[ISN] Linux Advisory Watch - June 8th 2007

From: InfoSec News (alerts@private)
Date: Mon Jun 11 2007 - 00:02:19 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  June 8th 2007                                 Volume 8, Number 23a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for samba, ipsec-tools, libexif,
evolution, elinks, php-pear, util-linux, mutt, mplayer, clamav,
file, libpng, lha, fetchmail, asterisk, and Thunderbird.  The
distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat,
Slackware, SuSE, and Ubuntu.

---

Vyatta - Linux-based Router, Firewall & VPN

Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.

    Free Vyatta Software & Live Webinars
 >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

Review: Practical Packet Analysis

In the introduction, McIlwraith points out that security awareness
training properly consists of communication, raising of issues, and
encouragement to modify behaviour. (This will come as no surprise
to those who recall the definition of training as the modification
of attitudes and behaviour.) He also notes that security professionals
frequently concentrate solely on presentation of problems. The
remainder of the introduction looks at other major security
activities, and the part that awareness plays in ensuring that
they actually work.

http://www.linuxsecurity.com/content/view/128459/171/

---


Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/128404/171/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New samba packages fix regression
  4th, June, 2007

A security vulnerability in the samba packages was found. The
security update for CVE-2007-2446 introduced a regression, which
broke connection to domain member servers in some scenarios. This
update fixes this regression.

http://www.linuxsecurity.com/content/view/128425


* Debian: New ipsec-tools packages fix denial of service
  7th, June, 2007

It was discovered that a specially-crafted packet sent to the racoon
ipsec key exchange server could cause a tunnel to crash, resulting in
a denial of service. We recommend that you upgrade your racoon
package.

http://www.linuxsecurity.com/content/view/128465


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 5 Update: samba-3.0.24-7.fc5
  6th, June, 2007

Bugfixes against the recent security updates for Fedora Core 5
samba-3.0.24-7.fc5 package. Also this update fixes a samba denial of
service vulnerability.

http://www.linuxsecurity.com/content/view/128458



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: libexif Integer overflow vulnerability
  5th, June, 2007

libexif fails to handle Exif (EXchangeable Image File) data inputs,
making it vulnerable to an integer overflow. An attacker could entice
a user to process a file with specially crafted Exif extensions with
an application making use of libexif, which will trigger the integer
overflow and potentially execute
arbitrary code or crash the application.

http://www.linuxsecurity.com/content/view/128438


* Gentoo: Evolution User-assisted execution of arbitrary code
  6th, June, 2007

A vulnerability has been discovered in Evolution allowing for the
execution of arbitrary code. A remote attacker could entice a user to
open a specially crafted shared memo, possibly resulting in the
execution of arbitrary code with the privileges of the user running
Evolution.

http://www.linuxsecurity.com/content/view/128460


* Gentoo: ELinks User-assisted execution of arbitrary code
  6th, June, 2007

A vulnerability has been discovered in ELinks allowing for the
user-assisted execution of arbitrary code.A local attacker could
entice a user to run ELinks in a specially crafted directory
environment containing a malicious ".po" file, possibly resulting in
the execution of arbitrary code with the
privileges of the user running ELinks.

http://www.linuxsecurity.com/content/view/128461



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated php-pear packages fix directory traversal
  4th, June, 2007

A security hole was discovered in all versions of the PEAR Installer
(http://pear.php.net/PEAR). The security hole is the most serious
hole found to date in the PEAR Installer, and would allow a malicious
package to install files anywhere in the filesystem. The
vulnerability only affects users who are installing an intentionally
created package with a malicious intent.

http://www.linuxsecurity.com/content/view/128428


* Mandriva: Updated util-linux packages address login access
  4th, June, 2007

Th login in util-linux-2.12a (and later versions) skips pam_acct_mgmt 
and chauth_tok when authentication is skipped, such as when a Kerberos 
krlogin session has been established, which might allow users to bypass 
intended access policies that would be enforced by pam_acct_mgmt and 
chauth_tok. Updated packages have been patched to address this issue.

http://www.linuxsecurity.com/content/view/128429


* Mandriva: Updated mutt packages fix vulnerabilities
  4th, June, 2007

A flaw in the way mutt processed certain APOP authentication requests 
was discovered.  By sending certain responses when mutt attempted to 
authenticate again an APOP server, a remote attacker could possibly 
obtain certain portions of the user's authentication credentials 
(CVE-2007-1558).

