc.c in the lha package does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/128442 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: mutt security update 4th, June, 2007 An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5.A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128423 * RedHat: Moderate: fetchmail security update 7th, June, 2007 An updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128462 +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ * Slackware: firefox-seamonkey-thunderbird 2nd, June, 2007 New mozilla-firefox and seamonkey packages are available for Slackware 10.2, 11.0, and -current to fix security issues. New thunderbird packages are are available for Slackware 10.2 and 11.0 to fix security issues. More details about this issue may be found at these links: http://www.linuxsecurity.com/content/view/128416 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: clamav 0.90.3 (SUSE-SA:2007:033) 6th, June, 2007 The anti-virus scan engine ClamAV was upgraded to version 0.90.3 to fix several security bugs. One is a heap corruption causing denial-of-service with corrupted rar archive. http://www.linuxsecurity.com/content/view/128445 * SuSE: asterisk (SUSE-SA:2007:034) 6th, June, 2007 The Open Source PBX software Asterisk was updated to fix several security related bugs that allowed attackers to remotely crash asterisk or cause information leaks.Asterisk allowed remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. http://www.linuxsecurity.com/content/view/128447 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: Firefox vulnerabilities 1st, June, 2007 Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/128414 * Ubuntu: Thunderbird vulnerabilities 6th, June, 2007 Ga'tan Leurent showed a weakness in APOP authentication. An attacker posing as a trusted server could recover portions of the user's password via multiple authentication attempts. (CVE-2007-1558) Various flaws were discovered in the layout and JavaScript engines. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2007-2867, CVE-2007-2868) http://www.linuxsecurity.com/content/view/128441 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 11 2007 - 00:17:54 PDT