[ISN] Linux Advisory Watch - June 15th 2007

From: InfoSec News (alerts@private)
Date: Sun Jun 17 2007 - 23:05:35 PDT


+---------------------------------------------------------------------+
| LinuxSecurity.com                               Weekly Newsletter  |
| June 15th 2007                                Volume 8, Number 24a |
+---------------------------------------------------------------------+

Editors:      Dave Wreski                     Benjamin D. Thomas
dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for openoffice, ipsec-tools, iceape,
gimp, freetype, xulrunner, icedove, iceweasel, libexif, mod_perl,
spamassassin, Thunderbird, Firefox, freetype2, gd, tetex, fetchmail,
shadow-utils, pam, gcc, iscsi-initiator-utils, kernel, file,
libpng, and xscreensaver.  The distributors include Debian,
Mandriva, Red Hat, Slackware, and Ubuntu.

---

Vyatta - Linux-based Router, Firewall & VPN

Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.

    Free Vyatta Software & Live Webinars
> > http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

Review: Practical Packet Analysis

In the introduction, McIlwraith points out that security awareness
training properly consists of communication, raising of issues, and
encouragement to modify behaviour. (This will come as no surprise
to those who recall the definition of training as the modification
of attitudes and behaviour.) He also notes that security professionals
frequently concentrate solely on presentation of problems. The
remainder of the introduction looks at other major security
activities, and the part that awareness plays in ensuring that
they actually work.

http://www.linuxsecurity.com/content/view/128459/171/

---


Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/128404/171/

--------

--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
| Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New OpenOffice.org packages fix arbitrary code execution
12th, June, 2007

John Heasman discovered a heap overflow in the routines of
OpenOffice.org that parse RTF files.

http://www.linuxsecurity.com/content/view/128510


* Debian: New ipsec-tools packages fix denial of service
7th, June, 2007

It was discovered that a specially-crafted packet sent to the racoon
ipsec key exchange server could cause a tunnel to crash, resulting in
a denial of service. We recommend that you upgrade your racoon
package.

http://www.linuxsecurity.com/content/view/128465


* Debian: New iceape packages fix several vulnerabilities
7th, June, 2007

Several remote vulnerabilities have been discovered in the Iceape
internet suite, an unbranded version of the Seamonkey Internet Suite.
The Common Vulnerabilities and Exposures project identifies the
following problem and others.

http://www.linuxsecurity.com/content/view/128467


* Debian: New Gimp packages fix arbitrary code execution
9th, June, 2007

A buffer overflow has been identified in Gimp's SUNRAS plugin in
versions prior to 2.2.15.  This bug could allow an attacker to
execute arbitrary code on the victim's computer by inducing the
victim to open a specially crafted RAS file.

http://www.linuxsecurity.com/content/view/128474


* Debian: New lighttpd packages fix denial of service
10th, June, 2007

Two problems were discovered with lighttpd, a fast webserver with 
minimal memory footprint, which could allow denial of service. The 
Common Vulnerabilities and Exposures project identifies problems. One is 
a remote attackers could cause denial of service by disconnecting 
partway through making a request.


http://www.linuxsecurity.com/content/view/128476


* Debian: New freetype packages fix integer overflow
10th, June, 2007

A problem was discovered with freetype, a FreeTyp2 font engine, which
could allow the execution of arbitary code via an integer overflow in
specially crafted TTF files.

http://www.linuxsecurity.com/content/view/128477


* Debian: New xulrunner packages fix several vulnerabilities
12th, June, 2007

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the some problems.

http://www.linuxsecurity.com/content/view/128509


* Debian: New icedove packages fix several vulnerabilities
13th, June, 2007

Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird client.

http://www.linuxsecurity.com/content/view/128520


* Debian: New iceweasel packages fix several vulnerabilities
14th, June, 2007

Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identified the problems.

http://www.linuxsecurity.com/content/view/128538


+---------------------------------+
| Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 6 Update: libexif-0.6.15-1.fc6
11th, June, 2007

This update to the latest upstream release fixes a number of
bugs, among them a possible integer overflow in the
exif_data_load_data_entry function (CVE-2007-2645), which
allows user-assisted remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via
crafted EXIF data.

http://www.linuxsecurity.com/content/view/128492


* Fedora Core 5 Update: mod_perl-2.0.2-5.2.fc5
11th, June, 2007

This update fixes a security issue in mod_perl.
An issue was found in the "namespace_from_uri" method of the
ModPerl::RegistryCooker class. If a server implemented a
mod_perl registry module using this method, a remote
attacker requesting a carefully crafted URI can cause
resource consumption, which could lead to a denial of
service. (CVE-2007-1349)

http://www.linuxsecurity.com/content/view/128494


* Fedora Core 6 Update: mod_perl-2.0.2-6.2.fc6
11th, June, 2007

This update fixes a security issue in mod_perl.
An issue was found in the "namespace_from_uri" method of the
ModPerl::RegistryCooker class. If a server implemented a
mod_perl registry module using this method, a remote
attacker requesting a carefully crafted URI can cause
resource consumption, which could lead to a denial of
service. (CVE-2007-1349)

http://www.linuxsecurity.com/content/view/128495


* Fedora Core 6 Update: spamassassin-3.1.9-1.fc6
13th, June, 2007

Local symlink vulnerability. Fedora is not vulnerable in any
default or common configurations. Read upstream's
announcement for details.

