[ISN] Linux Advisory Watch - July 6th 2007

From: InfoSec News (alerts@private)
Date: Mon Jul 09 2007 - 01:33:22 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  July 6th 2007                                 Volume 8, Number 27a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for postgresql, libapache, mplayer,
open-iscsi, libphp, ekg, maradns, clamav, wireshark, hiki, evolution,
fireflier-server, gsambad, unicon-imc2, samba, kernel, libexif,
openoffice, krb5, httpd, products, jasper, proftpd, madwifi,
xfsdump, e2fsprogs, webmin, mod_perl, helixplayer, cman, gd,
and gimp.  The distributors include Debian, Fedora, Gentoo,
Mandriva, Red Hat, Slackware, and Ubuntu.

---

>> Accelerate your career with a Master in
>> Information Assurance from Norwich!

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study offers you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.linuxsecurity.com/ads/adclick.php?log=no&bannerid=12

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

Review: Practical Packet Analysis

In the introduction, McIlwraith points out that security awareness
training properly consists of communication, raising of issues, and
encouragement to modify behaviour. (This will come as no surprise
to those who recall the definition of training as the modification
of attitudes and behaviour.) He also notes that security professionals
frequently concentrate solely on presentation of problems. The
remainder of the introduction looks at other major security
activities, and the part that awareness plays in ensuring that
they actually work.

http://www.linuxsecurity.com/content/view/128459/171/

---

Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/128404/171/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: Subject: [DSA 1311-1] New PostgreSQL 7.4 packages fix
  privilege escalation
  29th, June, 2007

It was discovered that the PostgreSQL database performs insufficient
validation of variables passed to privileged SQL statement called
"security definers", which could lead to SQL privilege escalation.

http://www.linuxsecurity.com/content/view/128608


* Debian: Subject: [DSA 1312-1] New libapache-mod-jk packages fix
  information disclosure
  29th, June, 2007

It was discovered that the Apache 1.3 connector for the Tomcat Java
servlet engine decoded request URLs multiple times, which can lead to
information disclosure.

http://www.linuxsecurity.com/content/view/128609


* Debian: Subject: [DSA 1313-1] New MPlayer packages fix arbitrary
  code execution
  29th, June, 2007

Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer
movie player performs insufficient boundary checks when accessing CDDB
data, which might lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/128610


* Debian: Subject: [DSA 1314-1] New open-iscsi packages fix several
  vulnerabilities
  29th, June, 2007

Several local and remote vulnerabilities have been discovered in
open-iscsi, a transport-independent iSCSI implementation. One of the
security flaw  discovered by Olaf Kirch was that due to a programming
error access to the management interface socket was insufficiently
protected, which allows denial of service.

http://www.linuxsecurity.com/content/view/128611


* Debian: Subject: [DSA 1315-1] New libphp-phpmailer packages fix
  arbitrary shell command execution
  29th, June, 2007

Thor Larholm discovered that libphp-phpmailer, an email transfer
class for PHP, performs insufficient input validition if configured
to use Sendmail. This allows the execution of arbitrary shell
commands.

http://www.linuxsecurity.com/content/view/128612


* Debian: Subject: [DSA 1318-1] New ekg packages fix denial of
  service
  29th, June, 2007

Several remote vulnerabilities have been discovered in ekg, a console
Gadu Gadu client. It was discovered that memory alignment errors may
allow remote attackers to cause a denial of service on certain
architectures such as sparc. This only affects Debian Sarge.

http://www.linuxsecurity.com/content/view/128614


* Debian: Subject: [DSA 1319-1] New maradns packages fix denial of
  service
  29th, June, 2007

Several remote vulnerabilities have been discovered in MaraDNS, a
simple security-aware Domain Name Service server. One flaw was that
malformed DNS requests can trigger memory leaks, allowing denial of
service.

http://www.linuxsecurity.com/content/view/128616


* Debian: Subject: [DSA 1320-1] New clamav packages fix several
  vulnerabilities
  29th, June, 2007

