+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| November 9th, 2007 Volume 8, Number 45 |
| |
| Editorial Team: Dave Wreski <dwreski@private> |
| Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week advisories were released for gallery2, phpmyadmin, gforge,
perl, iceape, pcre3, perdition, mono, glib2, xfs, autofs, netpbm,
ghostscript, perl, pwlib, opal, xen, openldap, poppler, tetex, xpdf,
cups, conga, wireshark, httpd, mcstrans, tcpdump, openssh, pam, coolkey,
jboss, cups, and compiz. The distributors include Debian, Fedora,
Mandriva, Red Hat, and Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26
---
Review: Linux Firewalls
-----------------------
Security is at the forefront of everyone's mind and a firewall can be an
integral part of your Linux defense. But is Michael's Rash's "Linux
Firewalls," the newest release from NoStarchPress, up for the challenge?
Eckie S. here at Linuxsecurity.com gives you the low-down on this newest
addition to the Linux security resource library and how it's one of the
best ways to crack down on attacks to your Linux network.
http://www.linuxsecurity.com/content/view/130392
---
State of Linux Security Survey
------------------------------
It is customary for communities of every sphere to stand up occasionally,
and take a good, long look at what=92s going on in the world around them.
For us here at Linuxsecurity.com, we felt it was a great opportunity to
put it all together.
Since 1996, Linuxsecurity.com has been bringing open source news,
HOW-TOs, Feature stories and more to the open source community with
comprehensive coverage. As one of the veterans in this area, we=92d like
to see you chime in. With so much going on in Linux and security, what
does the community really care about?
http://www.linuxsecurity.com/content/view/130173
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.17 Now Available (Oct 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.17 (Version 3.0, Release 17). This release includes many
updated packages and bug fixes, some feature enhancements to Guardian
Digital WebTool and the SELinux policy, and a few new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database,
e-mail security and even e-commerce.
http://www.linuxsecurity.com/content/view/129961
--------------------------------------------------------------------------
* Debian: New gallery2 packages fix privilege escalation (Nov 8)
--------------------------------------------------------------
Nicklous Roberts discovered that the Reupload module of Gallery 2, a
web based photo management application, allowed unauthorized users to
edit Gallery's data file.
http://www.linuxsecurity.com/content/view/130668
* Debian: New phpmyadmin packages fix cross-site scripting (Nov 8)
----------------------------------------------------------------
Omer Singer of the DigiTrust Group discovered several vulnerabilities
in phpMyAdmin, an application to administrate MySQL over the WWW. The
Common Vulnerabilities and Exposures project identifies, phpMyAdmin
allows a remote attacker to inject arbitrary web script or HTML in the
context of a logged in user's session (cross site scripting).
http://www.linuxsecurity.com/content/view/130667
* Debian: New gforge packages fix several vulnerabilities (Nov 7)
---------------------------------------------------------------
Steve Kemp from the Debian Security Audit project discovered that
gforge, a collaborative development tool, used temporary files
insecurely which could allow local users to truncate files upon the
system with the privileges of the gforge user, or create a denial of
service attack.
http://www.linuxsecurity.com/content/view/130602
* Debian: New perl packages fix arbitrary code execution (Nov 6)
--------------------------------------------------------------
Will Drewry and Tavis Ormandy of the Google Security Team have
discovered a UTF-8 related heap overflow in Perl's regular expression
compiler, probably allowing attackers to execute arbitrary code by
compiling specially crafted regular expressions.
http://www.linuxsecurity.com/content/view/130578
* Debian: New iceape packages fix several vulnerabilities (Nov 5)
---------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Iceape
internet suite, an unbranded version of the Seamonkey Internet Suite.
The Common Vulnerabilities and Exposures project identifies the
following problems: Michal Zalewski discovered that the unload event
handler had access to the address of the next page to be loaded, which
could allow information disclosure or spoofing.
http://www.linuxsecurity.com/content/view/130494
* Debian: New pcre3 packages fix arbitrary code execution (Nov 5)
---------------------------------------------------------------
Tavis Ormandy of the Google Security Team has discovered several
security issues in PCRE, the Perl-Compatible Regular Expression
library, which potentially allow attackers to execute arbitrary code by
compiling specially crafted regular expressions.f
http://www.linuxsecurity.com/content/view/130484
* Debian: New perdition packages fix arbitrary code execution (Nov 5)
-------------------------------------------------------------------
Bernhard Mueller of SEC Consult has discovered a format string
vulnerability in perdition, an IMAP proxy. This vulnerability could
allow an unauthenticated remote user to run arbitrary code on the
perdition server by providing a specially formatted IMAP tag.
