+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 15th 2007 Volume 8, Number 24a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for openoffice, ipsec-tools, iceape, gimp, freetype, xulrunner, icedove, iceweasel, libexif, mod_perl, spamassassin, Thunderbird, Firefox, freetype2, gd, tetex, fetchmail, shadow-utils, pam, gcc, iscsi-initiator-utils, kernel, file, libpng, and xscreensaver. The distributors include Debian, Mandriva, Red Hat, Slackware, and Ubuntu. --- Vyatta - Linux-based Router, Firewall & VPN Vyatta software and appliances combine the features, performance and reliability of enterprise-class networking gear with the cost-savings and flexibility of linux-based solutions. Vyatta empowers you to replace overpriced proprietary router, firewall and VPN equipment with commercially supported open-source solutions. Free Vyatta Software & Live Webinars > > http://www.linuxsecurity.com/ads/adclick.php?bannerid=28 --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- Review: Practical Packet Analysis In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work. http://www.linuxsecurity.com/content/view/128459/171/ --- Robert Slade Review: "Information Security and Employee Behaviour" The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/128404/171/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New OpenOffice.org packages fix arbitrary code execution 12th, June, 2007 John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. http://www.linuxsecurity.com/content/view/128510 * Debian: New ipsec-tools packages fix denial of service 7th, June, 2007 It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. We recommend that you upgrade your racoon package. http://www.linuxsecurity.com/content/view/128465 * Debian: New iceape packages fix several vulnerabilities 7th, June, 2007 Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problem and others. http://www.linuxsecurity.com/content/view/128467 * Debian: New Gimp packages fix arbitrary code execution 9th, June, 2007 A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file. http://www.linuxsecurity.com/content/view/128474 * Debian: New lighttpd packages fix denial of service 10th, June, 2007 Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service. The Common Vulnerabilities and Exposures project identifies problems. One is a remote attackers could cause denial of service by disconnecting partway through making a request. http://www.linuxsecurity.com/content/view/128476 * Debian: New freetype packages fix integer overflow 10th, June, 2007 A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files. http://www.linuxsecurity.com/content/view/128477 * Debian: New xulrunner packages fix several vulnerabilities 12th, June, 2007 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the some problems. http://www.linuxsecurity.com/content/view/128509 * Debian: New icedove packages fix several vulnerabilities 13th, June, 2007 Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. http://www.linuxsecurity.com/content/view/128520 * Debian: New iceweasel packages fix several vulnerabilities 14th, June, 2007 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identified the problems. http://www.linuxsecurity.com/content/view/128538 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 6 Update: libexif-0.6.15-1.fc6 11th, June, 2007 This update to the latest upstream release fixes a number of bugs, among them a possible integer overflow in the exif_data_load_data_entry function (CVE-2007-2645), which allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. http://www.linuxsecurity.com/content/view/128492 * Fedora Core 5 Update: mod_perl-2.0.2-5.2.fc5 11th, June, 2007 This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service. (CVE-2007-1349) http://www.linuxsecurity.com/content/view/128494 * Fedora Core 6 Update: mod_perl-2.0.2-6.2.fc6 11th, June, 2007 This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service. (CVE-2007-1349) http://www.linuxsecurity.com/content/view/128495 * Fedora Core 6 Update: spamassassin-3.1.9-1.fc6 13th, June, 2007 Local symlink vulnerability. Fedora is not vulnerable in any default or common configurations. Read upstream's announcement for details. http://www.linuxsecurity.com/content/view/128521 * Fedora Core 5 Update: spamassassin-3.1.9-1.fc5.1 13th, June, 2007 Local symlink vulnerability. Fedora is not vulnerable in any default or common configurations. Read upstream's announcement for details http://www.linuxsecurity.com/content/view/128522 * Fedora Core 6 Update: openoffice.org-2.0.4-5.5.23 13th, June, 2007 A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. http://www.linuxsecurity.com/content/view/128523 * Fedora Core 5 Update: 13th, June, 2007 This update to iscsi-initiator-utils is a rebase to the upstream open-iscsi-2.0-865 release. This release includes two security fixes which are described here https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 bug fixes and new features. http://www.linuxsecurity.com/content/view/128526 * Fedora Core 6 Update: 13th, June, 2007 This update to iscsi-initiator-utils is a rebase to the upstream open-iscsi-2.0-865 release. This release includes two security fixes, which are described here: http://www.linuxsecurity.com/content/view/128527 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated libexif packages fix crash and possible 8th, June, 2007 Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/128472 * Mandriva: Updated Thunderbird packages fix multiple 12th, June, 2007 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.12. This update provides the latest Thunderbird