Several remote vulnerabilities have been discovered in the Clam
anti-virus toolkit. The Common Vulnerabilities and Exposures project
found the flaws. It was discovered that the NsPack decompression code
performed insufficient sanitising on an internal length variable,
resulting in a potential buffer overflow.

http://www.linuxsecurity.com/content/view/128617


* Debian: Subject: [DSA 1322-1] New wireshark packages fix denial of
  service
  29th, June, 2007

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service. One
security flaw was is Off-by-one overflows were discovered in the
iSeries dissector.

http://www.linuxsecurity.com/content/view/128619


* Debian: Subject: [DSA 1324-1] New hiki packages fix missing input
  sanitising
  29th, June, 2007

Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine
written in Ruby, which could allow a remote attacker to delete
arbitary files which are writable to the Hiki user, via a specially
crafted session parameter.

http://www.linuxsecurity.com/content/view/128621


* Debian: New evolution packages fix arbitrary code execution
  29th, June, 2007

Several remote vulnerabilities have been discovered in Evolution, a
groupware suite with mail client and organizer. Ulf Harnhammer
discovered that a format string vulnerability in the handling of
shared calendars may allow the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/128685


* Debian: New fireflier-server packages fix unsafe temporary files
  1st, July, 2007

Steve Kemp from the Debian Security Audit project discovered that
fireflier-server, an interactive firewall rule creation tool, uses
temporary files in an unsafe manner which may be exploited to remove
arbitary files from the local system.

http://www.linuxsecurity.com/content/view/128690


* Debian: New gsambad packages fix unsafe temporary files
  1st, July, 2007

Steve Kemp from the Debian Security Audit project discovered that
gsambad, a GTK+ configuration tool for samba, uses temporary files in an
unsafe manner which may be exploited to truncate arbitary files from the
local system.

http://www.linuxsecurity.com/content/view/128691


* Debian: New unicon-imc2 packages fix buffer overflow
  1st, July, 2007

Steve Kemp from the Debian Security Audit project discovered that
unicon-imc2, a Chinese input method library, makes unsafe use of
an environmental variable, which may be exploited to execute arbitary
code.

http://www.linuxsecurity.com/content/view/128692




+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 6 Update: samba-3.0.24-7.fc6
  29th, June, 2007

Bugfixes against the recent security patches. The bug names are
CVE-2007-2447 patch v2 and CVE-2007-2444 patch v2.

http://www.linuxsecurity.com/content/view/128622


* Fedora Core 5 Update: kernel-2.6.20-1.2320.fc5
  29th, June, 2007

Integer underflow in the cpuset_tasks_read function in the
Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4,
when the cpuset filesystem is mounted, allows local users to
obtain kernel memory contents by using a large offset when
reading the /dev/cpuset/tasks file.

http://www.linuxsecurity.com/content/view/128624


* Fedora Core 5 Update: libexif-0.6.12-5
  29th, June, 2007

An integer overflow flaw was found in the way libexif parses EXIF
image tags. If a victim opens a carefully crafted EXIF image file it
could cause the application linked against libexif to execute
arbitrary code or crash.

http://www.linuxsecurity.com/content/view/128625


* Fedora Core 5 Update: openoffice.org-2.0.2-5.22.2
  29th, June, 2007

A heap overflow flaw was found in the RTF import filer. An attacker
could create a carefully crafted RTF file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the
file was opened by a victim. All users of OpenOffice.org are advised
to upgrade to these updated packages, which contain a backported fix
to correct this issue.

http://www.linuxsecurity.com/content/view/128626


* Fedora Core 6 Update: kernel-2.6.20-1.2962.fc6
  29th, June, 2007

Integer underflow in the cpuset_tasks_read function in the
Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4,
when the cpuset filesystem is mounted, allows local users to
obtain kernel memory contents by using a large offset when
reading the /dev/cpuset/tasks file.

http://www.linuxsecurity.com/content/view/128627


* Fedora Core 5 Update: evolution-data-server-1.6.3-5.fc5
  29th, June, 2007

This update fixes a security flaw in Evolution's IMAP module. Adds a
patch for a list of security bug which were reported.

