[ISN] Linux Advisory Watch: December 14th, 2007

From: InfoSec News (alerts@private)
Date: Mon Dec 17 2007 - 22:02:02 PST


+------------------------------------------------------------------------+
| LinuxSecurity.com                                    Weekly Newsletter |
| December 14th, 2007                                Volume 8, Number 51 |
|                                                                        |
| Editorial Team:                Dave Wreski <dwreski@private> |
|                         Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for ruby, libnss, htdig, samba, qt,
firefox, wpa_supplicant, openssh-askpass, mysql, e2fsprogs, tomcat, java,
autofs, python, and cairo.  The distributors include Debian, Fedora,
Mandriva, Red Hat, SuSE, and Ubuntu.

---

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Knock, Knock, Knockin' on EnGarde's Door (with FWKNOP)
------------------------------------------------------
Secret knocks have been used for purposes as simple and childish as
identifying friend or foe during a schoolyard fort war.  Fraternities
teach these knocks as a rite of passage into their society, and in our
security world we can implement this layer of security to lock down an
SSH server.

With this guide on FWKNOP by Eckie S. (one of our own), you are taken on
an easy-to-follow process of securing your platform with your own client
and server port knocking set-up.

Installation, iptable Rules setup, configuring access for the client and
server, and everything in between.  Check it out!

http://www.linuxsecurity.com/content/view/131846

---

Master's Student: Social Engineering is not just a definition!
--------------------------------------------------------------
We are happy to announce a new addition to the Linux Security
Contributing Team: Gian G. Spicuzza.  Currently a Graduate Student
pursuing a Masters Degree in Computer Security (MSIA), Gian is a
certified Linux/Unix administrator, the lead developer for the
OSCAR-Backup System (at Sourceforge.com) and has experience in a variety
of CSO, Management and consulting positions.

His first topic is a quick foray into the world and psychology of Social
Engineering:

All the security in the world isn't going to stop one of your employees
or coworkers from giving up information.  Just how easy is it?

http://www.linuxsecurity.com/content/view/131036

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

--------------------------------------------------------------------------

* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.18 (Version 3.0, Release 18). This release includes the
  brand new Health Center, new packages for FWKNP and PSAD, updated
  packages and bug fixes, some feature enhancements to Guardian Digital
  WebTool and the SELinux policy, as well as other new features.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source, and
  has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database
  and e-mail security, integrated intrusion detection and SELinux
  policies and more.

  http://www.linuxsecurity.com/content/view/131851

--------------------------------------------------------------------------

* Debian: New Linux 2.6.18 packages fix several vulnerabilities (Dec 11)
  ----------------------------------------------------------------------
  Eric Sandeen provided a backport of Tejun Heo's fix for a local denial
  of service vulnerability in sysfs. Under memory pressure, a dentry
  structure maybe reclaimed resulting in a bad pointer dereference
  causing     an oops during a readdir.

  http://www.linuxsecurity.com/content/view/132136

* Debian: New ruby-gnome2 packages fix execution of arbitrary code (Dec 11)
  -------------------------------------------------------------------------
  It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby
  language, didn't properly sanitize input prior to constructing dialogs.
  This could allow for the execution of arbitary code if untrusted input
  is displayed within a dialog.

  http://www.linuxsecurity.com/content/view/132133

* Debian: New libnss-ldap packages fix denial of service (Dec 11)
  ---------------------------------------------------------------
  It was reported that a race condition exists in libnss-ldap, an NSS
  module for using LDAP as a naming service, which could cause denial of
  service attacks when applications use pthreads.

  http://www.linuxsecurity.com/content/view/132132

* Debian: New htdig packages fix cross site scripting (Dec 11)
  ------------------------------------------------------------
  Michael Skibbe discovered that htdig, a WWW search system for an
  intranet or small internet, did not adequately quote values submitted
  to the search script, allowing remote attackers to inject arbitrary
  script or HTML into specially crafted links.

  http://www.linuxsecurity.com/content/view/132131

* Debian: New Linux 2.6.18 packages fix several vulnerabilities (Dec 11)
  ----------------------------------------------------------------------
  and remote vulnerabilities have been discovered in the Linux kernel
  that may lead to a denial of service or the execution of arbitrary
  code. Eric Sandeen provided a backport of Tejun Heo's fix for a local
  denial of service vulnerability in sysfs. Under memory pressure, a
  dentry structure maybe reclaimed resulting in a bad pointer dereference
  causing an oops during a readdir.