http://www.linuxsecurity.com/content/view/128521


* Fedora Core 5 Update: spamassassin-3.1.9-1.fc5.1
13th, June, 2007

Local symlink vulnerability. Fedora is not vulnerable in any
default or common configurations. Read upstream's
announcement for details

http://www.linuxsecurity.com/content/view/128522


* Fedora Core 6 Update: openoffice.org-2.0.4-5.5.23
13th, June, 2007

A heap overflow flaw was found in the RTF import filer. An
attacker could create a carefully crafted RTF file that
could cause OpenOffice.org to crash or possibly execute
arbitrary code if the file was opened by a victim.
All users of OpenOffice.org are advised to upgrade to these
updated packages, which contain a backported fix to correct
this issue.

http://www.linuxsecurity.com/content/view/128523


* Fedora Core 5 Update:
13th, June, 2007

This update to iscsi-initiator-utils is a rebase to the
upstream open-iscsi-2.0-865 release. This release includes
two security fixes which are described here
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719
bug fixes and new features.

http://www.linuxsecurity.com/content/view/128526


* Fedora Core 6 Update:
13th, June, 2007

This update to iscsi-initiator-utils is a rebase to the
upstream open-iscsi-2.0-865 release. This release includes
two security fixes, which are described here:

http://www.linuxsecurity.com/content/view/128527


+---------------------------------+
| Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated libexif packages fix crash and possible
8th, June, 2007

Integer overflow in the exif_data_load_data_entry function in
exif-data.c in libexif before 0.6.14 allows user-assisted remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via crafted EXIF data. Updated packages have been
patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128472


* Mandriva: Updated Thunderbird packages fix multiple
12th, June, 2007

A number of security vulnerabilities have been discovered and corrected 
in the latest Mozilla Thunderbird program, version 1.5.0.12. This update 
provides the latest Thunderbird to correct these issues.

http://www.linuxsecurity.com/content/view/128511


* Mandriva: Updated Firefox packages fix multiple
12th, June, 2007

A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Firefox program, version 1.5.0.12.
This update provides the latest Firefox to correct these issues.

http://www.linuxsecurity.com/content/view/128512


* Mandriva: Updated freetype2 packages fix integer overflow
13th, June, 2007

An integer overflow vulnerability was discovered in the way the
FreeType font engine processed TTF files.  If a user were to load a
special font file with a program linked against freetype, it could
cause the application to crash or possibly execute arbitrary code as
the user running the program.

http://www.linuxsecurity.com/content/view/128530


* Mandriva: Updated gd packages fix vulnerability
13th, June, 2007

A flaw in libgd2 was found by Xavier Roche where it would not
correctly validate PNG callback results.

http://www.linuxsecurity.com/content/view/128531


* Mandriva: Updated libwmf packages fix vulnerability
13th, June, 2007

A flaw in libgd2 was found by Xavier Roche where it would not
correctly validate PNG callback results. If an application linked
against libgd2 was tricked into processing a specially-crafted
PNG file, it could cause a denial of service scenario via CPU
resource consumption.

http://www.linuxsecurity.com/content/view/128532


* Mandriva: Updated tetex packages fix vulnerability
13th, June, 2007

A flaw in libgd2 was found by Xavier Roche where it would not
correctly validate PNG callback results. If an application linked
against libgd2 was tricked into processing a specially-crafted PNG
file, it could cause a denial of service scenario via CPU resource
consumption. Tetex uses an embedded copy of the gd source and may
also be affected by this issue. The updated packages have been
patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128533



+---------------------------------+
| Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: fetchmail security update
7th, June, 2007

An updated fetchmail package that fixes a security bug is now
available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. Fetchmail
is a remote mail retrieval and forwarding utility intended for use
over on-demand TCP/IP links, like SLIP or PPP connections. This
update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128462


* RedHat: Moderate: freetype security update
11th, June, 2007

Updated freetype packages that fix a security flaw are now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.An integer overflow flaw was
found in the way the FreeType font engine processed TTF font files.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128479


* RedHat: Low: shadow-utils security and bug fix update
11th, June, 2007

An updated shadow-utils package that fixes a security issue and
several bugs is now available.A flaw was found in the useradd tool in
shadow-utils. A new user's mailbox, when created, could have random
permissions for a short period.

http://www.linuxsecurity.com/content/view/128482


* RedHat: Moderate: pam security and bug fix update
11th, June, 2007

Updated pam packages that resolves several bugs and security flaws are now
available for Red Hat Enterprise Linux 3. A flaw was found in the way
pam_console set console device permissions. It was possible for various console
devices to retain ownership of the console user after logging out, possibly
leaking information to an unauthorized user. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128484


