[ISN] Linux Advisory Watch - September 14th 2007

From: InfoSec News (alerts@private)
Date: Sun Sep 16 2007 - 22:17:05 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  September 14th 2007                           Volume 8, Number 37a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for krb5, gforge, xorg, id3lib,
phpmyadmin, ktorrent, phpwiki, jffnms, eggdrop, Mysql, x11-server,
fetchmail, php, openssh, and samba.  The distributors include
Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.

--

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

* EnGarde Secure Linux v3.0.16 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.16 (Version 3.0, Release 16). This release includes
many updated packages and bug fixes, some feature enhancements to
Guardian Digital WebTool and the SELinux policy, and a few new
features.

http://www.engardelinux.org/modules/download/

---

Review: Ruby by Example

Learning a new language cannot be complete without a few 'real
world' examples. 'Hello world!'s and fibonacci sequences are
always nice as an introduction to certain aspects of programming,
but soon or later you crave something meatier to chew on. 'Ruby
by Example: Concepts and Code' by Kevin C. Baird provides a
wealth of knowledge via general to specialized examples of the
dynamic object oriented programming language, Ruby. Want to build
an mp3 playlist processor? How about parse out secret codes from
'Moby Dick'? Read on!

http://www.linuxsecurity.com/content/view/128840/171/

---

Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/128404/171/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New krb5 packages fix arbitrary code execution
  6th, September, 2007

It was discovered that a buffer overflow of the RPC library of the
MIT Kerberos reference implementation allows the execution of arbitrary
code. The original patch from DSA-1367-1 didn't address the problem fully.
This update delivers an updated fix.

http://www.linuxsecurity.com/content/view/129347


* Debian: New gforge packages fix SQL injection
  6th, September, 2007

Sumit I. Siddharth discovered that Gforge, a collaborative
development tool performs insufficient input sanitising, which
allows SQL injection.

http://www.linuxsecurity.com/content/view/129348


* Debian: New xorg-server packages fix privilege escalation
  9th, September, 2007

Aaron Plattner discovered a buffer overflow in the Composite
extension of the X.org X server, which can lead to local
privilege escalation.

http://www.linuxsecurity.com/content/view/129392


* Debian: New id3lib3.8.3 packages fix denial of service
  9th, September, 2007

Nikolaus Schulz discovered that a programming error in id3lib, an ID3
Tag Library, may lead to denial of service through symlink attacks.

http://www.linuxsecurity.com/content/view/129394


* Debian: New phpmyadmin packages fix several vulnerabilities
  9th, September, 2007

Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The
PMA_ArrayWalkRecursive function in libraries/common.lib.php does not
limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web server
crash) via an array with many dimensions.

http://www.linuxsecurity.com/content/view/129395


* Debian: New phpmyadmin packages fix several vulnerabilities
  10th, September, 2007

Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The
PMA_ArrayWalkRecursive function in libraries/common.lib.php does not
limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web server
crash) via an array with many dimensions.

http://www.linuxsecurity.com/content/view/129441


* Debian: New ktorrent packages fix directory traversal
  11th, September, 2007

It was discovered that ktorrent, a BitTorrent client for KDE, was
vulnerable to a directory traversal bug which potentially allowed
remote users toover write arbitrary files.

http://www.linuxsecurity.com/content/view/129444


* Debian: New phpwiki packages fix several vulnerabilities
  11th, September, 2007

Several vulnerabilities have been discovered in phpWiki, a wiki
engine written in PHP. It was discovered that phpWiki performs
insufficient file name validation, which allows unrestricted
file uploads.

http://www.linuxsecurity.com/content/view/129445


* Debian: New jffnms packages fix several vulnerabilities
  11th, September, 2007

Several vulnerabilities have been discovered in jffnms, a web-based
Network Management System for IP networks.  Cross-site scripting
(XSS) vulnerability in auth.php, which allows a remote attacker to
inject arbitrary web script or HTML via the user parameter.

http://www.linuxsecurity.com/content/view/129446



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: MIT Kerberos 5 Multiple vulnerabilities
  11th, September, 2007

Two vulnerabilities have been found in MIT Kerberos 5, which could
allow a remote unauthenticated user to execute arbitrary code with root
privileges.

http://www.linuxsecurity.com/content/view/129447



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated krb5 packages fix vulnerabilities
  6th, September, 2007

A stack buffer overflow vulnerability was discovered in the RPC
library used by Kerberos' kadmind program by Tenable Network
Security.