  http://www.linuxsecurity.com/content/view/132128

* Debian: New samba packages fix arbitrary code execution (Dec 10)
  ----------------------------------------------------------------
  Alin Rad Pop discovered that Samba, a LanManager-like file and printer
  server for Unix, is vulnerable to a buffer overflow in the nmbd code
  which handles GETDC mailslot requests, which might lead to the
  execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/132047

--------------------------------------------------------------------------

* Fedora 7 Update: qt4-theme-quarticurve (Dec 13)
  -----------------------------------------------
  This update fixes Quarticurve to use system icons (rather than builtin
  Qt ones) in Qt 4 dialogs (e.g. QPrintDialog) also in KDE 4 apps.

  http://www.linuxsecurity.com/content/view/132203

--------------------------------------------------------------------------

* Mandriva: Updated Firefox packages fix multiple (Dec 14)
  --------------------------------------------------------
  A number of security vulnerabilities have been discovered and corrected
  in the latest Mozilla Firefox program, version 2.0.0.11. This update
  provides the latest Firefox to correct these issues. As well, it
  provides Firefox 2.0.0.11 for older products.

  http://www.linuxsecurity.com/content/view/132236

* Mandriva: Updated wpa_supplicant package fixes remote (Dec 13)
  --------------------------------------------------------------
  Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0
  allows remote attackers to cause a denial of service (crash) via
  crafted TSF data. Updated package fixes this issue.

  http://www.linuxsecurity.com/content/view/132201

* Mandriva: Updated samba packages fix vulnerability (Dec 11)
  -----------------------------------------------------------
  Alin Rad Pop of Secunia Research discovered a stack buffer overflow in
  how Samba authenticates remote users.  A remote unauthenticated user
  could trigger this flaw to cause the Samba server to crash, or possibly
  execute arbitrary code with the permissions of the Samba server. The
  updated packages have been patched to correct these issues.

  http://www.linuxsecurity.com/content/view/132135

* Mandriva: Updated openssh-askpass-qt package fixes exit (Dec 11)
  ----------------------------------------------------------------
  The QT openssh password asking dialog, provided by openssh-askpass-qt
  package, would always exit with successful status (0), even when the
  user did not press the Ok button. This would, at least, make the
  openssh client always allow sharing a connection when ControlMaster
  option was set to ask. This update fixes the issue.

  http://www.linuxsecurity.com/content/view/132134

* Mandriva: Updated MySQL packages fix multiple (Dec 10)
  ------------------------------------------------------
  A vulnerability in MySQL prior to 5.0.45 did not require priveliges
  such as SELECT for the source table in a CREATE TABLE LIKE statement,
  allowing remote authenticated users to obtain sensitive information
  such as the table structure (CVE-2007-3781).

  http://www.linuxsecurity.com/content/view/132127

* Mandriva: Updated e2fsprogs packages fix vulnerability (Dec 10)
  ---------------------------------------------------------------
  Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained
  multiple integer overflows in memory allocations, based on sizes taken
  directly from filesystem information.  These flaws could result in
  heap-based overflows potentially allowing for the execution of
  arbitrary code.

  http://www.linuxsecurity.com/content/view/132126

* Mandriva: Updated tomcat5 packages fix multiple (Dec 10)
  --------------------------------------------------------
  A number of vulnerabilities were found in Tomcat: A directory traversal
  vulnerability, when using certain proxy modules, allows a remote
  attacker to read arbitrary files via a .. (dot dot) sequence with
  various slash, backslash, or url-encoded backslash characters
  (CVE-2007-0450; affects Mandriva Linux 2007.1 only). Multiple
  cross-site scripting vulnerabilities in certain JSP files allow remote
  attackers to inject arbitrary web script or HTML (CVE-2007-2449).

  http://www.linuxsecurity.com/content/view/132048

--------------------------------------------------------------------------

* RedHat: Moderate: java-1.4.2-bea security update (Dec 12)
  ---------------------------------------------------------
  A buffer overflow in the Java Runtime Environment image handling code
  was found. If an attacker is able to cause a server application to
  process a specially crafted image file, it may be possible to execute
  arbitrary code as the user running the Java Virtual Machine.

