+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| November 16th, 2007 Volume 8, Number 46 |
| |
| Editorial Team: Dave Wreski <dwreski@private> |
| Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for zope-cmfplone, horde3, gallery2,
phpmyadmin, glib2, gpdf, xpdf, mono, libpng, cups, flac, pcre, net-snmp,
samba, util-linux, openssl, pam, httpd, mailman, tcpdump, xterm,
wireshark, ruby, kdegraphics, tetex, php, vmware, poppler, emacs, flac,
pidgin, and ImageMagick. The distributors include Debian, Fedora,
Mandriva, Red Hat, Slackware, SuSE, Ubuntu, and Forsight.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Master's Student: Social Engineering is not just a definition!
--------------------------------------------------------------
We are happy to announce a new addition to the Linux Security
Contributing Team: Gian G. Spicuzza. Currently a Graduate Student
pursuing a Masters Degree in Computer Security (MSIA), Gian is a
certified Linux/Unix administrator, the lead developer for the
OSCAR-Backup System (at Sourceforge.com) and has experience in a variety
of CSO, Management and consulting positions.
His first topic is a quick foray into the world and psychology of Social
Engineering:
All the security in the world isn't going to stop one of your employees
or coworkers from giving up information. Just how easy is it?
<i class="quote"> Craig never worked for Linda's company, nor did he call
from IT. Craig was an unethical hacker who just gained unauthorized
access to her account. <b>Why? Because a phone call is simple.</b>
Read on to see just how easy businesses can be exploited.
http://www.linuxsecurity.com/content/view/131036
---
Review: Linux Firewalls
-----------------------
Security is at the forefront of everyone's mind and a firewall can be an
integral part of your Linux defense. But is Michael's Rash's "Linux
Firewalls," the newest release from NoStarchPress, up for the challenge?
Eckie S. here at Linuxsecurity.com gives you the low-down on this newest
addition to the Linux security resource library and how it's one of the
best ways to crack down on attacks to your Linux network.
http://www.linuxsecurity.com/content/view/130392
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.17 Now Available (Oct 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.17 (Version 3.0, Release 17). This release includes many
updated packages and bug fixes, some feature enhancements to Guardian
Digital WebTool and the SELinux policy, and a few new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database,
e-mail security and even e-commerce.
http://www.linuxsecurity.com/content/view/129961
--------------------------------------------------------------------------
* Debian: New zope-cmfplone packages fix regression (Nov 11)
----------------------------------------------------------
It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
http://www.linuxsecurity.com/content/view/130773
* Debian: New horde3 packages fix several vulnerabilities (Nov 9)
---------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Horde web
application framework. Moritz Naumann discovered that Horde allows
remote attackers to inject arbitrary web script or HTML in the
context of a logged in user (cross site scripting).
http://www.linuxsecurity.com/content/view/130688
* Debian: New zope-cmfplone packages fix arbitrary code (Nov 9)
-------------------------------------------------------------
It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
http://www.linuxsecurity.com/content/view/130687
* Debian: New gallery2 packages fix privilege escalation (Nov 8)
--------------------------------------------------------------
Nicklous Roberts discovered that the Reupload module of Gallery 2, a
web based photo management application, allowed unauthorized users to
edit Gallery's data file.
http://www.linuxsecurity.com/content/view/130668
* Debian: New phpmyadmin packages fix cross-site scripting (Nov 8)
----------------------------------------------------------------
Omer Singer of the DigiTrust Group discovered several vulnerabilities
in phpMyAdmin, an application to administrate MySQL over the WWW. The
Common Vulnerabilities and Exposures project identifies, phpMyAdmin
allows a remote attacker to inject arbitrary web script or HTML in the
context of a logged in user's session (cross site scripting).
http://www.linuxsecurity.com/content/view/130667
--------------------------------------------------------------------------
* Fedora 8 Update: glib2-2.14.3-1.fc8 (Nov 8)
-------------------------------------------
The latest stable upstream release of GLib includes a new version of
PCRE, which fixes several vulnerabilities.
http://www.linuxsecurity.com/content/view/130615
--------------------------------------------------------------------------
* Mandriva: Updated gpdf packages fix vulnerabilities (Nov 15)
------------------------------------------------------------
Alin Rad Pop found several flaws in how PDF files are handled in gpdf.