* RedHat: Low: gdb security and bug fix update
11th, June, 2007

An updated gdb package that fixes a security issue and various bugs
is now available.Various buffer overflows and underflows were found in
the DWARF expression computation stack in GDB.

http://www.linuxsecurity.com/content/view/128485


* RedHat: Moderate: gcc security and bug fix update
11th, June, 2007

Updated gcc packages that fix a security issue and another bug are
now available.Jrgen Weigert discovered a directory traversal flaw in
fastjar. An attacker could create a malicious JAR file which, if unpacked
using fastjar, could write to any files the victim had write access to.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128486


* RedHat: Important: openoffice.org security update
13th, June, 2007

Updated openoffice.org packages to correct a security issue are now
available for Red Hat Enterprise Linux 3, 4, and 5. A heap overflow
flaw was found in the RTF import filer.  An attacker could create a
carefully crafted RTF file that could cause OpenOffice.org to crash
or possibly execute arbitrary code if the file was opened by a
victim.  This update has been rated as having important security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128517


* RedHat: Moderate: spamassassin security update
13th, June, 2007

Updated spamassassin packages that fix a security issue are now
available for Red Hat Enterprise Linux 4 and 5.Martin Krafft
discovered a symlink issue in SpamAssassin that affects certain
non-default configurations. A local user could use this flaw to
create or overwrite files writable by the spamd process. This
update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128518


* RedHat: Important: kdebase security update
13th, June, 2007

Updated kdebase packages that resolve an interaction security issue
with Adobe Flash Player are now available.A problem with the interaction
between the Flash Player and the Konqueror web browser was found. The
problem could lead to key presses leaking to the Flash Player applet
instead of the browser. This update has been rated as having important
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128519


* RedHat: Low: mod_perl security update
14th, June, 2007

Updated mod_perl packages that fix a security issue are now available
for Red Hat Enterprise Linux 3, 4, 5. An issue was found in the
"namespace_from_uri" method of the ModPerl::RegistryCooker class.

http://www.linuxsecurity.com/content/view/128535


* RedHat: Moderate: iscsi-initiator-utils security update
14th, June, 2007

Updated iscsi-initiator-utils packages that fix a security flaw in
open-iscsi are now available for Red Hat Enterprise Linux 5. Olaf
Kirch discovered two flaws in open-iscsi.  A local attacker could use
these flaws to cause the server daemon to stop responding, leading to
a denial of service.  This update has been rated as having moderate
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128536


* RedHat: Important: kernel security and bug fix update
14th, June, 2007

Updated kernel packages that fix security issues and bugs in the Red
Hat Enterprise Linux 5 kernel are now available. This update has been
rated as having important security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/128537


* RedHat: Moderate: libexif integer overflow
14th, June, 2007

Updated libexif packages that fix an integer overflow flaw are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128539


+---------------------------------+
| Distribution: Slackware        | ----------------------------//
+---------------------------------+

* Slackware:   libexif
14th, June, 2007

New libexif packages are available for Slackware 10.2, 11.0, and
-current to fix a crash and potential security issue. More details
about this issue may be found in the Common Vulnerabilities and
Exposures (CVE) database:

http://www.linuxsecurity.com/content/view/128534



+---------------------------------+
| Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  Linux kernel vulnerabilities
8th, June, 2007

USN-464-1 fixed several vulnerabilities in the Linux kernel.  Some
additional code changes were accidentally included in the Feisty
update which caused trouble for some people who were not using
UUID-based filesystem mounts.

http://www.linuxsecurity.com/content/view/128473


* Ubuntu:  file vulnerability
11th, June, 2007

USN-439-1 fixed a vulnerability in file.  The original fix did not
fully solve the problem.  This update provides a more complete
solution.

http://www.linuxsecurity.com/content/view/128503


* Ubuntu:  libexif vulnerability
11th, June, 2007

Victor Stinner discovered that libexif did not correctly validate the
size of some EXIF header fields.  By tricking a user into opening an
image with specially crafted EXIF headers, a remote attacker could
cause the application using libexif to crash, resulting in a denial of
service.

http://www.linuxsecurity.com/content/view/128504


* Ubuntu:  libpng vulnerability
11th, June, 2007

It was discovered that libpng did not correctly handle corrupted CRC
in grayscale PNG images.  By tricking a user into opening a specially
crafted PNG, a remote attacker could cause the application using
libpng to crash, resulting in a denial of service.

http://www.linuxsecurity.com/content/view/128505


* Ubuntu:  libgd2 vulnerabilities
11th, June, 2007

A buffer overflow was discovered in libgd2's font renderer.  By
tricking an application using libgd2 into rendering a specially
crafted string with a JIS encoded font, a remote attacker could
read heap memory or crash the application, leading to a denial of
service.

http://www.linuxsecurity.com/content/view/128506


* Ubuntu:  xscreensaver vulnerability
12th, June, 2007

It was discovered that xscreensaver did not correctly validate the
return values from network authentication systems such as LDAP or
NIS. A local attacker could bypass a locked screen if they were able to
interrupt network connectivity.


http://www.linuxsecurity.com/content/view/128513


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jun 17 2007 - 23:15:54 PDT