  http://www.linuxsecurity.com/content/view/132138

* RedHat: Important: autofs security update (Dec 12)
  --------------------------------------------------
  Updated autofs packages are now available to fix a security flaw for
  Red Hat Enterprise Linux 5.  There was a security issue with the
  default installed configuration of autofs version 5 whereby the entry
  for the "hosts" map did not specify the "nosuid" mount option.  A local
  user with control of a remote nfs server could create a setuid root
  executable within an exported filesystem on the remote nfs server that,
  if mounted using the default hosts map, would allow the user to gain
  root privileges.

  http://www.linuxsecurity.com/content/view/132139

* RedHat: Important: autofs5 security update (Dec 12)
  ---------------------------------------------------
  Updated Red Hat Enterprise Linux 4 Technology Preview autofs5 packages
  are now available to fix a security flaw. There was a security issue
  with the default installed configuration of autofs version 5 whereby
  the entry for the "hosts" map did not specify the "nosuid" mount
  option. A local user with control of a remote nfs server could create a
  setuid root executable within an exported filesystem on the remote nfs
  server that, if mounted using the default hosts map, would allow the
  user to gain root privileges. This update has been rated as having
  important security impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/132140

* RedHat: Critical: samba security update (Dec 10)
  ------------------------------------------------
  Updated samba packages that fix a security issue are now available for
  Red Hat Enterprise Linux 4.5 Extended Update Support.A stack buffer
  overflow flaw was found in the way Samba authenticates remote users. A
  remote unauthenticated user could trigger this flaw to cause the Samba
  server to crash, or execute arbitrary code with the permissions of the
  Samba server. This update has been rated as having critical security
  impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/132043

* RedHat: Moderate: python security update (Dec 10)
  -------------------------------------------------
  Updated python packages that fix several security issues are now
  available for Red Hat Enterprise Linux 3 and 4.An integer overflow flaw
  was discovered in the way Python's pcre module handled certain regular
  expressions. If a Python application used the pcre module to compile
  and execute untrusted regular expressions, it may be possible to cause
  the application to crash, or allow arbitrary code execution with the
  privileges of the Python interpreter. This update has been rated as
  having moderate security impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/132044

* RedHat: Moderate: python security update (Dec 10)
  -------------------------------------------------
  Updated python packages that fix several security issues are now
  available for Red Hat Enterprise Linux 2.1. An integer overflow flaw
  was discovered in the way Python's pcre module handled certain regular
  expressions. If a Python application used the pcre module to compile
  and execute untrusted regular expressions, it may be possible to cause
  the application to crash, or allow arbitrary code execution with the
  privileges of the Python interpreter.  This update has been rated as
  having moderate security impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/132041

* RedHat: Critical: samba security and bug fix update (Dec 10)
  ------------------------------------------------------------
  Updated samba packages that fix a security issue and a bug are now
  available for Red Hat Enterprise Linux. A stack buffer overflow flaw
  was found in the way Samba authenticates remote users. A remote
  unauthenticated user could trigger this flaw to cause the Samba server
  to crash, or execute arbitrary code with the permissions of the Samba
  server.  This update has been rated as having critical security impact
  by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/132042

--------------------------------------------------------------------------

* SuSE: samba (SUSE-SA:2007:068) (Dec 12)
  ---------------------------------------
  The Samba suite is an open-source implementatin of the SMB protocol.
  This update of samba fixes a buffer overflow in function
  send_mailslot() that allows remote attackers to overwrite the stack
  with 0 (via memset(3)) by sending specially crafted SAMLOGON packets.

  http://www.linuxsecurity.com/content/view/132137

--------------------------------------------------------------------------

* Ubuntu:  Cairo regression (Dec 12)
  ----------------------------------
  USN-550-1 fixed vulnerabilities in Cairo.  A bug in font glyph
  rendering was uncovered as a result of the new memory allocation
  routines.  In certain situations, fonts containing characters with no
  width or height would not render any more.  This update fixes the
  problem. We apologize for the inconvenience.

  http://www.linuxsecurity.com/content/view/132198

* Ubuntu:  Cairo regression (Dec 10)
  ----------------------------------
  Peter Valchev discovered that Cairo did not correctly decode PNG image
  data.  By tricking a user or automated system into processing a
  specially crafted  PNG with Cairo, a remote attacker could execute
  arbitrary code with user  privileges.

  http://www.linuxsecurity.com/content/view/132046

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Mon Dec 17 2007 - 22:12:35 PST