An attacker could create a malicious PDF file that would cause gpdf to
crash or potentially execute arbitrary code when opened. The updated
packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/131037
* Mandriva: Updated xpdf packages fix vulnerabilities (Nov 15)
------------------------------------------------------------
Alin Rad Pop found several flaws in how PDF files are handled in xpdf.
An attacker could create a malicious PDF file that would cause xpdf to
crash or potentially execute arbitrary code when opened. The updated
packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/131035
* Mandriva: Updated mono packages fix arbitrary code (Nov 14)
-----------------------------------------------------------
IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in
Mono 1.2.5.1 and previous versions, which allows arbitrary code
execution by context-dependent attackers. Updated packages fix this
issue.
http://www.linuxsecurity.com/content/view/130934
* Mandriva: Updated libpng packages fix multiple (Nov 13)
-------------------------------------------------------
Multiple vulnerabilities were discovered in libpng: An off-by-one error
when handling ICC profile chunks in the png_set_iCCP() function
(CVE-2007-5266; only affects Mandriva Linux 2008.0).
http://www.linuxsecurity.com/content/view/130927
* Mandriva: Updated kernel packages fix multiple (Nov 13)
-------------------------------------------------------
Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel: A typo in the Linux kernel caused RTA_MAX to be used as an
array size instead of RTN_MAX, which lead to an out of bounds access by
certain functions (CVE-2007-2172).
http://www.linuxsecurity.com/content/view/130924
* Mandriva: Updated cups packages fix vulnerability (Nov 12)
----------------------------------------------------------
Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS
that can be exploited by malicious individuals to execute arbitrary
code. This flaw is due to a boundary error when processing IPP
(Internet Printing Protocol) tags.
http://www.linuxsecurity.com/content/view/130816
* Mandriva: Updated openldap packages fix vulnerability (Nov 8)
-------------------------------------------------------------
A flaw in the way OpenLDAP's slapd daemon handled malformed
objectClasses LDAP attributes was discovered. A local or remote
attacker could create an LDAP request that could cause a denial of
service by crashing slapd. Updated packages have been patched to
prevent this issue.
http://www.linuxsecurity.com/content/view/130670
* Mandriva: Updated flac packages fix vulnerability (Nov 8)
---------------------------------------------------------
A security vulnerability was discovered in how flac processed audio
data. An attacker could create a carefully crafted FLAC audio file
that could cause an application linked against the flac libraries to
crash or execute arbitrary code when opened. Updated packages have been
patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130669
* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
---------------------------------------------------------
Multiple vulnerabilities were discovered by Tavis Ormandy and Will
Drewry in the way that pcre handled certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application. Updated packages
have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130666
* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
---------------------------------------------------------
Multiple vulnerabilities were discovered by Tavis Ormandy and Will
Drewry in the way that pcre handled certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application. Updated packages
have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130665
* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
---------------------------------------------------------
Multiple vulnerabilities were discovered by Tavis Ormandy and Will
Drewry in the way that pcre handled certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application. Updated packages
have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130664
--------------------------------------------------------------------------
* RedHat: Moderate: net-snmp security update (Nov 15)
---------------------------------------------------
Updated net-snmp packages that fix a security issue are now available
for Red Hat Enterprise Linux 3, 4, and 5. A flaw was discovered in the
way net-snmp handled certain requests. A remote attacker who can
connect to the snmpd UDP port (161 by default) could send a malicious
packet causing snmpd to crash, resulting in a denial of service.