http://www.linuxsecurity.com/content/view/128628


* Fedora Core 6 Update: evolution-data-server-1.8.3-7.fc6
  29th, June, 2007

This update fixes a security flaw in Evolution's IMAP module. It add
a patch for RH bug #244287 (Camel IMAP security flaw).

http://www.linuxsecurity.com/content/view/128629


* Fedora Core 6 Update: libexif-0.6.15-2.fc6
  29th, June, 2007

The libexif package contains the EXIF library. Applications
use this library to parse EXIF image files. An integer overflow flaw
was found in the way libexif parses EXIF image tags. If a victim
opens a carefully crafted EXIF image file it could cause the application
linked against libexif to execute arbitrary code or crash. (CVE-2007-4168)
Users of libexif should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to this issue.

http://www.linuxsecurity.com/content/view/128630


* Fedora Core 5 Update: krb5-1.4.3-5.5
  29th, June, 2007

This update incorporates fixes for a stack buffer overflow and heap
corruption in the RPC library, and a fix for a potential stack buffer
overflow in kadmind.

http://www.linuxsecurity.com/content/view/128633


* Fedora Core 6 Update: krb5-1.5-21.1
  29th, June, 2007

This update incorporates fixes for a stack buffer overflow and heap
corruption in the RPC library, and a fix for a potential stack buffer
overflow in kadmind.

http://www.linuxsecurity.com/content/view/128634


* Fedora Core 5 Update: httpd-2.2.2-1.3
  2nd, July, 2007

The Apache HTTP Server did not verify that a process was an Apache
child process before sending it signals. A local attacker with the
ability to run scripts on the Apache HTTP Server could manipulate the
scoreboard and cause arbitrary
processes to be terminated which could lead to a denial of service
(CVE-2007-3304).

http://www.linuxsecurity.com/content/view/128699




+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Mozilla products Multiple vulnerabilities
  29th, June, 2007

Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted arbitrary remote code execution.

http://www.linuxsecurity.com/content/view/128635


* Gentoo: PHProjekt Multiple vulnerabilities
  29th, June, 2007

Multiple vulnerabilities have been discovered in PHProjekt, allowing
for the execution of arbitrary PHP and SQL code, and cross-site
scripting attacks.An authenticated user could elevate their
privileges by exploiting the vulnerabilities described above. Note
that the magic_quotes_gpc PHP configuration setting must be set to
"off" to exploit these vulnerabilities.

http://www.linuxsecurity.com/content/view/128636


* Gentoo: emul-linux-x86-java Multiple vulnerabilities
  29th, June, 2007

Multiple vulnerabilities have been discovered in emul-linux-x86-java,
possibly resulting in the execution of arbitrary code or a Denial of
Service.

http://www.linuxsecurity.com/content/view/128637


* Gentoo: libexif Buffer overflow
  29th, June, 2007

libexif does not properly handle image EXIF information, possibly
allowing for the execution of arbitrary code.An attacker could entice
a user of an application making use of a vulnerable version of
libexif to load a specially crafted image file, possibly resulting in
a crash of the application or the execution of arbitrary code with
the rights of the user running the application.

http://www.linuxsecurity.com/content/view/128638


* Gentoo: Firebird Buffer overflow
  1st, July, 2007

A vulnerability has been discovered in Firebird, allowing for the
execution of arbitrary code.Cody Pierce from TippingPoint DVLabs has
discovered a buffer overflow when processing "connect" requests with
an overly large "p_cnct_count" value.

http://www.linuxsecurity.com/content/view/128693


* Gentoo: OpenOffice.org Two buffer overflows
  2nd, July, 2007

Multiple vulnerabilities have been discovered in OpenOffice.org,
allowing for the remote execution of arbitrary code.A remote attacker
could entice a user to open a specially crafted document, possibly
leading to execution of arbitrary code with the rights of the user
running OpenOffice.org.

http://www.linuxsecurity.com/content/view/128705


* Gentoo: Evolution User-assisted remote execution of arbitrary code
  2nd, July, 2007

The IMAP client of Evolution contains a vulnerability potentially
leading to the execution of arbitrary code.A malicious or compromised
IMAP server could trigger the vulnerability and execute arbitrary
code with the permissions of the user running Evolution.