http://www.linuxsecurity.com/content/view/129345


* Mandriva: Updated eggdrop package fix remote buffer overflow
  6th, September, 2007

A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote
IRC servers to execute arbitrary code via a long private message.
Updated packages fix this issue.

http://www.linuxsecurity.com/content/view/129346


* Mandriva: Updated kdebase and kdelibs packages fix location
  6th, September, 2007

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers
to spoof the data: URI scheme in the address bar via a long URI with
trailing whitespace, which prevents the beginning of the URI from
being displayed. (CVE-2007-3820)

http://www.linuxsecurity.com/content/view/129349


* Mandriva: Updated MySQL packages fix vulnerabilities
  6th, September, 2007

A vulnerability was found in MySQL's authentication protocol, making
it possible for a remote unauthenticated attacker to send a specially
crafted authentication request to the MySQL server causing it to
crash (CVE-2007-3780).

http://www.linuxsecurity.com/content/view/129350


* Mandriva: Updated krb5 packages fix vulnerabilities
  7th, September, 2007

A stack buffer overflow vulnerability was discovered in the RPC
library used by Kerberos' kadmind program by Tenable Network
Security. A remote unauthenticated user who could access kadmind
would be able to trigger the flaw and cause it to crash.

http://www.linuxsecurity.com/content/view/129390


* Mandriva: Updated x11-server packages fix vulnerability
  11th, September, 2007

Aaron Plattner discovered a buffer overflow in the Composite
extension of the X.org X server, which if exploited could lead
to local privilege escalation. Updated packages have been
patched to prevent these issues.

http://www.linuxsecurity.com/content/view/129448


* Mandriva: Updated fetchmail packages fix DoS vulnerability
  11th, September, 2007

A vulnerability in fetchmail was found where it could crash when
attempting to deliver an internal warning or error message through an
untrusted or compromised SMTP server, leading to a denial of service.

http://www.linuxsecurity.com/content/view/129449


* Mandriva: Updated id3lib packages fix vulnerability
  12th, September, 2007

 A programming error was found in id3lib by Nikolaus Schulz that
could lead to a denial of service through symlink attacks.
Updated packages have been patched to prevent these issues.

http://www.linuxsecurity.com/content/view/129485


* Mandriva: Updated librpcsecgss packages fix vulnerabilities
  12th, September, 2007

 A stack buffer overflow vulnerability was discovered in the
RPCSEC_GSS RPC library by Tenable Network Security that could
potentially allow for the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/129486



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: krb5 security update
  7th, September, 2007

Updated krb5 packages that correct a security flaw are now available
for Red Hat Enterprise Linux 5. The MIT Kerberos Team discovered a
problem with the originally published patch for svc_auth_gss.c
(CVE-2007-3999).

http://www.linuxsecurity.com/content/view/129352


* RedHat: Important: mysql security update
  10th, September, 2007

Updated MySQL packages for the Red Hat Application Stack comprising
the v1.2 release fixed various security issues. A flaw was discovered in
MySQL's authentication protocol. A remote unauthenticated attacker
could send a specially crafted authentication request to the MySQL
server causing it to crash.

http://www.linuxsecurity.com/content/view/129398


* RedHat: Important: kernel security update
  13th, September, 2007

Updated kernel packages that fix various security issues in the Red
Hat Enterprise Linux 5 kernel are now available.

http://www.linuxsecurity.com/content/view/129489



+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

* Slackware:   php
  12th, September, 2007

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and
12.0 to fix "several low priority security bugs."

http://www.linuxsecurity.com/content/view/129484


* Slackware:   openssh
  12th, September, 2007

New openssh packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue.
This version should also provide increased performance with
certain ciphers. More details about this issue may be found
in the Common

http://www.linuxsecurity.com/content/view/129487


* Slackware:   samba
  12th, September, 2007

New samba packages are available for Slackware 10.0, 10.1, 10.2,
11.0, and 12.0 to fix a security issue and various other bugs.

http://www.linuxsecurity.com/content/view/129488


+---------------------------------+
|  Distribution: Unbuntu          | ----------------------------//
+---------------------------------+

* Ubuntu:  Kerberos vulnerability
  7th, September, 2007


Original advisory details:
 It was discovered that the libraries handling RPCSEC_GSS did not
correctly  validate the size of certain packet structures. An
unauthenticated remote  user could send a specially crafted request
and execute arbitrary code  with root privileges.

http://www.linuxsecurity.com/content/view/129389


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.3 : Sun Sep 16 2007 - 22:31:27 PDT