to correct these issues. http://www.linuxsecurity.com/content/view/128511 * Mandriva: Updated Firefox packages fix multiple 12th, June, 2007 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.12. This update provides the latest Firefox to correct these issues. http://www.linuxsecurity.com/content/view/128512 * Mandriva: Updated freetype2 packages fix integer overflow 13th, June, 2007 An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program. http://www.linuxsecurity.com/content/view/128530 * Mandriva: Updated gd packages fix vulnerability 13th, June, 2007 A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. http://www.linuxsecurity.com/content/view/128531 * Mandriva: Updated libwmf packages fix vulnerability 13th, June, 2007 A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. http://www.linuxsecurity.com/content/view/128532 * Mandriva: Updated tetex packages fix vulnerability 13th, June, 2007 A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue. The updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/128533 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: fetchmail security update 7th, June, 2007 An updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128462 * RedHat: Moderate: freetype security update 11th, June, 2007 Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128479 * RedHat: Low: shadow-utils security and bug fix update 11th, June, 2007 An updated shadow-utils package that fixes a security issue and several bugs is now available.A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. http://www.linuxsecurity.com/content/view/128482 * RedHat: Moderate: pam security and bug fix update 11th, June, 2007 Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128484 * RedHat: Low: gdb security and bug fix update 11th, June, 2007 An updated gdb package that fixes a security issue and various bugs is now available.Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. http://www.linuxsecurity.com/content/view/128485 * RedHat: Moderate: gcc security and bug fix update 11th, June, 2007 Updated gcc packages that fix a security issue and another bug are now available.Jrgen Weigert discovered a directory traversal flaw in fastjar. An attacker could create a malicious JAR file which, if unpacked using fastjar, could write to any files the victim had write access to. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128486 * RedHat: Important: openoffice.org security update 13th, June, 2007 Updated openoffice.org packages to correct a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128517 * RedHat: Moderate: spamassassin security update 13th, June, 2007 Updated spamassassin packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5.Martin Krafft discovered a symlink issue in SpamAssassin that affects certain non-default configurations. A local user could use this flaw to create or overwrite files writable by the spamd process. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128518 * RedHat: Important: kdebase security update 13th, June, 2007 Updated kdebase packages that resolve an interaction security issue with Adobe Flash Player are now available.A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128519 * RedHat: Low: mod_perl security update 14th, June, 2007 Updated mod_perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, 5. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. http://www.linuxsecurity.com/content/view/128535 * RedHat: Moderate: iscsi-initiator-utils security update 14th, June, 2007 Updated iscsi-initiator-utils packages that fix a security flaw in open-iscsi are now available for Red Hat Enterprise Linux 5. Olaf Kirch discovered two flaws in open-iscsi. A local attacker could use these flaws to cause the server daemon to stop responding, leading to a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128536 * RedHat: Important: kernel security and bug fix update 14th, June, 2007 Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128537 * RedHat: Moderate: libexif integer overflow 14th, June, 2007 Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128539 +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ * Slackware: libexif 14th, June, 2007 New libexif packages are available for Slackware 10.2, 11.0, and -current to fix a crash and potential security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://www.linuxsecurity.com/content/view/128534 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: Linux kernel vulnerabilities 8th, June, 2007 USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. http://www.linuxsecurity.com/content/view/128473 * Ubuntu: file vulnerability 11th, June, 2007 USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution. http://www.linuxsecurity.com/content/view/128503 * Ubuntu: libexif vulnerability 11th, June, 2007 Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service. http://www.linuxsecurity.com/content/view/128504 * Ubuntu: libpng vulnerability 11th, June, 2007 It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service. http://www.linuxsecurity.com/content/view/128505 * Ubuntu: libgd2 vulnerabilities 11th, June, 2007 A buffer overflow was discovered in libgd2's font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. http://www.linuxsecurity.com/content/view/128506 * Ubuntu: xscreensaver vulnerability 12th, June, 2007 It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS. A local attacker could bypass a locked screen if they were able to interrupt network connectivity. http://www.linuxsecurity.com/content/view/128513 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sun Jun 17 2007 - 23:15:54 PDT