+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 21st, 2007 Volume 8, Number 51 |
| |
| Editorial Team: Dave Wreski <dwreski@private> |
| Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for clamav, mydns, centericq,
link-grammar, mock, qt, cups, e2fprogs, firefox, wpa_supplicant, autofs,
libexif, mysql, thunderbird, squid, and samba. The distributors include
Debain, Fedora, Gentoo, Mandriva, Red Hat, and Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Master's Student: A Quick and Dirty Guide To Kernel Hardening with GrSecurity
-----------------------------------------------------------------------------
Our resident Master's student Gian Spicuzza chimes in this month with a
great feature HowTo on Kernel Hardening! There are a number of ways to
lock down a system, and RBAC (role based access control) is one of them.
Read on to learn more about what makes RBAC so useful, and to read one of
the best overviews on Low/Medium/High Security... The combination of
the Linux kernel and GNU packages has always been regarded as a secure
operating system, but can it be more secure? Kernel hardening is the
answer to tightening up the Linux backbone. GrSecurity, a kernel patch
for Linux, is one of the more popular approaches...
One of the most significant feature is the addition of a role-based
access control system (RBAC) that monitors what each user can execute
based on their role and denies execution if they overstep their
pre-defined rules.
http://www.linuxsecurity.com/content/view/132385
---
Creating Snort Rules with EnGarde
---------------------------------
There are already tons of written Snort rules, but there just might be a
time where you need to write one yourself. You can think of writing
Snort rules as writing a program. They can include variables, keywords
and functions. Why do we need to write rules? The reason is, without
rules Snort will never detect someone trying to hack your machine. This
HOWTO will give you confidence to write your own rules.
http://www.linuxsecurity.com/content/view/132365
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.18 (Version 3.0, Release 18). This release includes the
brand new Health Center, new packages for FWKNP and PSAD, updated
packages and bug fixes, some feature enhancements to Guardian Digital
WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database
and e-mail security, integrated intrusion detection and SELinux
policies and more.
http://www.linuxsecurity.com/content/view/131851
--------------------------------------------------------------------------
* Debian: New Linux 2.6.18 packages fix several vulnerabilities (Dec 20)
----------------------------------------------------------------------
LMH reported an issue in the minix filesystem that allows local users
with mount privileges to create a DoS (printk flood) by mounting a
specially crafted corrupt filesystem.
http://www.linuxsecurity.com/content/view/132499
* Debian: New clamav packages fix several vulnerabilities (Dec 19)
----------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Clam
anti-virus toolkit.It was discovered that an integer overflow in the
decompression code for MEW archives may lead to the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/132381
* Debian: New mydns packages fix denial of service (Dec 16)
---------------------------------------------------------
It was discovered that in MyDNS, a domain name server with database
backend, the daemon could be crashed through malicious remote update
requests, which may lead to denial of service.
http://www.linuxsecurity.com/content/view/132355
* Debian: New centericq packages fix execution of code (Dec 16)
-------------------------------------------------------------
Several remote vulnerabilities have been discovered in centericq, a
text-mode multi-protocol instant messenger client, which could allow
remote attackers to execute arbitary code due to insufficient
bounds-testing.
http://www.linuxsecurity.com/content/view/132354
* Debian: New link-grammar packages fix execution of code (Dec 16)
----------------------------------------------------------------
Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's
link grammar parser for English, performed insufficient validation
within its tokenizer, which could allow a malicious input file to
execute arbitrary code.
http://www.linuxsecurity.com/content/view/132353
--------------------------------------------------------------------------
* Fedora 7 Update: mock-0.8.18-1.fc7 (Dec 20)
-------------------------------------------
-- add --update -- fix --shell
http://www.linuxsecurity.com/content/view/132389
* Fedora 7 Update: qt4-theme-quarticurve (Dec 13)
-----------------------------------------------
This update fixes Quarticurve to use system icons (rather than builtin
Qt ones) in Qt 4 dialogs (e.g. QPrintDialog) also in KDE 4 apps.
http://www.linuxsecurity.com/content/view/132203
--------------------------------------------------------------------------
* Gentoo: CUPS Multiple vulnerabilities (Dec 18)
----------------------------------------------
Multiple vulnerabilities have been discovered in CUPS, allowing for the
remote execution of arbitrary code and a Denial of Service.
