+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| August 31st 2007 Volume 8, Number 35a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for asterisk, dovecot, rsync,
postfix-policyd, lighthttpd, mediawiki, moodle, cups, tetex, kdegraphics,
koffice, kdelibs, kdebase, po4a, libvorbias, id3lib, bochs, sylpheed,
Opera, vim, gdm, gimp, kernel, tar, mysql, emacs, enigmail, and
tcpwrappers. The distributors include Debian, Fedora, Mandriva,
Red Hat, SuSE, and Ubuntu.
--
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
* EnGarde Secure Linux v3.0.16 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.16 (Version 3.0, Release 16). This release includes
many updated packages and bug fixes, some feature enhancements to
Guardian Digital WebTool and the SELinux policy, and a few new
features.
http://www.engardelinux.org/modules/download/
---
Review: Ruby by Example
Learning a new language cannot be complete without a few 'real
world' examples. 'Hello world!'s and fibonacci sequences are
always nice as an introduction to certain aspects of programming,
but soon or later you crave something meatier to chew on. 'Ruby
by Example: Concepts and Code' by Kevin C. Baird provides a
wealth of knowledge via general to specialized examples of the
dynamic object oriented programming language, Ruby. Want to build
an mp3 playlist processor? How about parse out secret codes from
'Moby Dick'? Read on!
http://www.linuxsecurity.com/content/view/128840/171/
---
Robert Slade Review: "Information Security and Employee Behaviour"
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/128404/171/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New asterisk packages fix several vulnerabilities
27th, August, 2007
Several remote vulnerabilities have been discovered in Asterisk, a
free software PBX and telephony toolkit. The Common Vulnerabilities and
Exposures project identifies the following problems: "Mu Security"
discovered that a NULL pointer deference in the SIP implementation
could lead to denial of service.
http://www.linuxsecurity.com/content/view/129054
* Debian: New dovecot packages fix directory traversal
28th, August, 2007
It was discovered that dovecot, a secure mail server that supports
mbox and maildir mailboxes, when configured to use non-system-user
spools and compressed folders, may allow directory traversal in
mailbox names
http://www.linuxsecurity.com/content/view/129137
* Debian: New rsync packages fix arbitrary code execution
28th, August, 2007
Sebastian Krahmer discovered that rsync, a fast remote file copy
program, contains an off-by-one error which might allow remote
attackers to execute arbitary code via long directory names.
http://www.linuxsecurity.com/content/view/129138
* Debian: New postfix-policyd packages fix arbitrary code execution
29th, August, 2007
It was discovered that postfix-policyd, an anti-spam plugin for
postfix, didn't correctly bounds-test incoming SMTP commands
potentially allowing the remote exploitation of arbitrary
code.
http://www.linuxsecurity.com/content/view/129189
* Debian: New lighttpd packages fix several vulnerabilities
29th, August, 2007
Several vulnerabilities were discovered in lighttpd, a fast webserver
with minimal memory footprint. The use of mod_auth could leave to a denial
of service attack crashing the webserver.
http://www.linuxsecurity.com/content/view/129190
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora 7 Update: mediawiki-1.9.3-34.0.2.fc7
27th, August, 2007
This update fixes the following vulnerability:
"Cross-site scripting (XSS) vulnerability in the AJAX features in
index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is
enabled, allows remote attackers to inject arbitrary web script
or HTML via a UTF-7 encoded value of the rs parameter, which is
processed by Internet Explorer."
http://www.linuxsecurity.com/content/view/129069
* Fedora 7 Update: moodle-1.8.2-1.fc7
27th, August, 2007
Upgrade to 1.8.2, Security fixes for 247582. Also corrects bug
245750, cron job problem.
http://www.linuxsecurity.com/content/view/129071
* Fedora 7 Update: cups-1.2.12-4.fc7
27th, August, 2007
This update fixes a security problem concerning PDF handling.
