+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| June 8th 2007 Volume 8, Number 23a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for samba, ipsec-tools, libexif,
evolution, elinks, php-pear, util-linux, mutt, mplayer, clamav,
file, libpng, lha, fetchmail, asterisk, and Thunderbird. The
distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat,
Slackware, SuSE, and Ubuntu.
---
Vyatta - Linux-based Router, Firewall & VPN
Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.
Free Vyatta Software & Live Webinars
>> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28
---
* EnGarde Secure Linux v3.0.13 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13
---
Review: Practical Packet Analysis
In the introduction, McIlwraith points out that security awareness
training properly consists of communication, raising of issues, and
encouragement to modify behaviour. (This will come as no surprise
to those who recall the definition of training as the modification
of attitudes and behaviour.) He also notes that security professionals
frequently concentrate solely on presentation of problems. The
remainder of the introduction looks at other major security
activities, and the part that awareness plays in ensuring that
they actually work.
http://www.linuxsecurity.com/content/view/128459/171/
---
Robert Slade Review: "Information Security and Employee Behaviour"
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/128404/171/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New samba packages fix regression
4th, June, 2007
A security vulnerability in the samba packages was found. The
security update for CVE-2007-2446 introduced a regression, which
broke connection to domain member servers in some scenarios. This
update fixes this regression.
http://www.linuxsecurity.com/content/view/128425
* Debian: New ipsec-tools packages fix denial of service
7th, June, 2007
It was discovered that a specially-crafted packet sent to the racoon
ipsec key exchange server could cause a tunnel to crash, resulting in
a denial of service. We recommend that you upgrade your racoon
package.
http://www.linuxsecurity.com/content/view/128465
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 5 Update: samba-3.0.24-7.fc5
6th, June, 2007
Bugfixes against the recent security updates for Fedora Core 5
samba-3.0.24-7.fc5 package. Also this update fixes a samba denial of
service vulnerability.
http://www.linuxsecurity.com/content/view/128458
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: libexif Integer overflow vulnerability
5th, June, 2007
libexif fails to handle Exif (EXchangeable Image File) data inputs,
making it vulnerable to an integer overflow. An attacker could entice
a user to process a file with specially crafted Exif extensions with
an application making use of libexif, which will trigger the integer
overflow and potentially execute
arbitrary code or crash the application.
http://www.linuxsecurity.com/content/view/128438
* Gentoo: Evolution User-assisted execution of arbitrary code
6th, June, 2007
A vulnerability has been discovered in Evolution allowing for the
execution of arbitrary code. A remote attacker could entice a user to
open a specially crafted shared memo, possibly resulting in the
execution of arbitrary code with the privileges of the user running
Evolution.
http://www.linuxsecurity.com/content/view/128460
* Gentoo: ELinks User-assisted execution of arbitrary code
6th, June, 2007
A vulnerability has been discovered in ELinks allowing for the
user-assisted execution of arbitrary code.A local attacker could
entice a user to run ELinks in a specially crafted directory
environment containing a malicious ".po" file, possibly resulting in
the execution of arbitrary code with the
privileges of the user running ELinks.
http://www.linuxsecurity.com/content/view/128461
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated php-pear packages fix directory traversal
4th, June, 2007
A security hole was discovered in all versions of the PEAR Installer
(http://pear.php.net/PEAR). The security hole is the most serious
hole found to date in the PEAR Installer, and would allow a malicious
package to install files anywhere in the filesystem. The
vulnerability only affects users who are installing an intentionally
created package with a malicious intent.
http://www.linuxsecurity.com/content/view/128428
* Mandriva: Updated util-linux packages address login access
4th, June, 2007
Th login in util-linux-2.12a (and later versions) skips pam_acct_mgmt
and chauth_tok when authentication is skipped, such as when a Kerberos
krlogin session has been established, which might allow users to bypass
intended access policies that would be enforced by pam_acct_mgmt and
chauth_tok. Updated packages have been patched to address this issue.
http://www.linuxsecurity.com/content/view/128429
* Mandriva: Updated mutt packages fix vulnerabilities
4th, June, 2007
A flaw in the way mutt processed certain APOP authentication requests
was discovered. By sending certain responses when mutt attempted to
authenticate again an APOP server, a remote attacker could possibly
obtain certain portions of the user's authentication credentials
(CVE-2007-1558).