http://www.linuxsecurity.com/content/view/128431


* Mandriva: Updated mplayer packages fix buffer overflow
  4th, June, 2007

Buffer overflow in the asmrp_eval function for the Real Media input
plugin allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a rulebook with a large number
of rulematches. Updated packages have been patched to correct this
issue.

http://www.linuxsecurity.com/content/view/128432


* Mandriva: Updated clamav packages fix vulnerabilities
  4th, June, 2007

A vulnerability in the OLE2 parser in ClamAV was found that could
allow a remote attacker to cause a denial of service via resource
consumption with a carefully crafted OLE2 file. Other vulnerabilities
and bugs have also been corrected in 0.90.3 which is being provided
with this update.

http://www.linuxsecurity.com/content/view/128433


* Mandriva: Updated file packages fix vulnerabilities
  5th, June, 2007

The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer
overflow in the file_printf() function, introduced a new integer
overflow as reported by Colin Percival.  This flaw, if an atacker
could trick a user into running file on a specially crafted file,
could possibly lead to the execution of arbitrary code with the
privileges of the user running file (CVE-2007-2799). The updated
packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/128439


* Mandriva: Updated libpng packages fix vulnerability
  5th, June, 2007

A flaw how libpng handled malformed images was discovered.  An
attacker able to create a carefully crafted PNG image could cause an
application linked with libpng to crash when the file was manipulated.
The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/128440


* Mandriva: Updated lha packages fix unsafe temporary files
  6th, June, 2007

lharc.c in the lha package does not securely create temporary files,
which might allow local users to read or write files by creating a file
before LHA is invoked. Updated packages have been patched to prevent this
issue.

http://www.linuxsecurity.com/content/view/128442


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: mutt security update
  4th, June, 2007

An updated mutt package that fixes several security bugs is now
available for Red Hat Enterprise Linux 3, 4 and 5.A flaw was found
in the way Mutt used temporary files on NFS file systems. Due to
an implementation issue in the NFS protocol, Mutt was not able to
exclusively open a new file.  A local attacker could conduct a
time-dependent attack and possibly gain access to e-mail attachments
opened by a victim. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128423


* RedHat: Moderate: fetchmail security update
  7th, June, 2007

An updated fetchmail package that fixes a security bug is now
available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. Fetchmail
is a remote mail retrieval and forwarding utility intended for use
over on-demand TCP/IP links, like SLIP or PPP connections. This
update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128462


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

* Slackware:   firefox-seamonkey-thunderbird
  2nd, June, 2007

New mozilla-firefox and seamonkey packages are available for
Slackware 10.2, 11.0, and -current to fix security issues.  New
thunderbird packages are are available for Slackware 10.2 and 11.0
to fix security issues. More details about this issue may be found
at these links:

http://www.linuxsecurity.com/content/view/128416


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: clamav 0.90.3 (SUSE-SA:2007:033)
  6th, June, 2007

The anti-virus scan engine ClamAV was upgraded to version 0.90.3 to
fix several security bugs. One is a heap corruption causing
denial-of-service with corrupted rar archive.

http://www.linuxsecurity.com/content/view/128445


* SuSE: asterisk (SUSE-SA:2007:034)
  6th, June, 2007

The Open Source PBX software Asterisk was updated
to fix several security related bugs that allowed attackers to
remotely crash asterisk or cause information leaks.Asterisk allowed
remote attackers to cause a denial of service (crash) by sending a Session
Initiation Protocol (SIP) packet without a URI and SIP-version header,
which results in a NULL pointer dereference.

http://www.linuxsecurity.com/content/view/128447


+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  Firefox vulnerabilities
  1st, June, 2007

Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker
could execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/128414


* Ubuntu:  Thunderbird vulnerabilities
  6th, June, 2007

Ga'tan Leurent showed a weakness in APOP authentication.  An attacker

posing as a trusted server could recover portions of the user's
password via multiple authentication attempts. (CVE-2007-1558)
Various flaws were discovered in the layout and JavaScript engines.
Please note that JavaScript is disabled by default for emails, and it
is not recommended to enable it. (CVE-2007-2867, CVE-2007-2868)

http://www.linuxsecurity.com/content/view/128441


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jun 11 2007 - 00:17:54 PDT