It also fixes printing speed with USB printers, and includes a fix
for the LSPP support.
http://www.linuxsecurity.com/content/view/129074
* Fedora 7 Update: tetex-3.0-40.1.fc7
27th, August, 2007
* Fri Aug 10 2007 Jindrich Novy
- backport upstream fix for xpdf integer overflow CVE-2007-3387
http://www.linuxsecurity.com/content/view/129075
* Fedora 7 Update: kdegraphics-3.5.7-2.fc7
27th, August, 2007
This is an update to address a vulnerability in kpdf, one that can
cause a stack based buffer overflow.
http://www.linuxsecurity.com/content/view/129077
* Fedora 7 Update: koffice-1.6.3-9.fc7
27th, August, 2007
This is an update to address a stack-based buffer overflow
vulnerability in kword's pdf filter.
http://www.linuxsecurity.com/content/view/129078
* Fedora 7 Update: kdelibs-3.5.7-20.fc7
27th, August, 2007
This update primarily addresses problems with URL spoofing and
consolekit/session permissions.
http://www.linuxsecurity.com/content/view/129082
* Fedora 7 Update: kdebase-3.5.7-13.fc7
27th, August, 2007
This update primarily addresses security issues around URL spoofing.
http://www.linuxsecurity.com/content/view/129083
* Fedora 7 Update: po4a-0.32-4.fc7
27th, August, 2007
This update fixes a potential security problem (information leak)
due to use of predictable name in /tmp. There is no CVE assignment
yet
http://www.linuxsecurity.com/content/view/129084
* Fedora 7 Update: libvorbis-1.1.2-3.fc7
27th, August, 2007
Multiple security flaws were found in libvorbis. This updated
package fixes them all. Descriptions of the security bugs can be
found in the Fedora bug reporting software.
http://www.linuxsecurity.com/content/view/129085
* Fedora 7 Update: id3lib-3.8.3-17.fc7
27th, August, 2007
This security update fixes a (minor) tempfile creation security issue
(CVE-2007-4460) by using mkstemp (bugzilla 253553)
http://www.linuxsecurity.com/content/view/129086
* Fedora 7 Update: bochs-2.3-7.fc7
27th, August, 2007
This security update of bochs fixes CVE-2007-2894:
The emulated floppy disk controller in Bochs 2.3 allows local users
of the guest operating system to cause a denial of service (virtual
machine crash) via unspecified vectors, resulting in a divide-by-zero
error.
http://www.linuxsecurity.com/content/view/129087
* Fedora 7 Update: sylpheed-2.3.1-5
27th, August, 2007
Ulf Harnhammar (Secunia Research) has discovered a format string
vulnerability in sylpheed and claws-mail in inc_put_error() function
in src/inc.c when displaying POP3 error reply.
http://www.linuxsecurity.com/content/view/129095
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: Qt Multiple format string vulnerabilities
27th, August, 2007
Format string vulnerabilities in Qt 3 may lead to the remote
execution of arbitrary code in some Qt applications. An attacker
could trigger one of the vulnerabilities by causing a Qt
application to parse specially crafted text, which may lead to
the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/129057
* Gentoo: Opera Multiple vulnerabilities
27th, August, 2007
Opera contain several vulnerabilities, some of which may allow the
execution of arbitrary code. A remote attacker could trigger the
BitTorrent vulnerability by enticing a user into starting a malicious
BitTorrent download, and execute arbitrary code through unspecified
vectors.
http://www.linuxsecurity.com/content/view/129058
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated vim packages fix vulnerability
27th, August, 2007
A format string vulnerability in the helptags support in vim allows
user-assisted remote attackers to execute arbitrary code via format
string specifiers in a help-tags tag in a help file.
Updated packages have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/129059
* Mandriva: Updated gdm packages fix DoS vulnerability
27th, August, 2007
A vulnerability was discovered in how gdm listens on its unix domain
socket. A local user could crash a running X session by writing
malicious data to gdm's unix domain socket.