http://www.linuxsecurity.com/content/view/128431
* Mandriva: Updated mplayer packages fix buffer overflow
4th, June, 2007
Buffer overflow in the asmrp_eval function for the Real Media input
plugin allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a rulebook with a large number
of rulematches. Updated packages have been patched to correct this
issue.
http://www.linuxsecurity.com/content/view/128432
* Mandriva: Updated clamav packages fix vulnerabilities
4th, June, 2007
A vulnerability in the OLE2 parser in ClamAV was found that could
allow a remote attacker to cause a denial of service via resource
consumption with a carefully crafted OLE2 file. Other vulnerabilities
and bugs have also been corrected in 0.90.3 which is being provided
with this update.
http://www.linuxsecurity.com/content/view/128433
* Mandriva: Updated file packages fix vulnerabilities
5th, June, 2007
The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer
overflow in the file_printf() function, introduced a new integer
overflow as reported by Colin Percival. This flaw, if an atacker
could trick a user into running file on a specially crafted file,
could possibly lead to the execution of arbitrary code with the
privileges of the user running file (CVE-2007-2799). The updated
packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/128439
* Mandriva: Updated libpng packages fix vulnerability
5th, June, 2007
A flaw how libpng handled malformed images was discovered. An
attacker able to create a carefully crafted PNG image could cause an
application linked with libpng to crash when the file was manipulated.
The updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/128440
* Mandriva: Updated lha packages fix unsafe temporary files
6th, June, 2007
lharc.c in the lha package does not securely create temporary files,
which might allow local users to read or write files by creating a file
before LHA is invoked. Updated packages have been patched to prevent this
issue.
http://www.linuxsecurity.com/content/view/128442
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Moderate: mutt security update
4th, June, 2007
An updated mutt package that fixes several security bugs is now
available for Red Hat Enterprise Linux 3, 4 and 5.A flaw was found
in the way Mutt used temporary files on NFS file systems. Due to
an implementation issue in the NFS protocol, Mutt was not able to
exclusively open a new file. A local attacker could conduct a
time-dependent attack and possibly gain access to e-mail attachments
opened by a victim. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128423
* RedHat: Moderate: fetchmail security update
7th, June, 2007
An updated fetchmail package that fixes a security bug is now
available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. Fetchmail
is a remote mail retrieval and forwarding utility intended for use
over on-demand TCP/IP links, like SLIP or PPP connections. This
update has been rated as having moderate security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128462
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
* Slackware: firefox-seamonkey-thunderbird
2nd, June, 2007
New mozilla-firefox and seamonkey packages are available for
Slackware 10.2, 11.0, and -current to fix security issues. New
thunderbird packages are are available for Slackware 10.2 and 11.0
to fix security issues. More details about this issue may be found
at these links:
http://www.linuxsecurity.com/content/view/128416
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: clamav 0.90.3 (SUSE-SA:2007:033)
6th, June, 2007
The anti-virus scan engine ClamAV was upgraded to version 0.90.3 to
fix several security bugs. One is a heap corruption causing
denial-of-service with corrupted rar archive.
http://www.linuxsecurity.com/content/view/128445
* SuSE: asterisk (SUSE-SA:2007:034)
6th, June, 2007
The Open Source PBX software Asterisk was updated
to fix several security related bugs that allowed attackers to
remotely crash asterisk or cause information leaks.Asterisk allowed
remote attackers to cause a denial of service (crash) by sending a Session
Initiation Protocol (SIP) packet without a URI and SIP-version header,
which results in a NULL pointer dereference.
http://www.linuxsecurity.com/content/view/128447
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: Firefox vulnerabilities
1st, June, 2007
Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker
could execute arbitrary code with the user's privileges.
http://www.linuxsecurity.com/content/view/128414
* Ubuntu: Thunderbird vulnerabilities
6th, June, 2007
Ga'tan Leurent showed a weakness in APOP authentication. An attacker
posing as a trusted server could recover portions of the user's
password via multiple authentication attempts. (CVE-2007-1558)
Various flaws were discovered in the layout and JavaScript engines.
Please note that JavaScript is disabled by default for emails, and it
is not recommended to enable it. (CVE-2007-2867, CVE-2007-2868)
http://www.linuxsecurity.com/content/view/128441
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 11 2007 - 00:17:54 PDT