[ISN] Linux Advisory Watch: January 25th, 2008

From: InfoSec News (alerts@private)
Date: Mon Jan 28 2008 - 00:15:32 PST


+------------------------------------------------------------------------+
| LinuxSecurity.com                                    Weekly Newsletter |
| January 25th, 2008                                  Volume 9, Number 4 |
|                                                                        |
| Editorial Team:                Dave Wreski <dwreski@private> |
|                         Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for exiv2, php, scponly, xfree86,
xine-lib, libvorbis, horde3, flac, tomcat, xorg, mantis, tikiwiki,
libcdio, libxfont, cairo, mysql, lzma, regression, and apt-listchanges.
The distributors include Debian, Gentoo, Mandriva, SuSE, and Ubuntu.

---

15-Month NSA Certified Masters in Info Assurance

Now you can earn your Master of Science in Information Assurance (MSIA) in
15 months. Norwich University has recently launched a 30-credit, 15-month
program, alongside the standard 36-credit, 18-month program. To find out
if you are eligible for the 15-month MSIA program, please visit:

http://www.msia.norwich.edu/linsec

---

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26

---

SSH: Best Practices
-------------------
If you're reading LinuxSecurity.com then it's a safe bet that you are
already using SSH, but are you using it in the best way possible?  Have
you configured it to be as limited and secure as possible?

http://www.linuxsecurity.com/content/view/133312

---

Open Source Tool of the Month: GnuPG!
-------------------------------------
It=92s the new year! And to start it off right, LinuxSecurity.com wants to
start things off with January=92s Open Source Tool of the month:
<b>GnuPG!</b>

Encryption is one of the main pillars of security, and GnuPG is a robust
and flexible tool with great functionality that is fully GPL Licensed.
And since it just celebrated its landmark 10th Anniversary, it was an
easy choice for our tool of the month.

Ten years is a long time in the open source community; a very long time.
Lasting a decade, especially in these years of open source development,
is nothing short of remarkable.  And like all great open source projects,
it came from humble beginnings - it was initiated as a way to encrypt
data without relying on restricted patents (namely RSA and IDEA) by
Werner Koch from Germany. Why?

Back in 1999 Richard Stallman was interested in pursuing a PGP
replacement after existing patents had run out and had decided to turn to
European developers...

http://www.linuxsecurity.com/content/view/133059

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

--------------------------------------------------------------------------

* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.18 (Version 3.0, Release 18). This release includes the
  brand new Health Center, new packages for FWKNP and PSAD, updated
  packages and bug fixes, some feature enhancements to Guardian Digital
  WebTool and the SELinux policy, as well as other new features.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source, and
  has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database
  and e-mail security, integrated intrusion detection and SELinux
  policies and more.

  http://www.linuxsecurity.com/content/view/131851

--------------------------------------------------------------------------

* Debian: New exiv2 packages fix arbitrary code execution (Jan 23)
  ----------------------------------------------------------------
  Meder Kydyraliev discovered an integer overflow in the thumbnail
  handling of libexif, the EXIF/IPTC metadata manipulation library, which
  could result in the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/133649

* Debian: New php5 packages fix regression (Jan 23)
  -------------------------------------------------
  It was discovered that the patch for CVE-2007-4659 could lead to
  regressions in some scenarios. The fix has been reverted for now, a
  revised update will be provided in a future PHP DSA.

  http://www.linuxsecurity.com/content/view/133648

* Debian: New scponly packages fix arbitrary code execution (Jan 21)
  ------------------------------------------------------------------
  In addition, it was discovered that it was possible to invoke with scp
  with certain options that may lead to execution of arbitrary commands
  (CVE-2007-6415).

  http://www.linuxsecurity.com/content/view/133483

* Debian: New xfree86 packages fix regression (Jan 21)
  ----------------------------------------------------
  Several local vulnerabilities have been discovered in the X.Org X
  server."regenrecht" discovered that missing input sanitising within
  the XFree86-Misc extension may lead to local privilege escalation.

  http://www.linuxsecurity.com/content/view/133481

* Debian: New xine-lib packages fix arbitrary code execution (Jan 21)
  -------------------------------------------------------------------
  Luigi Auriemma discovered that the Xine media player library performed
  insufficient input sanitising during the handling of RTSP streams,
  which could lead to the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/133480

* Debian: New libvorbis packages fix several vulnerabilities (Jan 21)
  -------------------------------------------------------------------
  Several vulnerabilities were found in the the Vorbis General Audio
  Compression Codec, which may lead to denial of service or the execution
  of arbitrary code, if a user is tricked into opening to a malformed Ogg
  Audio file with an application linked against libvorbis.