Updated packages have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/129061
* Mandriva: Updated gimp packages fix input data validation
27th, August, 2007
Multiple integer overflows in the image loader plug-ins in GIMP
before 2.2.16 allow user-assisted remote attackers to execute
arbitrary code via crafted length values in (1) DICOM, (2) PNM,
(3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
http://www.linuxsecurity.com/content/view/129062
* Mandriva: Updated kernel packages fix multiple
28th, August, 2007
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel. The first is that the Linux kernel did not properly save
or restore EFLAGS during a context switch, or reset the flags when
creating new threads, which allowed local users to cause a denial
of service (process crash).
http://www.linuxsecurity.com/content/view/129139
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Moderate: tar security update
27th, August, 2007
Updated tar package that fixes a path traversal flaw is now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team. A path traversal flaw
was discovered in the way GNU tar extracted archives. A malicious user
could create a tar archive that could write to arbitrary files to
which the user running GNU tar had write access.
http://www.linuxsecurity.com/content/view/129064
* RedHat: Important: mysql security update
30th, August, 2007
Updated mysql packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4 and 5. A flaw was discovered in MySQL's
authentication protocol. It is possible for a remote unauthenticated
attacker to send a specially crafted authentication request to the
MySQL server causing it to crash.
http://www.linuxsecurity.com/content/view/129210
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: Linux kernel (SUSE-SA:2007:035)
27th, August, 2007
The ftdi_sio driver allowed local users to cause a denial of service
(memory consumption) by writing more data to the serial port than the
hardware can handle, which causes the data to be queued. This
requires this driver to be loaded, which only happens if such a
device is plugged in.
http://www.linuxsecurity.com/content/view/129065
* SuSE: Mozilla Firefox, Thunderbird,
27th, August, 2007
The Mozilla Firefox browser was brought to security update version
1.5.0.12 on Novell Linux Desktop 9 and 2.0.0.4 on SUSE Linux
Enterprise 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2.
The Mozilla Thunderbird mailreader was brought to security update
version 1.5.0.12 on SUSE Linux 10.0, 10.1 and openSUSE 10.2.
http://www.linuxsecurity.com/content/view/129066
* SuSE: Opera (SUSE-SA:2007:050)
30th, August, 2007
The Opera web-browser allows an attacker to execute arbitrary code by
providing an invalid pointer to a virtual function in JavaScript.
This bug can be exploited automatically when a user visits a web-site
that contains the attacker's JavaScript code
http://www.linuxsecurity.com/content/view/129192
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: KDE vulnerabilities
27th, August, 2007
It was discovered that Konqueror could be tricked into displaying
incorrect URLs. Remote attackers could exploit this to increase
their chances of tricking a user into visiting a phishing URL, which
could lead to credential theft.
http://www.linuxsecurity.com/content/view/129055
* Ubuntu: Thunderbird vulnerabilities
27th, August, 2007
Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious email, an attacker could
execute arbitrary code with the user's privileges. Please note that
JavaScript is disabled by default for emails, and it is not
recommended to enable it.
http://www.linuxsecurity.com/content/view/129056
* Ubuntu: Emacs vulnerability
28th, August, 2007
Hendrik Tews discovered that emacs21 did not correctly handle certain
GIF images. By tricking a user into opening a specially crafted GIF,
a remote attacker could cause emacs21 to crash, resulting in a denial
of service.
http://www.linuxsecurity.com/content/view/129143
* Ubuntu: tar vulnerability
28th, August, 2007
Dmitry V. Levin discovered that tar did not correctly detect the ".."
file path element when unpacking archives. If a user or an automated
system were tricked into unpacking a specially crafted tar file,
arbitrary files could be overwritten with user privileges.
http://www.linuxsecurity.com/content/view/129144
* Ubuntu: vim vulnerability
28th, August, 2007
Ulf Harnhammar discovered that vim does not properly sanitise the
"helptags_one()" function when running the "helptags" command.
By tricking a user into running a crafted help file, a remote
attacker could execute arbitrary code with the user's privileges.
http://www.linuxsecurity.com/content/view/129145
* Ubuntu: Enigmail regression
28th, August, 2007
USN-469-1 fixed vulnerabilities in the Mozilla Thunderbird email
client. The updated Thunderbird version broken compatibility with the
Enigmail plugin. This update corrects the problem. We apologize for
the inconvenience.
http://www.linuxsecurity.com/content/view/129146
* Ubuntu: tcp-wrappers vulnerability
29th, August, 2007
It was discovered that the TCP wrapper library was incorrectly
allowing connections to services that did not specify server-side
connection details. Remote attackers could connect to services that
had been configured to block such connections. This only affected
Ubuntu Feisty.
http://www.linuxsecurity.com/content/view/129191
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
____________________________________
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!
http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Tue Sep 04 2007 - 03:12:02 PDT