http://www.linuxsecurity.com/content/view/131031
* RedHat: Critical: samba security update (Nov 15)
------------------------------------------------
Updated samba packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. A buffer overflow flaw was
found in the way Samba creates NetBIOS replies. If a Samba server is
configured to run as a WINS server, a remote unauthenticated user could
cause the Samba server to crash or execute arbitrary code. This update
has been rated as having critical security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/131028
* RedHat: Critical: samba security update (Nov 15)
------------------------------------------------
Updated samba packages that fix security issues are now available for
Red Hat Enterprise Linux 5. A buffer overflow flaw was found in the
way Samba creates NetBIOS replies. If a Samba server is configured to
run as a WINS server, a remote unauthenticated user could cause the
Samba server to crash or execute arbitrary code. This update has been
rated as having critical security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/131029
* RedHat: Moderate: openldap security and enhancement (Nov 15)
------------------------------------------------------------
Updated openldap packages that fix a security flaw are now available
for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP's
slapd daemon handled malformed objectClasses LDAP attributes. An
authenticated local or remote attacker could create an LDAP request
which could cause a denial of service by crashing slapd. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/131030
* RedHat: Moderate: util-linux security update (Nov 15)
-----------------------------------------------------
Updated util-linux packages that fix a security issue are now available
for Red Hat Enterprise Linux 3, 4, and 5. A flaw was discovered in the
way that the mount and umount utilities used the setuid and setgid
functions, which could lead to privileges being dropped improperly. A
local user could use this flaw to run mount helper applications such
as, mount.nfs, with additional privileges. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/131026
* RedHat: Critical: samba security update (Nov 15)
------------------------------------------------
Updated samba packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1 and 3. A buffer overflow
flaw was found in the way Samba creates NetBIOS replies.If a Samba
server is configured to run as a WINS server, a remote unauthenticated
user could cause the Samba server to crash or execute arbitrary code.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131027
* RedHat: Moderate: openssl security and bug fix update (Nov 15)
--------------------------------------------------------------
Updated OpenSSL packages that correct a security issue and various bugs
are now available for Red Hat Enterprise Linux 4. A flaw was found in
the SSL_get_shared_ciphers() utility function. An attacker could send a
list of ciphers to an application that used this function and overrun a
buffer by a single byte (CVE-2007-5135). Few applications make use of
this vulnerable function and generally it is used only when
applications are compiled for debugging. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131023
* RedHat: Moderate: pam security, bug fix, (Nov 15)
-------------------------------------------------
Updated pam packages that fix two security flaws, resolve two bugs, and
add an enhancement are now available for Red Hat Enterprise Linux 4. A
flaw was found in the way pam_console set console device permissions.
It was possible for various console devices to retain ownership of the
console user after logging out, possibly leaking information to another
local user. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131020
* RedHat: Moderate: httpd security, bug fix, (Nov 15)
---------------------------------------------------
Updated httpd packages that fix a security issue, various bugs, and add
enhancements are now available for Red Hat Enterprise Linux 4. A flaw
was found in the Apache HTTP Server mod_proxy module. On sites where a
reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an
attacker could cause a similar crash if a user could be persuaded to
visit a malicious site using the proxy. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131021
* RedHat: Low: mailman security and bug fix update (Nov 15)
---------------------------------------------------------
Updated mailman packages that fix a security issue and various bugs are
now available for Red Hat Enterprise Linux 4. A flaw was found in
Mailman. A remote attacker could spoof messages in the error log, and
possibly trick the administrator into visiting malicious URLs via a
carriage return/line feed sequence in the URI. This update has been
rated as having low security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/131022
* RedHat: Moderate: tcpdump security and bug fix update (Nov 15)
--------------------------------------------------------------
Updated tcpdump packages that fix a security issue and functionality
bugs are now available. Moritz Jodeit discovered a denial of service
bug in the tcpdump IEEE 802.11 processing code. An attacker could
inject a carefully crafted frame onto the IEEE 802.11 network that
could crash a running tcpdump session if a certain link type was
explicitly specified. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131016
* RedHat: Low: xterm security update (Nov 15)
-------------------------------------------
An updated xterm package that corrects a security issue is now
available for Red Hat Enterprise Linux 4. A bug was found in the way
xterm packages were built that caused the pseudo-terminal device files
of the xterm emulated terminals to be owned by the incorrect group.
This flaw did not affect Red Hat Enterprise Linux 4 Update 4 and
earlier. This update has been rated as having low security impact by
the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131017
* RedHat: Moderate: openssh security and bug fix update (Nov 15)
--------------------------------------------------------------
Updated openssh packages that fix two security issues and various bugs
are now available. A flaw was found in the way the ssh server wrote
account names to the audit subsystem. An attacker could inject strings
containing parts of audit messages which could possibly mislead or
confuse audit log parsing tools. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/131018
* RedHat: Low: wireshark security and bug fix update (Nov 15)
-----------------------------------------------------------
New Wireshark packages that fix various security vulnerabilities and
functionality bugs are now available for Red Hat Enterprise Linux 4.
