+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| January 25th, 2008 Volume 9, Number 4 |
| |
| Editorial Team: Dave Wreski <dwreski@private> |
| Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for exiv2, php, scponly, xfree86,
xine-lib, libvorbis, horde3, flac, tomcat, xorg, mantis, tikiwiki,
libcdio, libxfont, cairo, mysql, lzma, regression, and apt-listchanges.
The distributors include Debian, Gentoo, Mandriva, SuSE, and Ubuntu.
---
15-Month NSA Certified Masters in Info Assurance
Now you can earn your Master of Science in Information Assurance (MSIA) in
15 months. Norwich University has recently launched a 30-credit, 15-month
program, alongside the standard 36-credit, 18-month program. To find out
if you are eligible for the 15-month MSIA program, please visit:
http://www.msia.norwich.edu/linsec
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26
---
SSH: Best Practices
-------------------
If you're reading LinuxSecurity.com then it's a safe bet that you are
already using SSH, but are you using it in the best way possible? Have
you configured it to be as limited and secure as possible?
http://www.linuxsecurity.com/content/view/133312
---
Open Source Tool of the Month: GnuPG!
-------------------------------------
It=92s the new year! And to start it off right, LinuxSecurity.com wants to
start things off with January=92s Open Source Tool of the month:
<b>GnuPG!</b>
Encryption is one of the main pillars of security, and GnuPG is a robust
and flexible tool with great functionality that is fully GPL Licensed.
And since it just celebrated its landmark 10th Anniversary, it was an
easy choice for our tool of the month.
Ten years is a long time in the open source community; a very long time.
Lasting a decade, especially in these years of open source development,
is nothing short of remarkable. And like all great open source projects,
it came from humble beginnings - it was initiated as a way to encrypt
data without relying on restricted patents (namely RSA and IDEA) by
Werner Koch from Germany. Why?
Back in 1999 Richard Stallman was interested in pursuing a PGP
replacement after existing patents had run out and had decided to turn to
European developers...
http://www.linuxsecurity.com/content/view/133059
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.18 (Version 3.0, Release 18). This release includes the
brand new Health Center, new packages for FWKNP and PSAD, updated
packages and bug fixes, some feature enhancements to Guardian Digital
WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database
and e-mail security, integrated intrusion detection and SELinux
policies and more.
http://www.linuxsecurity.com/content/view/131851
--------------------------------------------------------------------------
* Debian: New exiv2 packages fix arbitrary code execution (Jan 23)
----------------------------------------------------------------
Meder Kydyraliev discovered an integer overflow in the thumbnail
handling of libexif, the EXIF/IPTC metadata manipulation library, which
could result in the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/133649
* Debian: New php5 packages fix regression (Jan 23)
-------------------------------------------------
It was discovered that the patch for CVE-2007-4659 could lead to
regressions in some scenarios. The fix has been reverted for now, a
revised update will be provided in a future PHP DSA.
http://www.linuxsecurity.com/content/view/133648
* Debian: New scponly packages fix arbitrary code execution (Jan 21)
------------------------------------------------------------------
In addition, it was discovered that it was possible to invoke with scp
with certain options that may lead to execution of arbitrary commands
(CVE-2007-6415).
http://www.linuxsecurity.com/content/view/133483
* Debian: New xfree86 packages fix regression (Jan 21)
----------------------------------------------------
Several local vulnerabilities have been discovered in the X.Org X
server."regenrecht" discovered that missing input sanitising within
the XFree86-Misc extension may lead to local privilege escalation.
http://www.linuxsecurity.com/content/view/133481
* Debian: New xine-lib packages fix arbitrary code execution (Jan 21)
-------------------------------------------------------------------
Luigi Auriemma discovered that the Xine media player library performed
insufficient input sanitising during the handling of RTSP streams,
which could lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/133480
* Debian: New libvorbis packages fix several vulnerabilities (Jan 21)
-------------------------------------------------------------------
Several vulnerabilities were found in the the Vorbis General Audio
Compression Codec, which may lead to denial of service or the execution
of arbitrary code, if a user is tricked into opening to a malformed Ogg
Audio file with an application linked against libvorbis.
http://www.linuxsecurity.com/content/view/133479
* Debian: New horde3 packages fix denial of service (Jan 20)
----------------------------------------------------------
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing a
malformed email inside the Imp client.