http://www.linuxsecurity.com/content/view/128706


* Gentoo: GNU C Library Integer overflow
  3rd, July, 2007

An integer overflow in the dynamic loader, ld.so, could result in the
execution of arbitrary code with escalated privileges.As the hardware
capabilities mask is honored by the dynamic loader during the
execution of suid and sgid programs, in theory this vulnerability
could result in the execution of arbitrary code with root privileges.
This update is provided as a precaution against currently unknown
attack vectors.

http://www.linuxsecurity.com/content/view/128712




+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated apache packages fix mod_mem_cache issue
  29th, June, 2007

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized
users. Updated packages have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128639


* Mandriva: Updated libexif packages fix integer overflow flaw
  29th, June, 2007

Another integer overflow was found in the way libexif parses EXIF
image tags.  An individual who opened a carefully-crafted EXIF image
file could cause the application linked against libexif to crash or
possibly execute arbitrary code. Updated packages have been patched
to prevent this issue.

http://www.linuxsecurity.com/content/view/128640


* Mandriva: Updated jasper packages fix vulnerability
  29th, June, 2007

A function in the JasPer JPEG-2000 library before 1.900 could allow
a remote user-assisted attack to cause a crash and possibly corrupt
the heap via malformed image files.
Updated packages have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128641


* Mandriva: Updated proftpd packages fix authentication
  29th, June, 2007

The Auth API in ProFTPD, when multiple simultaneous authentication
modules are configured, did not require that the module that checks
authentication is the same module that retrieves authentication data,
which could possibly be used to allow remote attackers to bypass
authentication. The updated packages have been patched to prevent
this issue.

http://www.linuxsecurity.com/content/view/128642


* Mandriva: Updated Thunderbird packages fix multiple
  29th, June, 2007

A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Thunderbird program, version 2.0.0.4.
This update provides the latest Thunderbird to correct these issues.

http://www.linuxsecurity.com/content/view/128644


* Mandriva: Updated madwifi-source,
  29th, June, 2007

 The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa
remote attackers to cause a denial of service (system hang) via a
crafted length field in nested 802.3 Ethernet frames in Fast Frame
packets, which results in a NULL pointer dereference.

http://www.linuxsecurity.com/content/view/128645


* Mandriva: Updated emacs packages fix DoS vulnerability
  29th, June, 2007

A vulnerability in emacs was discovered where it would crash when
processing certain types of images. Updated packages have been
patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128648


* Mandriva: Updated xfsdump packages fix unsafe temporary
  29th, June, 2007

The vulnerability is xfs_fsr in xfsdump creates a .fsr temporary
directory with insecure permissions, which allows local users to read
or overwrite arbitrary files on xfs filesystems. Updated packages
have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128649


* Mandriva: Updated evolution packages fix vulnerability
  29th, June, 2007

A flaw in Evolution/evolution-data-server was found in how Evolution
would process certain IMAP server messages.  If a user were tricked
into connecting to a malicious IMAP server, it was possible that
arbitrary code could be executed with the privileges of the user
using Evolution.
Updated packages have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128656


* Mandriva: Updated evolution packages fix vulnerability
  29th, June, 2007

A flaw in Evolution/evolution-data-server was found in how Evolution
would process certain IMAP server messages.  If a user were tricked
into connecting to a malicious IMAP server, it was possible that
arbitrary code could be executed with the privileges of the user
using Evolution.
Updated packages have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128657


* Mandriva: Updated krb5 packages fix vulnerabilities
  29th, June, 2007

David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind.  A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code.

http://www.linuxsecurity.com/content/view/128658


* Mandriva: Updated e2fsprogs packages fix memory leak
  29th, June, 2007

The libblkid library contained in the libext2fs2 package contains a
serious memory leak which can cause machines being used as NFS
servers to rapidly consume system memory. This update fixes the
memory leak.