http://www.linuxsecurity.com/content/view/130452
* Debian: New mono packages fix integer overflow (Nov 3)
------------------------------------------------------
An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
http://www.linuxsecurity.com/content/view/130450
--------------------------------------------------------------------------
* Fedora 8 Update: glib2-2.14.3-1.fc8 (Nov 8)
-------------------------------------------
The latest stable upstream release of GLib includes a new version of
PCRE, which fixes several vulnerabilities.
http://www.linuxsecurity.com/content/view/130615
--------------------------------------------------------------------------
* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
---------------------------------------------------------
Multiple vulnerabilities were discovered by Tavis Ormandy and Will
Drewry in the way that pcre handled certain malformed regular
expressions.=09If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application. Updated packages
have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130666
* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
---------------------------------------------------------
Multiple vulnerabilities were discovered by Tavis Ormandy and Will
Drewry in the way that pcre handled certain malformed regular
expressions.=09If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application. Updated packages
have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130665
* Mandriva: Updated xfs package prevents arbitrary code (Nov 6)
-------------------------------------------------------------
Integer overflow in the build_range function in X.Org X Font Server
(xfs) before 1.0.5 allows context-dependent attackers to execute
arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol
requests with crafted size values, which triggers a heap-based buffer
overflow.
http://www.linuxsecurity.com/content/view/130579
* Mandriva: Updated autofs package fixes issue when used with (Nov 6)
-------------------------------------------------------------------
The autofs init script was missing a dependency on ypbind, preventing a
correct initialisation order in parallel mode, when storing autofs
configuration in NIS (bug #34559). The updated package fixes this
issue.
http://www.linuxsecurity.com/content/view/130577
* Mandriva: Updated netpbm packages fix vulnerability (Nov 6)
-----------------------------------------------------------
A function in the JasPer JPEG-2000 library before 1.900 could allow a
remote user-assisted attack to cause a crash and possibly corrupt the
heap via malformed image files. netpbm contains an embedded copy of
libjasper and as such is vulnerable to this issue. Updated packages
have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130497
* Mandriva: Updated ghostscript packages fix vulnerability (Nov 6)
----------------------------------------------------------------
A function in the JasPer JPEG-2000 library before 1.900 could allow a
remote user-assisted attack to cause a crash and possibly corrupt the
heap via malformed image files. Newer versions of ghostscript contain
an embedded copy of libjasper and as such is vulnerable to this issue.
Updated packages have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130495
* Mandriva: Updated perl packages fix vulnerability (Nov 6)
---------------------------------------------------------
Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular
expression engine. Specially crafted input to a regular expression can
cause Perl to improperly allocate memory, resulting in the possible
execution of arbitrary code with the permissions of the user running
Perl. Updated packages have been patched to prevent these issues.
http://www.linuxsecurity.com/content/view/130496
* Mandriva: Updated pwlib packages fix vulnerability (Nov 2)
----------------------------------------------------------
A memory management flaw was discovered in PWLib, that an attacker
could use to crash an application linked with it, such as Ekiga.
Updated packages have been patched to prevent these issues.
http://www.linuxsecurity.com/content/view/130448
* Mandriva: Updated opal packages fix vulnerability (Nov 2)
---------------------------------------------------------
A flaw in opal, the Open Phone Abstraction Library, was found in how it
handles certain Session Initiation Protocol (SIP) packets. An attacker
could use this vulnerability to crash an application linked to opal,
such as Ekiga. Updated packages have been patched to prevent these
issues.
http://www.linuxsecurity.com/content/view/130447
* Mandriva: Updated xen packages fix multiple vulnerabilities (Nov 1)
-------------------------------------------------------------------
Tavis Ormandy discovered a heap overflow flaw during video-to-video
copy operations in the Cirrus VGA extension code that is used in Xen. A
malicious local administrator of a guest domain could potentially
trigger this flaw and execute arbitrary code outside of the domain
(CVE-2007-1320).