http://www.linuxsecurity.com/content/view/133476
* Debian: New flac packages fix arbitrary code execution (Jan 20)
---------------------------------------------------------------
Sean de Regge and Greg Linares discovered multiple heap and stack based
buffer overflows in FLAC, the Free Lossless Audio Codec, which could
lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/133474
* Debian: New tomcat5.5 packages fix several vulnerabilities (Jan 20)
-------------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Tomcat
servlet and JSP engine. Olaf Kock discovered that HTTPS encryption was
insufficiently enforced for single-sign-on cookies, which could
result in=09information disclosure.
http://www.linuxsecurity.com/content/view/133473
* Debian: New xorg-server packages fix regression (Jan 19)
--------------------------------------------------------
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing a
malformed email inside the Imp client.
http://www.linuxsecurity.com/content/view/133469
* Debian: New mantis packages fix several vulnerabilities (Jan 19)
----------------------------------------------------------------
Several remote vulnerabilities have been discovered in Mantis, a web
based bug tracking system. Multiple cross site scripting issues allowed
a remote attacker to=09 insert malicious HTML or web script into
Mantis web pages.
http://www.linuxsecurity.com/content/view/133468
* Debian: New xorg-server packages fix several vulnerabilities (Jan 17)
---------------------------------------------------------------------
Several local vulnerabilities have been discovered in the X.Org X
server. "regenrecht" discovered that missing input sanitising within
the XFree86-Misc extension may lead to local privilege escalation.
http://www.linuxsecurity.com/content/view/133421
--------------------------------------------------------------------------
* Gentoo: TikiWiki Multiple vulnerabilities (Jan 23)
--------------------------------------------------
Multiple vulnerabilities have been discovered in TikiWiki, some of them
having unknown impact.
http://www.linuxsecurity.com/content/view/133651
* Gentoo: TikiWiki Multiple vulnerabilities (Jan 23)
--------------------------------------------------
Multiple vulnerabilities have been discovered in TikiWiki, some of them
having unknown impact.
http://www.linuxsecurity.com/content/view/133650
* Gentoo: X.Org X server and Xfont library Multiple vulnerabilities (Jan 20)
--------------------------------------------------------------------------
Multiple vulnerabilities have been discovered in the X.Org X server and
Xfont library, allowing for a local privilege escalation and arbitrary
code execution.
http://www.linuxsecurity.com/content/view/133475
* Gentoo: libcdio User-assisted execution of arbitrary code (Jan 19)
------------------------------------------------------------------
A buffer overflow vulnerability has been discovered in libcdio. A
remote attacker could entice a user to open a specially crafted ISO
image in the cd-info and iso-info applications, resulting in the
execution of arbitrary code with the privileges of the user running the
application. Applications linking against shared libraries of libcdio
are not affected.
http://www.linuxsecurity.com/content/view/133471
* Gentoo: Adobe Flash Player Multiple vulnerabilities (Jan 19)
------------------------------------------------------------
Multiple vulnerabilities have been identified, the worst of which allow
arbitrary code execution on a user's system via a malicious Flash file.
http://www.linuxsecurity.com/content/view/133470
--------------------------------------------------------------------------
* Mandriva: Updated libxfont packages fix font handling (Jan 24)
--------------------------------------------------------------
A heap-based buffer overflow flaw was found in how the X.org server
handled malformed font files that could allow a malicious local user to
potentially execute arbitrary code with the privileges of the X.org
server (CVE-2008-0006). The updated packages have been patched to
correct this issue.
http://www.linuxsecurity.com/content/view/133656
* Mandriva: Updated x11-server packages fix multiple (Jan 24)
-----------------------------------------------------------
An input validation flaw was found in the X.org server's XFree86-Misc
extension that could allow a malicious authorized client to cause a
denial of service (crash), or potentially execute arbitrary code with
root privileges on the X.org server (CVE-2007-5760). A flaw was found
in the X.org server's XC-SECURITY extension that could allow a local
user to verify the existence of an arbitrary file, even in directories
that are not normally accessible to that user (CVE-2007-5958).
http://www.linuxsecurity.com/content/view/133655
* Mandriva: Updated xorg-x11 packages fix multiple (Jan 24)
---------------------------------------------------------
Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which if exploited could lead to local privilege
escalation (CVE-2007-4730).
