[ISN] Linux Advisory Watch - June 22nd 2007

From: InfoSec News (alerts@private)
Date: Sun Jun 24 2007 - 23:05:59 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  June 22nd 2007                                Volume 8, Number 25a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for the Linux kernel, postgreSQL,
libexif, libeapache, ClamAV, Firefox, and mod_perl. The distributors
include Debian, Gentoo, Mandriva, and Red Hat.

---

Hakin9 Magazine - Hacking, IT Security and More

Subscribe today and get 10% off! Covers all things hackers need
including techniques about breaking into computer systems, defense and
protection methods. A great new magazine that'll be sure to keep you on
the cutting edge. Want to learn more about the magazine?

Get 10% the regular subscription price if you sign up by
the end of June!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=30&zoneid=1

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

Review: Practical Packet Analysis

In the introduction, McIlwraith points out that security awareness
training properly consists of communication, raising of issues, and
encouragement to modify behaviour. (This will come as no surprise
to those who recall the definition of training as the modification
of attitudes and behaviour.) He also notes that security professionals
frequently concentrate solely on presentation of problems. The
remainder of the introduction looks at other major security
activities, and the part that awareness plays in ensuring that
they actually work.

http://www.linuxsecurity.com/content/view/128459/171/

---


Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/128404/171/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New Linux kernel 2.6.8 packages fix several
  16th, June, 2007

Several local and remote vulnerabilities have been discovered in
the Linux kernel that may lead to a denial of service or the execution
of arbitrary code.Doug Chapman discovered a potential local DoS (deadlock)
in the mincore function caused by improper lock handling.

http://www.linuxsecurity.com/content/view/128557


* Debian: New PostgreSQL 8.1 packages fix privilege escalation
  16th, June, 2007

It was discovered that the PostgreSQL database performs insufficient
validation of variables passed to privileged SQL statements, so
called "security definers", which could lead to SQL privilege
escalation.

http://www.linuxsecurity.com/content/view/128565


* Debian: New libexif packages fix integer overflow
  16th, June, 2007

A vulnerability has been discovered in libexif, a library to parse
EXIF files, which allows denial of service and possible execution
of arbitary code via malformed EXIF data.


http://www.linuxsecurity.com/content/view/128567


* Debian: New libexif packages fix integer overflow
  16th, June, 2007

A vulnerability has been discovered in libexif, a library to parse
EXIF files, which allows denial of service and possible execution of
arbitary code via malformed EXIF data.

http://www.linuxsecurity.com/content/view/128568


* Debian: New PostgreSQL 7.4 packages fix privilege escalation
  17th, June, 2007

It was discovered that the PostgreSQL database performs insufficient
validation of variables passed to privileged SQL statement called
"security definers", which could lead to SQL privilege escalation.

http://www.linuxsecurity.com/content/view/128570


* Debian: New libapache-mod-jk packages fix information disclosure
  17th, June, 2007

It was discovered that the Apache 1.3 connector for the Tomcat Java
servlet engine decoded request URLs multiple times, which can lead
to information disclosure.

http://www.linuxsecurity.com/content/view/128571



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: ClamAV Multiple Denials of Service
  15th, June, 2007

ClamAV contains several vulnerabilities leading to a Denial of
Service. A remote attacker could send a specially crafted file to the
scanner, possibly triggering one of the vulnerabilities. The two
buffer overflows are reported to only cause Denial of Service. This
would lead to a Denial of Service by CPU consumption or a crash of
the scanner. The insecure temporary file creation vulnerability could
be used by a local user to access sensitive data.

http://www.linuxsecurity.com/content/view/128554



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated Firefox packages fix multiple
  15th, June, 2007

A number of security vulnerabilities have been discovered and corrected 
in the latest Mozilla Firefox program, version 2.0.0.4. This update 
provides the latest Firefox to correct these issues.

http://www.linuxsecurity.com/content/view/128556


* Mandriva: Updated Firefox packages fix multiple
  16th, June, 2007

A number of security vulnerabilities have been discovered and corrected 
in the latest Mozilla Firefox program, version 2.0.0.4. This update 
provides the latest Firefox to correct these issues.

http://www.linuxsecurity.com/content/view/128566



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: mod_perl security update
  18th, June, 2007

Updated mod_perl packages that fix a security issue are now available
for Red Hat Enterprise Linux 2.1. This update has been rated as
having moderate security impact by the Red Hat Security Response
Team.

http://www.linuxsecurity.com/content/view/128573

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jun 24 2007 - 23:18:35 PDT