Wireshark was previously known as Ethereal. Several denial of service
bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP
and BOOTP protocol dissectors. It was possible for Wireshark to crash
or stop responding if it read a malformed packet off the network. This
update has been rated as having low security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/131019
* RedHat: Important: pcre security update (Nov 15)
------------------------------------------------
Further analysis of these flaws in PCRE has led to the single CVE
identifier CVE-2006-7224 being split into three separate identifiers
and a re-analysis of the risk of each of the flaws. We are therefore
updating the text of this advisory to use the correct CVE names for the
two flaws fixed by these erratum packages, and downgrading the security
impact of this advisory from critical to important. No changes have
been made to the packages themselves.
http://www.linuxsecurity.com/content/view/131013
* RedHat: Moderate: ruby security update (Nov 13)
-----------------------------------------------
Updated ruby packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. A flaw was discovered in the
way Ruby's CGI module handles certain HTTP requests. If a remote
attacker sends a specially crafted request, it is possible to cause the
ruby CGI script to enter an infinite loop, possibly causing a denial of
service. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130922
* RedHat: Moderate: ruby security update (Nov 13)
-----------------------------------------------
Updated ruby packages that fix several security issues are now
available for Red Hat Enterprise Linux 5. An SSL certificate validation
flaw was discovered in several Ruby Net modules. The libraries were not
checking the requested host name against the common name (CN) in the
SSL server certificate, possibly allowing a man in the middle attack.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130923
* RedHat: Important: kdegraphics security update (Nov 12)
-------------------------------------------------------
Updated kdegraphics packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered
several flaws in the handling of PDF files. An attacker could create a
malicious PDF file that would cause kpdf to crash, or potentially
execute arbitrary code when opened. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130774
* RedHat: Important: kdegraphics security update (Nov 12)
-------------------------------------------------------
Updated kdegraphics packages that fix a security issue are now
available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered a
flaw in the handling of PDF files. An attacker could create a malicious
PDF file that would cause kpdf to crash, or potentially execute
arbitrary code when opened. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130775
* RedHat: Critical: pcre security update (Nov 9)
----------------------------------------------
Updated pcre packages that correct security issues are now available
for Red Hat Enterprise Linux 4 and 5. Flaws were found in the way PCRE
handles certain malformed regular expressions. If an application linked
against PCRE, such as Konqueror, parses a malicious regular expression,
it may be possible to run arbitrary code as the user running the
application. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130755
* RedHat: Important: openldap security and enhancement (Nov 8)
------------------------------------------------------------
Updated openldap packages that fix a security flaw are now available
for Red Hat Enterprise Linux 5. A flaw was found in the way OpenLDAP's
slapd daemon handled malformed objectClasses LDAP attributes. A local
or remote attacker could create an LDAP request which could cause a
denial of service by crashing slapd. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130653
* RedHat: Important: tetex security update (Nov 8)
------------------------------------------------
Updated tetex packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5. Alin Rad Pop
discovered several flaws in the handling of PDF files. An attacker
could create a malicious PDF file that would cause TeTeX to crash or
potentially execute arbitrary code when opened. This update has been
rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/130639
--------------------------------------------------------------------------
* Slackware: xpdf/poppler/koffice/kdegraphics (Nov 12)
------------------------------------------------------
These updated packages address similar bugs which could be used to
crash applications linked with poppler or that use code from xpdf
through the use of a malformed PDF document. It is possible that a
maliciously crafted document could cause code to be executed in the
context of the user running the application processing the PDF.
http://www.linuxsecurity.com/content/view/130776
* Slackware: php for Slackware 11.0 reissued (Nov 11)
-----------------------------------------------------
The security/bug fix update for Slackware 11.0 has been reissued to fix
a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this
out. Sorry for any inconvenience.
http://www.linuxsecurity.com/content/view/130772
* Slackware: php (Nov 10)
-------------------------
New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, 12.0,
and -current to fix security and other bugs. Note that PHP5 was not
officially supported in Slackware 10.1 or 10.2 (being in the /testing
directory), and was not the default version of PHP for Slackware 11.0
(being in the /extra directory), but updates are being provided anyway.
http://www.linuxsecurity.com/content/view/130771
--------------------------------------------------------------------------
* SuSE: xpdf and more (SUSE-SA:2007:060) (Nov 14)
-----------------------------------------------
Secunia Research reported three security bugs in xpdf. The first
problem occurs while indexing an array in
DCTStream::readProgressiveDataUnit() and is tracked by CVE-2007-4352.