http://www.linuxsecurity.com/content/view/133654
* Mandriva: Updated XFree86 packages fix multiple (Jan 24)
--------------------------------------------------------
A flaw was found in the XFree86 server's XC-SECURITY extension that
could allow a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user
(CVE-2007-5958).
http://www.linuxsecurity.com/content/view/133653
* Mandriva: Updated x11-server-xgl packages fix multiple (Jan 24)
---------------------------------------------------------------
An input validation flaw was found in the X.org server's XFree86-Misc
extension that could allow a malicious authorized client to cause a
denial of service (crash), or potentially execute arbitrary code with
root privileges on the X.org server (CVE-2007-5760). A flaw was found
in the X.org server's XC-SECURITY extension that could allow a local
user to verify the existence of an arbitrary file, even in directories
that are not normally accessible to that user (CVE-2007-5958).
http://www.linuxsecurity.com/content/view/133652
* Mandriva: Updated xine-lib packages fix remote code (Jan 22)
------------------------------------------------------------
Two vulnerabilities discovered in xine-lib allow remote execution of
arbitrary code: Heap-based buffer overflow in the rmff_dump_cont
function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows
remote attackers to execute arbitrary code via the SDP Abstract
attribute, related to the rmff_dump_header function and related to
disregarding the max field. (CVE-2008-0225)
http://www.linuxsecurity.com/content/view/133644
* Mandriva: Updated cairo packages fix vulnerability (Jan 22)
-----------------------------------------------------------
Peter Valchev discovered that Cairo did not correctly decode PNG image
data. By tricking a user or automated system into processing a
specially crafted PNG with Cairo, a remote attacker could execute
arbitrary code with the privileges of the user opening the file. The
updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/133485
* Mandriva: Updated gFTP packages fix vulnerabilities (Jan 21)
------------------------------------------------------------
Kalle Olavi Niemitalo found two boundary errors in the fsplib library,
a copy of which is included in gFTP source. A remote attacer could
trigger these vulnerabilities by enticing a user to download a file
with a specially crafted directory or file name, possibly resulting in
the execution of arbitrary code (CVE-2007-3962) or a denial of service
(CVE-2007-3961). The updated packages have been patched to correct
these issues.
http://www.linuxsecurity.com/content/view/133484
* Mandriva: Updated MySQL packages fix multiple (Jan 19)
------------------------------------------------------
MySQL 5.0.x did not update the DEFINER value of a view when the view is
altered, which allows remote authenticated users to gain privileges via
a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW
statement and an ALTER VIEW statement (CVE-2007-6303).
http://www.linuxsecurity.com/content/view/133472
* Mandriva: Updated lzma packages fix possible data loss issue (Jan 17)
---------------------------------------------------------------------
The lzma program did not properly check that the closing of output
succeeded, which could lead to rare, but possible, data loss. Another
issue with liblzmadec was also discovered where programs could crash if
decoding of a stream was not properly initialized. This update ensures
that output is properly closed so as to avoid silent data loss, and
adds consistency checks to liblzmadec so that programs will no longer
crash if a stream isn't properly initialized.
http://www.linuxsecurity.com/content/view/133422
--------------------------------------------------------------------------
* SuSE: Xorg and XFree (SUSE-SA:2008:003) (Jan 17)
------------------------------------------------
The X windows system is vulnerable to several kind of vulner-
abilities that are caused due to insufficient input validation.
The bugs range from crashing the X server to executing arbitrary
code with the privilges of the X server process.
http://www.linuxsecurity.com/content/view/133417
--------------------------------------------------------------------------
* Ubuntu: X.org regression (Jan 19)
----------------------------------
Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
function arguments. An authenticated attacker could send specially
crafted requests and gain root privileges. (CVE-2007-5760,
CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)
http://www.linuxsecurity.com/content/view/133467
* Ubuntu: apt-listchanges vulnerability (Jan 18)
-----------------------------------------------
Felipe Sateler discovered that apt-listchanges did not use safe paths
when importing additional Python libraries. A local attacker could
exploit this and execute arbitrary commands as the user running
apt-listchanges.
http://www.linuxsecurity.com/content/view/133427
* Ubuntu: X.org vulnerabilities (Jan 18)
---------------------------------------
Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
function arguments. An authenticated attacker could send specially
crafted requests and gain root privileges.
http://www.linuxsecurity.com/content/view/133423
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Jan 28 2008 - 00:23:50 PST