http://www.linuxsecurity.com/content/view/130396
--------------------------------------------------------------------------
* RedHat: Important: openldap security and enhancement (Nov 8)
------------------------------------------------------------
Updated openldap packages that fix a security flaw are now available
for Red Hat Enterprise Linux 5. A flaw was found in the way OpenLDAP's
slapd daemon handled malformed objectClasses LDAP attributes. A local
or remote attacker could create an LDAP request which could cause a
denial of service by crashing slapd. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130653
* RedHat: Important: poppler security update (Nov 7)
--------------------------------------------------
Updated poppler packages that fix several security issues are now
available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered
several flaws in the handling of PDF files. An attacker could create a
malicious PDF file that would cause an application linked with poppler
to crash, or potentially execute arbitrary code when opened. This
update has been rated as having important security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130597
* RedHat: Important: tetex security update (Nov 7)
------------------------------------------------
Updated tetex packages that fix a security issue are now available for
Red Hat Enterprise Linux 2.1 and 3. Alin Rad Pop discovered a flaw in
the handling of PDF files. An attacker could create a malicious PDF
file that would cause TeTeX to crash, or potentially execute arbitrary
code when opened. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130598
* RedHat: Important: xpdf security update (Nov 7)
-----------------------------------------------
Updated xpdf packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered
several flaws in the handling of PDF files. An attacker could create a
malicious PDF file that would cause Xpdf to crash, or potentially
execute arbitrary code when opened. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130599
* RedHat: Important: xpdf security update (Nov 7)
-----------------------------------------------
Updated xpdf packages that fix several security issues are now
available for Red Hat Enterprise Linux 3. Alin Rad Pop discovered
several flaws in the handling of PDF files. An attacker could create a
malicious PDF file that would cause Xpdf to crash, or potentially
execute arbitrary code when opened.=09This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130600
* RedHat: Important: xpdf security update (Nov 7)
-----------------------------------------------
Updated xpdf packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1. A flaw was found in the
t1lib library, used in the handling of Type 1 fonts. An attacker could
create a malicious file that would cause Xpdf to crash, or potentially
execute arbitrary code when opened. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130601
* RedHat: Important: cups security update (Nov 7)
-----------------------------------------------
Updated CUPS packages that fix several security issues are now
available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered
several flaws in the handling of PDF files. An attacker could create a
malicious PDF file that would cause CUPS to crash or potentially
execute arbitrary code when printed.=09This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130593
* RedHat: Important: cups security update (Nov 7)
-----------------------------------------------
Updated cups packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered
several flaws in the handling of PDF files. An attacker could create a
malicious PDF file that would cause CUPS to crash or potentially
execute arbitrary code when printed. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130594
* RedHat: Important: cups security update (Nov 7)
-----------------------------------------------
Updated cups packages that fix several security issues are now
available for Red Hat Enterprise Linux 3. Alin Rad Pop discovered a
flaw in the handling of PDF files. An attacker could create a malicious
PDF file that would cause CUPS to crash or potentially execute
arbitrary code when printed. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130595
* RedHat: Important: gpdf security update (Nov 7)
-----------------------------------------------
Updated gpdf packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered
several flaws in the handling of PDF files. An attacker could create a
malicious PDF file that would cause gpdf to crash, or potentially
execute arbitrary code when opened. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130596
* RedHat: Moderate: conga security, bug fix, (Nov 7)
--------------------------------------------------
Updated conga packages that correct a security flaw and provide bug
fixes and add enhancements are now available. A flaw was found in ricci
during a code audit.=09A remote attacker who is able to connect to ricci
could cause ricci to temporarily refuse additional connections, a
denial of service. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130586
* RedHat: Low: wireshark security update (Nov 7)
----------------------------------------------
New Wireshark packages that fix various security vulnerabilities are
now available for Red Hat Enterprise Linux 5. Wireshark was previously
known as Ethereal. Several denial of service bugs were found in
Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol
dissectors. It was possible for Wireshark to crash or stop responding
if it read a malformed packet off the network. This update has been
rated as having low security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/130587
* RedHat: Moderate: httpd security, bug fix, (Nov 7)
--------------------------------------------------
Updated httpd packages that fix a security issue, fix various bugs, and
add enhancements, are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130588
* RedHat: Low: mcstrans security and bug fix update (Nov 7)
---------------------------------------------------------
An updated mcstrans package that fixes a security issue and a bug is
now available. An algorithmic complexity weakness was found in the way
the mcstrans daemon handled ranges of compartments in sensitivity
labels. A local user could trigger this flaw causing mctransd to
temporarily stop responding to other requests; a partial denial of
service. This update has been rated as having low security impact by
the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130589
* RedHat: Moderate: tcpdump security and bug fix update (Nov 7)
-------------------------------------------------------------
Updated tcpdump packages that fix a security issue and functionality
bugs are now available. Moritz Jodeit discovered a denial of service
bug in the tcpdump IEEE 802.11 processing code. If a certain link type
was explicitly specified, an attacker could inject a carefully crafted
frame onto the IEEE 802.11 network that could crash a running tcpdump
session. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130582
* RedHat: Moderate: openssh security and bug fix update (Nov 7)
-------------------------------------------------------------
Updated openssh packages that fix a security issue and various bugs are
now available. A flaw was found in the way the ssh server wrote account
names to the audit subsystem. An attacker could inject strings
containing parts of audit messages, which could possibly mislead or
confuse audit log parsing tools. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130583
* RedHat: Moderate: pam security, bug fix, (Nov 7)
------------------------------------------------
Updated pam packages that fix two security flaws, resolve several bugs,
and add enhancements are now available for Red Hat Enterprise Linux 5.
