+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 16th, 2007 Volume 8, Number 46 | | | | Editorial Team: Dave Wreski <dwreski@private> | | Benjamin D. Thomas <bthomas@private> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for zope-cmfplone, horde3, gallery2, phpmyadmin, glib2, gpdf, xpdf, mono, libpng, cups, flac, pcre, net-snmp, samba, util-linux, openssl, pam, httpd, mailman, tcpdump, xterm, wireshark, ruby, kdegraphics, tetex, php, vmware, poppler, emacs, flac, pidgin, and ImageMagick. The distributors include Debian, Fedora, Mandriva, Red Hat, Slackware, SuSE, Ubuntu, and Forsight. --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Master's Student: Social Engineering is not just a definition! -------------------------------------------------------------- We are happy to announce a new addition to the Linux Security Contributing Team: Gian G. Spicuzza. Currently a Graduate Student pursuing a Masters Degree in Computer Security (MSIA), Gian is a certified Linux/Unix administrator, the lead developer for the OSCAR-Backup System (at Sourceforge.com) and has experience in a variety of CSO, Management and consulting positions. His first topic is a quick foray into the world and psychology of Social Engineering: All the security in the world isn't going to stop one of your employees or coworkers from giving up information. Just how easy is it? <i class="quote"> Craig never worked for Linda's company, nor did he call from IT. Craig was an unethical hacker who just gained unauthorized access to her account. <b>Why? Because a phone call is simple.</b> Read on to see just how easy businesses can be exploited. http://www.linuxsecurity.com/content/view/131036 --- Review: Linux Firewalls ----------------------- Security is at the forefront of everyone's mind and a firewall can be an integral part of your Linux defense. But is Michael's Rash's "Linux Firewalls," the newest release from NoStarchPress, up for the challenge? Eckie S. here at Linuxsecurity.com gives you the low-down on this newest addition to the Linux security resource library and how it's one of the best ways to crack down on attacks to your Linux network. http://www.linuxsecurity.com/content/view/130392 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community v3.0.17 Now Available (Oct 9) ------------------------------------------------------ Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.17 (Version 3.0, Release 17). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce. http://www.linuxsecurity.com/content/view/129961 -------------------------------------------------------------------------- * Debian: New zope-cmfplone packages fix regression (Nov 11) ---------------------------------------------------------- It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies. http://www.linuxsecurity.com/content/view/130773 * Debian: New horde3 packages fix several vulnerabilities (Nov 9) --------------------------------------------------------------- Several remote vulnerabilities have been discovered in the Horde web application framework. Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). http://www.linuxsecurity.com/content/view/130688 * Debian: New zope-cmfplone packages fix arbitrary code (Nov 9) ------------------------------------------------------------- It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies. http://www.linuxsecurity.com/content/view/130687 * Debian: New gallery2 packages fix privilege escalation (Nov 8) -------------------------------------------------------------- Nicklous Roberts discovered that the Reupload module of Gallery 2, a web based photo management application, allowed unauthorized users to edit Gallery's data file. http://www.linuxsecurity.com/content/view/130668 * Debian: New phpmyadmin packages fix cross-site scripting (Nov 8) ---------------------------------------------------------------- Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies, phpMyAdmin allows a remote attacker to inject arbitrary web script or HTML in the context of a logged in user's session (cross site scripting). http://www.linuxsecurity.com/content/view/130667 -------------------------------------------------------------------------- * Fedora 8 Update: glib2-2.14.3-1.fc8 (Nov 8) ------------------------------------------- The latest stable upstream release of GLib includes a new version of PCRE, which fixes several vulnerabilities. http://www.linuxsecurity.com/content/view/130615 -------------------------------------------------------------------------- * Mandriva: Updated gpdf packages fix vulnerabilities (Nov 15) ------------------------------------------------------------ Alin Rad Pop found several flaws in how PDF files are handled in gpdf. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/131037 * Mandriva: Updated xpdf packages fix vulnerabilities (Nov 15) ------------------------------------------------------------ Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/131035 * Mandriva: Updated mono packages fix arbitrary code (Nov 14) ----------------------------------------------------------- IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers. Updated packages fix this issue. http://www.linuxsecurity.com/content/view/130934 * Mandriva: Updated libpng packages fix multiple (Nov 13) ------------------------------------------------------- Multiple vulnerabilities were discovered in libpng: An off-by-one error when handling ICC profile chunks in the png_set_iCCP() function (CVE-2007-5266; only affects Mandriva Linux 2008.0). http://www.linuxsecurity.com/content/view/130927 * Mandriva: Updated kernel packages fix multiple (Nov 13) ------------------------------------------------------- Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions (CVE-2007-2172). http://www.linuxsecurity.com/content/view/130924 * Mandriva: Updated cups packages fix vulnerability (Nov 12) ---------------------------------------------------------- Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags. http://www.linuxsecurity.com/content/view/130816 * Mandriva: Updated openldap packages fix vulnerability (Nov 8) ------------------------------------------------------------- A flaw in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes was discovered. A local or remote attacker could create an LDAP request that could cause a denial of service by crashing slapd. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130670 * Mandriva: Updated flac packages fix vulnerability (Nov 8) --------------------------------------------------------- A security vulnerability was discovered in how flac processed audio data. An attacker could create a carefully crafted FLAC audio file that could cause an application linked against the flac libraries to crash or execute arbitrary code when opened. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130669 * Mandriva: Updated pcre packages fix vulnerability (Nov 8) --------------------------------------------------------- Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130666 * Mandriva: Updated pcre packages fix vulnerability (Nov 8) --------------------------------------------------------- Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130665 * Mandriva: Updated pcre packages fix vulnerability (Nov 8) --------------------------------------------------------- Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130664 -------------------------------------------------------------------------- * RedHat: Moderate: net-snmp security update (Nov 15) --------------------------------------------------- Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. http://www.linuxsecurity.com/content/view/131031 * RedHat: Critical: samba security update (Nov 15) ------------------------------------------------ Updated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in the way Samba creates NetBIOS replies. If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131028 * RedHat: Critical: samba security update (Nov 15) ------------------------------------------------ Updated samba packages that fix security issues are now available for Red Hat Enterprise Linux 5. A buffer overflow flaw was found in the way Samba creates NetBIOS replies. If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131029 * RedHat: Moderate: openldap security and enhancement (Nov 15) ------------------------------------------------------------ Updated openldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. An authenticated local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131030 * RedHat: Moderate: util-linux security update (Nov 15) ----------------------------------------------------- Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131026 * RedHat: Critical: samba security update (Nov 15) ------------------------------------------------ Updated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. A buffer overflow flaw was found in the way Samba creates NetBIOS replies.If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131027 * RedHat: Moderate: openssl security and bug fix update (Nov 15) -------------------------------------------------------------- Updated OpenSSL packages that correct a security issue and various bugs are now available for Red Hat Enterprise Linux 4. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer by a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131023 * RedHat: Moderate: pam security, bug fix, (Nov 15) ------------------------------------------------- Updated pam packages that fix two security flaws, resolve two bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131020 * RedHat: Moderate: httpd security, bug fix, (Nov 15) --------------------------------------------------- Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131021 * RedHat: Low: mailman security and bug fix update (Nov 15) --------------------------------------------------------- Updated mailman packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 4. A flaw was found in Mailman. A remote attacker could spoof messages in the error log, and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequence in the URI. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131022 * RedHat: Moderate: tcpdump security and bug fix update (Nov 15) -------------------------------------------------------------- Updated tcpdump packages that fix a security issue and functionality bugs are now available. Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11 processing code. An attacker could inject a carefully crafted frame onto the IEEE 802.11 network that could crash a running tcpdump session if a certain link type was explicitly specified. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131016 * RedHat: Low: xterm security update (Nov 15) ------------------------------------------- An updated xterm package that corrects a security issue is now available for Red Hat Enterprise Linux 4. A bug was found in the way xterm packages were built that caused the pseudo-terminal device files of the xterm emulated terminals to be owned by the incorrect group. This flaw did not affect Red Hat Enterprise Linux 4 Update 4 and earlier. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131017 * RedHat: Moderate: openssh security and bug fix update (Nov 15) -------------------------------------------------------------- Updated openssh packages that fix two security issues and various bugs are now available. A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131018 * RedHat: Low: wireshark security and bug fix update (Nov 15) ----------------------------------------------------------- New Wireshark packages that fix various security vulnerabilities and functionality bugs are now available for Red Hat Enterprise Linux 4. Wireshark was previously known as Ethereal. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/131019 * RedHat: Important: pcre security update (Nov 15) ------------------------------------------------ Further analysis of these flaws in PCRE has led to the single CVE identifier CVE-2006-7224 being split into three separate identifiers and a re-analysis of the risk of each of the flaws. We are therefore updating the text of this advisory to use the correct CVE names for the two flaws fixed by these erratum packages, and downgrading the security impact of this advisory from critical to important. No changes have been made to the packages themselves. http://www.linuxsecurity.com/content/view/131013 * RedHat: Moderate: ruby security update (Nov 13) ----------------------------------------------- Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130922 * RedHat: Moderate: ruby security update (Nov 13) ----------------------------------------------- Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 5. An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130923 * RedHat: Important: kdegraphics security update (Nov 12) ------------------------------------------------------- Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130774 * RedHat: Important: kdegraphics security update (Nov 12) ------------------------------------------------------- Updated kdegraphics packages that fix a security issue are now available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130775 * RedHat: Critical: pcre security update (Nov 9) ---------------------------------------------- Updated pcre packages that correct security issues are now available for Red Hat Enterprise Linux 4 and 5. Flaws were found in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130755 * RedHat: Important: openldap security and enhancement (Nov 8) ------------------------------------------------------------ Updated openldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 5. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. A local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130653 * RedHat: Important: tetex security update (Nov 8) ------------------------------------------------ Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130639 -------------------------------------------------------------------------- * Slackware: xpdf/poppler/koffice/kdegraphics (Nov 12) ------------------------------------------------------ These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. http://www.linuxsecurity.com/content/view/130776 * Slackware: php for Slackware 11.0 reissued (Nov 11) ----------------------------------------------------- The security/bug fix update for Slackware 11.0 has been reissued to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this out. Sorry for any inconvenience. http://www.linuxsecurity.com/content/view/130772 * Slackware: php (Nov 10) ------------------------- New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, 12.0, and -current to fix security and other bugs. Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 (being in the /testing directory), and was not the default version of PHP for Slackware 11.0 (being in the /extra directory), but updates are being provided anyway. http://www.linuxsecurity.com/content/view/130771 -------------------------------------------------------------------------- * SuSE: xpdf and more (SUSE-SA:2007:060) (Nov 14) ----------------------------------------------- Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream::readProgressiveDataUnit() and is tracked by CVE-2007-4352. Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap, CVE-2007-5392. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream, CVE-2007-5393. http://www.linuxsecurity.com/content/view/130931 -------------------------------------------------------------------------- * Ubuntu: VMWare vulnerabilities (Nov 15) ---------------------------------------- Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges. http://www.linuxsecurity.com/content/view/131038 * Ubuntu: poppler vulnerabilities (Nov 14) ----------------------------------------- Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler. http://www.linuxsecurity.com/content/view/130929 * Ubuntu: Emacs vulnerability (Nov 13) ------------------------------------- Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges. http://www.linuxsecurity.com/content/view/130928 * Ubuntu: flac vulnerability (Nov 13) ------------------------------------ Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac. http://www.linuxsecurity.com/content/view/130926 -------------------------------------------------------------------------- * Foresight: perl (Nov 12) ------------------------ Previous versions of the perl package contain a buffer overflow in the regular expression parsing code which could allow an attacker to execute arbitrary code via a program which uses perl to parse untrusted input as a regular expression. http://www.linuxsecurity.com/content/view/130814 * Foresight: pidgin (Nov 12) -------------------------- Previous versions of pidgin are vulnerable to a denial-of-service when pidgin has been configured to use HTML logging. Logging is not enabled by default, so the default install of Foresight Linux is not vulnerable to this issue. http://www.linuxsecurity.com/content/view/130812 * Foresight: ImageMagick (Nov 12) ------------------------------- Previous versions of the ImageMagick package are vulnerable to multiple attacks whereby an attacker might be able to execute arbitrary code by coercing the user into opening specially-crafted files with ImageMagick. http://www.linuxsecurity.com/content/view/130811 * Foresight: libpng (Nov 12) -------------------------- Previous versions of the libpng package can cause applications to crash when loading malformed PNG files. It is not currently known that this vulnerability can be exploited to execute malicious code. http://www.linuxsecurity.com/content/view/130810 * Foresight: pcre (Nov 12) ------------------------ Previous versions of the pcre package contain multiple vulnerabilities which may allow an attacker to execute arbitrary code. The pcre library and utilities are not known to be exposed via any privileged or remote interfaces within Foresight Linux by default, but many applications linked to the pcre library are routinely exposed to untrusted data. http://www.linuxsecurity.com/content/view/130809 * Foresight: perl (Nov 12) ------------------------ Previous versions of the perl package contain weaknesses when evaluating regular expressions. If a system is serving a perl-based web application that evaluates remote input as a regular expression, an attacker may be be able to exploit these weaknesses to execute arbitrary, attacker-provided code on the system, potentially elevating this to a remote, deterministic unauthorized access vulnerability. http://www.linuxsecurity.com/content/view/130808 * Foresight: ruby (Nov 12) ------------------------ Previous versions of the ruby package include a library, Net::HTTPS, which does not properly verify the CN (common name) field in ssl certificates, making it easier to perform a man-in-the-middle attack. It is believed that Foresight Linux does not include any programs which rely on this feature of the Net::HTTPS library, and so is not affected by default. http://www.linuxsecurity.com/content/view/130813 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Nov 18 2007 - 23:28:03 PST