http://www.linuxsecurity.com/content/view/128663


* Mandriva: Updated webmin packages fix XSS vulnerability
  29th, June, 2007

Multiple cross-site scripting (XSS) vulnerabilities were discovered
in pam_login.cgi in webmin prior to version 1.350, which could allow
a remote attacker to inject arbitrary web script or HTML.
Updated packages have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128664


* Mandriva: Updated MySQL packages fix multiple security
  4th, July, 2007

MySQL 5.x before 5.0.36 allows local users to cause a denial of
service (database crash) by performing information_schema table subselects
and using ORDER BY to sort a single-row result, which prevents
certain structure elements from being initialized and triggers a
NULL dereference in the filesort function. This issue does not affect
MySQL 5.0.37 in Mandriva Linux 2007.1.

http://www.linuxsecurity.com/content/view/128714


* Mandriva: Updated console-tools packages fix problems caused
  4th, July, 2007

vt-is-UTF8 utility included in console-tools package, and used by
Mandriva initscripts, can hang, causing random problems like
preventing a local/remote system reboot, unless user take
interactive action (#27948).

http://www.linuxsecurity.com/content/view/128716


* Mandriva: Updated apache packages fix multiple security
  4th, July, 2007

A vulnerability was discovered in the the Apache mod_status module
that could lead to a cross-site scripting attack on sites where the
server-status page was publically accessible and ExtendedStatus was
enabled (CVE-2006-5752).

http://www.linuxsecurity.com/content/view/128719


* Mandriva: Updated apache packages fix multiple security
  5th, July, 2007

A vulnerability was discovered in the the Apache mod_status module
that could lead to a cross-site scripting attack on sites where the
server-status page was publically accessible and ExtendedStatus was
enabled.

http://www.linuxsecurity.com/content/view/128720


* Mandriva: Updated apache packages fix multiple security
  5th, July, 2007

A vulnerability was discovered in the the Apache mod_status module
that could lead to a cross-site scripting attack on sites where the
server-status page was publically accessible and ExtendedStatus was
enabled (CVE-2006-5752).

http://www.linuxsecurity.com/content/view/128721




+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: mod_perl security update
  29th, June, 2007

Updated mod_perl packages that fix a security issue are now available
for Red Hat Enterprise Linux 2.1. The Apache::PerlRun module was found
to not properly escape PATH_INFO before being used in a regular expression.
If a server is configured to use Apache::PerlRun, an attacker could
request a carefully crafted URI causing resource consumption, which
could lead to a denial of service.

http://www.linuxsecurity.com/content/view/128666


* RedHat: Low: mod_perl security update
  29th, June, 2007

Updated mod_perl packages that fix a security issue are now available
for Red Hat Application Stack.

http://www.linuxsecurity.com/content/view/128667


* RedHat: Important: evolution security update
  29th, June, 2007

Updated evolution packages that fix a security bug are now available
for Red Hat Enterprise Linux 3 and 4. A flaw was found in the way
Evolution processes certain IMAP server messages. If a user can be
tricked into connecting to a malicious IMAP server it may be possible
to execute arbitrary code as the user running evolution.
This update has been rated as having important security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128668


* RedHat: Important: evolution-data-server security update
  29th, June, 2007

Updated evolution-data-server package that fixes a security bug are
now available for Red Hat Enterprise Linux 5.A flaw was found in the way
evolution-data-server processes certain IMAP server messages. If a
user can be tricked into connecting to a malicious IMAP server it may
be possible to execute arbitrary code as the user running the
evolution-data-server process.
This update has been rated as having important security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128669


* RedHat: Important: kernel security update
  29th, June, 2007

Updated kernel packages that fix several security issues and bugs in the 
Red Hat Enterprise Linux 4 kernel are now available. A flaw in the 
connection tracking support for SCTP that allowed a remote user to cause 
a denial of service by dereferencing a NULL pointer. This security 
advisory has been rated as having important security impact by the Red 
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128670


* RedHat: Moderate: apache security update
  29th, June, 2007

Updated Apache httpd packages that correct two security issues are
now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server
did not verify that a process was an Apache child process before
sending it signals. A local attacker who has the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a
denial of service. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128671


