+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 21st 2007 Volume 8, Number 38a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for openoffice, vim, realplayer, flac123, eggdrop, id3lib, tar, phpwiki, gdm, popler, qt, cacti, avahi, libvorbis, xorg, nfs-utils-lib, php, quagga, and t11lib. The distributors include Debian, Gentoo, Mandriva, Red Hat and Ubuntu. -- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- * EnGarde Secure Linux v3.0.16 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.16 (Version 3.0, Release 16). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. http://www.engardelinux.org/modules/download/ --- Review: Ruby by Example Learning a new language cannot be complete without a few 'real world' examples. 'Hello world!'s and fibonacci sequences are always nice as an introduction to certain aspects of programming, but soon or later you crave something meatier to chew on. 'Ruby by Example: Concepts and Code' by Kevin C. Baird provides a wealth of knowledge via general to specialized examples of the dynamic object oriented programming language, Ruby. Want to build an mp3 playlist processor? How about parse out secret codes from 'Moby Dick'? Read on! http://www.linuxsecurity.com/content/view/128840/171/ --- Robert Slade Review: "Information Security and Employee Behaviour" The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/128404/171/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New OpenOffice.org packages fix arbitrary code execution 17th, September, 2007 A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code. http://www.linuxsecurity.com/content/view/129513 * Debian: New vim packages fix several vulnerabilities 19th, September, 2007 Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. http://www.linuxsecurity.com/content/view/129635 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: RealPlayer Buffer overflow 14th, September, 2007 RealPlayer is vulnerable to a buffer overflow allowing for execution of arbitrary code. A stack-based buffer overflow vulnerability has been reported in the SmilTimeValue::parseWallClockValue() function in smlprstime.cpp when handling HH:mm:ss.f type time formats. http://www.linuxsecurity.com/content/view/129499 * Gentoo: flac123 Buffer overflow 14th, September, 2007 flac123 is affected by a buffer overflow vulnerability, which could allow for the execution of arbitrary code.An attacker could entice a user to play a specially crafted audio file, which could lead to the execution of arbitrary code with the privileges of the user running the application. http://www.linuxsecurity.com/content/view/129500 * Gentoo: Eggdrop Buffer overflow 15th, September, 2007 A remote stack-based buffer overflow has been discovered in Eggdrop. http://www.linuxsecurity.com/content/view/129504 * Gentoo: id3lib Insecure temporary file creation 15th, September, 2007 A vulnerability has been discovered in id3lib allowing local users to overwrite arbitrary files via a symlink attack. http://www.linuxsecurity.com/content/view/129505 * Gentoo: GNU Tar Directory traversal vulnerability 15th, September, 2007 A directory traversal vulnerability has been discovered in GNU Tar. http://www.linuxsecurity.com/content/view/129506 * Gentoo: MIT Kerberos 5 Multiple 17th, September, 2007 Two vulnerabilities have been found in MIT Kerberos 5, which could allow a remote unauthenticated user to execute arbitrary code with root privileges. http://www.linuxsecurity.com/content/view/129510 * Gentoo: PhpWiki Authentication bypass 18th, September, 2007 A vulnerability has been discovered in PhpWiki authentication mechanism. http://www.linuxsecurity.com/content/view/129607 * Gentoo: GDM Local Denial of Service 18th, September, 2007 A local user could send a crafted message to /tmp/.gdm_socket that would trigger the null pointer dereference and crash GDM, thus preventing it from managing future displays. http://www.linuxsecurity.com/content/view/129608 * Gentoo: Poppler Two buffer overflow vulnerabilities 19th, September, 2007 Poppler is vulnerable to an integer overflow and a stack overflow. http://www.linuxsecurity.com/content/view/129634 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated qt3/qt4 packages fix vulnerability 14th, September, 2007 A buffer overflow was found in how Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or potentially allow for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/129497 * Mandriva: Updated cacti packages fix vulnerability 17th, September, 2007 A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/129517 * Mandriva: Updated avahi packages fix vulnerability 17th, September, 2007 The Avahi daemon in 0.6.20 and previous allows attackers to cause a denial of service via empty TXT data over D-Bus, which triggers an assert error. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/129518 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: openoffice.org security update 18th, September, 2007 Updated openoffice.org packages to correct a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A heap overflow flaw was found in the TIFF parser. An attacker could create a carefully crafted document containing a malicious TIFF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if opened by a victim. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/129519 * RedHat: Important: libvorbis security update 19th, September, 2007 Several flaws were found in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash or execute arbitrary code when it was opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/129628 * RedHat: Moderate: xorg-x11 security update 19th, September, 2007 A flaw was found in the way X.Org's composite extension handles 32 bit color depth windows while running in 16 bit color depth mode. If an X.org server has enabled the composite extension, it may be possible for a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/129629 * RedHat: Important: nfs-utils-lib security update 19th, September, 2007 An updated nfs-utils-lib package to correct a security flaw is now available for Red Hat Enterprise Linux 4. Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/129630 * RedHat: Moderate: php security update 20th, September, 2007 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. http://www.linuxsecurity.com/content/view/129636 +---------------------------------+ | Distribution: Ubuntoo | ----------------------------// +---------------------------------+ * Ubuntu: Quagga vulnerability 15th, September, 2007 It was discovered that Quagga did not correctly verify OPEN messages or COMMUNITY attributes sent from configured peers. Malicious authenticated remote peers could send a specially crafted message which would cause bgpd to abort, leading to a denial of service. http://www.linuxsecurity.com/content/view/129502 * Ubuntu: Qt vulnerability 18th, September, 2007 Dirk Mueller discovered that UTF8 strings could be made to cause a small buffer overflow. A remote attacker could exploit this by sending specially crafted strings to applications that use the Qt3 library for UTF8 processing, potentially leading to arbitrary code execution with user privileges, or a denial of service. http://www.linuxsecurity.com/content/view/129606 * Ubuntu: X.org vulnerability 18th, September, 2007 Aaron Plattner discovered that the Composite extension did not correctly calculate the size of buffers when copying between different bit depths. An authenticated user could exploit this to execute arbitrary code with root privileges. http://www.linuxsecurity.com/content/view/129610 * Ubuntu: t1lib vulnerability 19th, September, 2007 It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability. An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution. http://www.linuxsecurity.com/content/view/129633 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Mon Sep 24 2007 - 00:16:59 PDT