Another method in the same class named reset() is vulnerable to an
integer overflow which leads to an overflow on the heap, CVE-2007-5392.
The last bug also causes an overflow on the heap but this time in
method lookChar() of class CCITTFaxStream, CVE-2007-5393.
http://www.linuxsecurity.com/content/view/130931
--------------------------------------------------------------------------
* Ubuntu: VMWare vulnerabilities (Nov 15)
----------------------------------------
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
http://www.linuxsecurity.com/content/view/131038
* Ubuntu: poppler vulnerabilities (Nov 14)
-----------------------------------------
Secunia Research discovered several vulnerabilities in poppler. If a
user were tricked into loading a specially crafted PDF file, a remote
attacker could cause a denial of service or possibly execute arbitrary
code with the user's privileges in applications linked against poppler.
http://www.linuxsecurity.com/content/view/130929
* Ubuntu: Emacs vulnerability (Nov 13)
-------------------------------------
Drake Wilson discovered that Emacs did not correctly handle the safe
mode of "enable-local-variables". If a user were tricked into opening a
specially crafted file while "enable-local-variables" was set to the
non-default ":safe", a remote attacker could execute arbitrary commands
with the user's privileges.
http://www.linuxsecurity.com/content/view/130928
* Ubuntu: flac vulnerability (Nov 13)
------------------------------------
Sean de Regge discovered that flac did not properly perform bounds
checking in many situations. An attacker could send a specially crafted
FLAC audio file and execute arbitrary code as the user or cause a
denial of service in flac or applications that link against flac.
http://www.linuxsecurity.com/content/view/130926
--------------------------------------------------------------------------
* Foresight: perl (Nov 12)
------------------------
Previous versions of the perl package contain a buffer overflow in the
regular expression parsing code which could allow an attacker to
execute arbitrary code via a program which uses perl to parse
untrusted input as a regular expression.
http://www.linuxsecurity.com/content/view/130814
* Foresight: pidgin (Nov 12)
--------------------------
Previous versions of pidgin are vulnerable to a denial-of-service when
pidgin has been configured to use HTML logging. Logging is not
enabled by default, so the default install of Foresight Linux is not
vulnerable to this issue.
http://www.linuxsecurity.com/content/view/130812
* Foresight: ImageMagick (Nov 12)
-------------------------------
Previous versions of the ImageMagick package are vulnerable to multiple
attacks whereby an attacker might be able to execute arbitrary code
by coercing the user into opening specially-crafted files with
ImageMagick.
http://www.linuxsecurity.com/content/view/130811
* Foresight: libpng (Nov 12)
--------------------------
Previous versions of the libpng package can cause applications to
crash when loading malformed PNG files. It is not currently known
that this vulnerability can be exploited to execute malicious code.
http://www.linuxsecurity.com/content/view/130810
* Foresight: pcre (Nov 12)
------------------------
Previous versions of the pcre package contain multiple vulnerabilities
which may allow an attacker to execute arbitrary code.
The pcre library and utilities are not known to be exposed via any
privileged or remote interfaces within Foresight Linux by default, but
many applications linked to the pcre library are routinely exposed
to untrusted data.
http://www.linuxsecurity.com/content/view/130809
* Foresight: perl (Nov 12)
------------------------
Previous versions of the perl package contain weaknesses when
evaluating regular expressions.
If a system is serving a perl-based web application that evaluates
remote input as a regular expression, an attacker may be be able to
exploit these weaknesses to execute arbitrary, attacker-provided code
on the system, potentially elevating this to a remote, deterministic
unauthorized access vulnerability.
http://www.linuxsecurity.com/content/view/130808
* Foresight: ruby (Nov 12)
------------------------
Previous versions of the ruby package include a library, Net::HTTPS,
which does not properly verify the CN (common name) field in ssl
certificates, making it easier to perform a man-in-the-middle
attack.
It is believed that Foresight Linux does not include any programs
which rely on this feature of the Net::HTTPS library, and so is not
affected by default.
http://www.linuxsecurity.com/content/view/130813
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Nov 18 2007 - 23:28:03 PST