* RedHat: Moderate: httpd security update
  29th, June, 2007

Updated Apache httpd packages that correct two security issues are
now available for Red Hat Enterprise Linux 4. A flaw was found in the
Apache HTTP Server mod_status module. On sites where the
server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and
it is best practice to not make this publicly available.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128672


* RedHat: Moderate: httpd security update
  29th, June, 2007

Updated Apache httpd packages that correct three security issues are
now available for Red Hat Enterprise Linux 5.

http://www.linuxsecurity.com/content/view/128673


* RedHat: Critical: krb5 security update
  29th, June, 2007

Updated krb5 packages that fix several security flaws are now
available for Red Hat Enterprise Linux 2.1 and 3.

http://www.linuxsecurity.com/content/view/128674


* RedHat: Important: krb5 security update
  29th, June, 2007

Updated krb5 packages that fix several security flaws are now
available for Red Hat Enterprise Linux 4 and 5.

http://www.linuxsecurity.com/content/view/128675


* RedHat: Critical: HelixPlayer security update
  29th, June, 2007

An updated HelixPlayer package that fixes a buffer overflow flaw is
now available.

http://www.linuxsecurity.com/content/view/128676


* RedHat: Moderate: httpd security update
  29th, June, 2007

Updated Apache httpd packages that correct two security issues and
two bugs are now available for Red Hat Enterprise Linux 3.A flaw
was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus
is enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and
it is best practice to not make this publicly available.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128677


* RedHat: Important: cman security update
  29th, June, 2007

Updated cman packages that correct a security issue are now available 
for Red Hat Enterprise Linux 5.A flaw was found in the cman daemon.  A 
local attacker could connect to the cman daemon and trigger a static 
buffer overflow leading to a denial of service or, potentially, an 
escalation of privileges This update has been rated as having important 
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128678



+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

* Slackware:   gd
  29th, June, 2007

GD is an open source code library for the dynamic creation of images.

New gd packages are available for Slackware 11.0, and -current to
fix possible security issues.

http://www.linuxsecurity.com/content/view/128679





+---------------------------------+
|  Distribution: Ubuntu           | ----------------------------//
+---------------------------------+

* Ubuntu:  evolution-data-server vulnerability
  29th, June, 2007

Philip Van Hoof discovered that the IMAP client in Evolution did not
correctly verify the SEQUENCE value.  A malicious or spoofed server
could exploit this to execute arbitrary code with user privileges.

http://www.linuxsecurity.com/content/view/128680


* Ubuntu:  redhat-cluster-suite vulnerability
  29th, June, 2007

Fabio Massimo Di Nitto discovered that cman did not correctly
validate the size of client messages.  A local user could send a
specially crafted message and execute arbitrary code with cluster
manager privileges or crash the manager, leading to a denial of
service.

http://www.linuxsecurity.com/content/view/128681


* Ubuntu:  krb5 vulnerabilities
  29th, June, 2007

Wei Wang discovered that the krb5 RPC library did not correctly
handle certain error conditions.  A remote attacker could cause
kadmind to free an uninitialized pointer, leading to a denial of
service or possibly execution of arbitrary code with root
privileges.

http://www.linuxsecurity.com/content/view/128682


* Ubuntu:  libexif vulnerability
  29th, June, 2007

Sean Larsson discovered that libexif did not correctly verify the
size of EXIF components.  By tricking a user into opening an image with
specially crafted EXIF headers, a remote attacker could cause the
application using libexif to execute arbitrary code with user
privileges.

http://www.linuxsecurity.com/content/view/128683


* Ubuntu:  MadWifi vulnerabilities
  29th, June, 2007

Multiple flaws in the MadWifi driver were discovered that could lead
to a system crash.  A physically near-by attacker could generate
specially crafted wireless network traffic and cause a denial of
service.

http://www.linuxsecurity.com/content/view/128684


* Ubuntu:  Gimp vulnerability
  4th, July, 2007

Stefan Cornelius discovered that Gimp could miscalculate the size of
heap buffers when processing PSD images.  By tricking a user into opening
a specially crafted PSD file with Gimp, an attacker could exploit this
to execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/128715


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jul 09 2007 - 01:45:41 PDT