http://www.linuxsecurity.com/content/view/132372
* Gentoo: E2fsprogs Multiple buffer overflows (Dec 18)
----------------------------------------------------
Multiple heap-based buffer overflows in E2fsprogs could result in the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/132370
--------------------------------------------------------------------------
* Mandriva: Updated Firefox packages fix multiple (Dec 14)
--------------------------------------------------------
A number of security vulnerabilities have been discovered and corrected
in the latest Mozilla Firefox program, version 2.0.0.11. This update
provides the latest Firefox to correct these issues. As well, it
provides Firefox 2.0.0.11 for older products.
http://www.linuxsecurity.com/content/view/132236
* Mandriva: Updated wpa_supplicant package fixes remote (Dec 13)
--------------------------------------------------------------
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0
allows remote attackers to cause a denial of service (crash) via
crafted TSF data. Updated package fixes this issue.
http://www.linuxsecurity.com/content/view/132201
--------------------------------------------------------------------------
* RedHat: Important: autofs security update (Dec 20)
--------------------------------------------------
Updated autofs packages that fix a security issue are now available for
Red Hat Enterprise Linux 5. A local user with control of a remote NFS
server could create special device files on the remote file system,
that if mounted using the default "-hosts" map, could allow the user to
access important system devices This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132386
* RedHat: Important: autofs5 security update (Dec 20)
---------------------------------------------------
Updated autofs5 technology preview packages that fix a security issue
are now available for Red Hat Enterprise Linux 4.T A local user with
control of a remote NFS server could create special device files on the
remote file system, that if mounted using the default "-hosts" map,
could allow the user to access important system devices This update has
been rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/132387
* RedHat: Important: kernel security and bug fix update (Dec 19)
--------------------------------------------------------------
Updated kernel packages that fix various security issues and several
bugs in the Red Hat Enterprise Linux 4 kernel are now available.A flaw
was found in the handling of IEEE 802.11 frames, which affected several
wireless LAN modules. In certain situations, a remote attacker could
trigger this flaw by sending a malicious packet over a wireless
network, causing a denial of service (kernel crash). This update has
been rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/132382
* RedHat: Moderate: libexif security update (Dec 19)
--------------------------------------------------
Updated libexif packages that fix a security issue are now available
for Red Hat Enterprise Linux 4. The libexif packages contain the Exif
library. Exif is an image file format specification that enables
metadata tags to be added to existing JPEG, TIFF and RIFF files. The
Exif library makes it possible to parse an Exif file and read this
metadata. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132378
* RedHat: Important: mysql security update (Dec 19)
-------------------------------------------------
Updated mysql packages that fix several security issues are now
available for Red Hat Application Stack v1 and v2. This update has been
rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/132379
* RedHat: Moderate: thunderbird security update (Dec 19)
------------------------------------------------------
Updated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/132380
* RedHat: Moderate: libexif security update (Dec 19)
--------------------------------------------------
Updated libexif packages that fix several security issues are now
available for Red Hat Enterprise Linux 5. An integer overflow flaw was
found in the way libexif parses Exif image tags. If a victim opens a
carefully crafted Exif image file, it could cause the application
linked against libexif to execute arbitrary code, or crash. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/132377
* RedHat: Critical: flash-plugin security update (Dec 18)
-------------------------------------------------------
An updated Adobe Flash Player package that fixes a security issue is
now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5
Supplementary. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132374
* RedHat: Moderate: squid security update (Dec 18)
------------------------------------------------
A flaw was found in the way squid stored HTTP headers for cached
objects in system memory. An attacker could cause squid to use
additional memory, and trigger high CPU usage when processing requests
for certain cached objects, possibly leading to a denial of service.
http://www.linuxsecurity.com/content/view/132366
* RedHat: Important: mysql security update (Dec 18)
-------------------------------------------------
Updated mysql packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/132367
--------------------------------------------------------------------------
* Ubuntu: Linux kernel vulnerabilities (Dec 18)
----------------------------------------------
The minix filesystem did not properly validate certain filesystem
values. If a local attacker could trick the system into attempting to
mount a corrupted minix filesystem, the kernel could be made to hang
for long periods of time, resulting in a denial of service.
(CVE-2006-6058) Certain calculations in the hugetlb code were not
correct. A local attacker could exploit this to cause a kernel panic,
leading to a denial of service.
http://www.linuxsecurity.com/content/view/132375
* Ubuntu: Samba vulnerability (Dec 18)
-------------------------------------
Alin Rad Pop discovered that Samba did not correctly check the size of
reply packets to mailslot requests. If a server was configured with
domain logon enabled, an unauthenticated remote attacker could send a
specially crafted domain logon packet and execute arbitrary code or
crash the Samba service. By default, domain logon is disabled in
Ubuntu.
http://www.linuxsecurity.com/content/view/132369
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Mon Dec 24 2007 - 03:33:17 PST