A flaw was found in the way pam_console set console device permissions.
It was possible for various console devices to retain ownership of the
console user after logging out, possibly leaking information to another
local user. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130584
* RedHat: Low: coolkey security and bug fix update (Nov 7)
--------------------------------------------------------
Updated coolkey packages that fix a security issue and various bugs are
now available for Red Hat Enterprise Linux 5. Steve Grubb discovered a
flaw in the way coolkey created a temporary directory. A local attacker
could perform a symlink attack and cause arbitrary files to be
overwritten. This update has been rated as having low security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130585
* RedHat: Important: perl security update (Nov 5)
-----------------------------------------------
Updated Perl packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5. A flaw was found in Perl's
regular expression engine. Specially crafted input to a regular
expression can cause Perl to improperly allocate memory, possibly
resulting in arbitrary code running with the permissions of the user
running Perl. This update has been rated as having important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130477
* RedHat: Important: perl security update (Nov 5)
-----------------------------------------------
Updated Perl packages that fix security issues for Red Hat Application
Stack v1.2 are now available. A flaw was found in Perl's regular
expression engine. Specially crafted input to a regular expression can
cause Perl to improperly allocate memory, possibly resulting in
arbitrary code running with the permissions of the user running Perl.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130478
* RedHat: Critical: pcre security update (Nov 5)
----------------------------------------------
Updated pcre packages that correct two security flaws are now available
for Red Hat Enterprise Linux 5. Multiple flaws were found in the way
pcre handles certain malformed regular expressions. If an application
linked against pcre, such as Konqueror, parses a malicious regular
expression, it may be possible to run arbitrary code as the user
running the application. This update has been rated as having critical
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130479
* RedHat: Critical: pcre security update (Nov 5)
----------------------------------------------
Updated pcre packages that correct two security flaws are now available
for Red Hat Enterprise Linux 4. Multiple flaws were found in the way
pcre handles certain malformed regular expressions. If an application
linked against pcre, such as Konqueror, parses a malicious regular
expression, it may be possible to run arbitrary code as the user
running the application. This update has been rated as having critical
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130480
* RedHat: Moderate: JBoss Enterprise Application Platform (Nov 5)
---------------------------------------------------------------
Updated JBoss Enterprise Application Platform packages that fix several
security issues and bugs are now available for Red Hat Application
Stack v1 and v2. Tomcat incorrectly treated a single quote character
(') in a cookie value as a delimiter. In some circumstances this lead
to the leaking of information such as session ID to an attacker. This
update has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/130476
* RedHat: Important: kernel security update (Nov 1)
-------------------------------------------------
Updated kernel packages that fix various security issues in the Red Hat
Enterprise Linux 4 kernel are now available. A flaw was found in the
aacraid SCSI driver. This allowed a local user to make ioctl calls to
the driver that should be restricted to privileged users. This update
has been rated as having important security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/130394
--------------------------------------------------------------------------
* Slackware: cups (Nov 2)
-------------------------
CUPS was found to contain errors in ipp.c which could allow a remote
attacker to crash CUPS, resulting in a denial of service. If you use
CUPS, it is recommended to update to the latest package for your
version of Slackware. The latest cups package is available for
Slackware -current, and patched packages are available for Slackware
8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems.
http://www.linuxsecurity.com/content/view/130443
--------------------------------------------------------------------------
* Ubuntu: CUPS vulnerability (Nov 6)
-----------------------------------
Alin Rad Pop discovered that CUPS did not correctly validate buffer
lengths when processing IPP tags. Remote attackers successfully
exploiting this vulnerability would gain access to the non-root CUPS
user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers
would be isolated by the AppArmor CUPS profile.
http://www.linuxsecurity.com/content/view/130498
* Ubuntu: Compiz vulnerability (Nov 2)
-------------------------------------
USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were
incomplete, and only reduced the scope of the vulnerability, without
fully solving it. This update fixes related problems in compiz.
Original advisory details: Jens Askengren discovered that
gnome-screensaver became confused when running under Compiz, and could
lose keyboard lock focus. A local attacker could exploit this to
bypass the user's locked screen saver.
http://www.linuxsecurity.com/content/view/130446
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Nov 11 2007 - 22:13:17 PST