  http://www.linuxsecurity.com/content/view/133479

* Debian: New horde3 packages fix denial of service (Jan 20)
  ----------------------------------------------------------
  Ulf Harnhammer discovered that the HTML filter of the Horde web
  application framework performed insufficient input sanitising, which
  may lead to the deletion of emails if a user is tricked into viewing a
  malformed email inside the Imp client.

  http://www.linuxsecurity.com/content/view/133476

* Debian: New flac packages fix arbitrary code execution (Jan 20)
  ---------------------------------------------------------------
  Sean de Regge and Greg Linares discovered multiple heap and stack based
  buffer overflows in FLAC, the Free Lossless Audio Codec, which could
  lead to the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/133474

* Debian: New tomcat5.5 packages fix several vulnerabilities (Jan 20)
  -------------------------------------------------------------------
  Several remote vulnerabilities have been discovered in the Tomcat
  servlet and JSP engine. Olaf Kock discovered that HTTPS encryption was
  insufficiently     enforced for single-sign-on cookies, which could
  result in=09information disclosure.

  http://www.linuxsecurity.com/content/view/133473

* Debian: New xorg-server packages fix regression (Jan 19)
  --------------------------------------------------------
  Ulf Harnhammer discovered that the HTML filter of the Horde web
  application framework performed insufficient input sanitising, which
  may lead to the deletion of emails if a user is tricked into viewing a
  malformed email inside the Imp client.

  http://www.linuxsecurity.com/content/view/133469

* Debian: New mantis packages fix several vulnerabilities (Jan 19)
  ----------------------------------------------------------------
  Several remote vulnerabilities have been discovered in Mantis, a web
  based bug tracking system. Multiple cross site scripting issues allowed
  a remote attacker to=09   insert malicious HTML or web script into
  Mantis web pages.

  http://www.linuxsecurity.com/content/view/133468

* Debian: New xorg-server packages fix several vulnerabilities (Jan 17)
  ---------------------------------------------------------------------
  Several local vulnerabilities have been discovered in the X.Org X
  server. "regenrecht" discovered that missing input sanitising within
  the XFree86-Misc extension may lead to local privilege escalation.

  http://www.linuxsecurity.com/content/view/133421

--------------------------------------------------------------------------

* Gentoo: TikiWiki Multiple vulnerabilities (Jan 23)
  --------------------------------------------------
  Multiple vulnerabilities have been discovered in TikiWiki, some of them
  having unknown impact.

  http://www.linuxsecurity.com/content/view/133651

* Gentoo: TikiWiki Multiple vulnerabilities (Jan 23)
  --------------------------------------------------
  Multiple vulnerabilities have been discovered in TikiWiki, some of them
  having unknown impact.

  http://www.linuxsecurity.com/content/view/133650

* Gentoo: X.Org X server and Xfont library Multiple vulnerabilities (Jan 20)
  --------------------------------------------------------------------------
  Multiple vulnerabilities have been discovered in the X.Org X server and
  Xfont library, allowing for a local privilege escalation and arbitrary
  code execution.

  http://www.linuxsecurity.com/content/view/133475

* Gentoo: libcdio User-assisted execution of arbitrary code (Jan 19)
  ------------------------------------------------------------------
  A buffer overflow vulnerability has been discovered in libcdio.  A
  remote attacker could entice a user to open a specially crafted ISO
  image in the cd-info and iso-info applications, resulting in the
  execution of arbitrary code with the privileges of the user running the
  application. Applications linking against shared libraries of libcdio
  are not affected.

  http://www.linuxsecurity.com/content/view/133471

* Gentoo: Adobe Flash Player Multiple vulnerabilities (Jan 19)
  ------------------------------------------------------------
  Multiple vulnerabilities have been identified, the worst of which allow
  arbitrary code execution on a user's system via a malicious Flash file.

  http://www.linuxsecurity.com/content/view/133470

--------------------------------------------------------------------------

* Mandriva: Updated libxfont packages fix font handling (Jan 24)
  --------------------------------------------------------------
  A heap-based buffer overflow flaw was found in how the X.org server
  handled malformed font files that could allow a malicious local user to
  potentially execute arbitrary code with the privileges of the X.org
  server (CVE-2008-0006). The updated packages have been patched to
  correct this issue.

  http://www.linuxsecurity.com/content/view/133656

* Mandriva: Updated x11-server packages fix multiple (Jan 24)
  -----------------------------------------------------------
  An input validation flaw was found in the X.org server's XFree86-Misc
  extension that could allow a malicious authorized client to cause a
  denial of service (crash), or potentially execute arbitrary code with
  root privileges on the X.org server (CVE-2007-5760). A flaw was found
  in the X.org server's XC-SECURITY extension that could allow a local
  user to verify the existence of an arbitrary file, even in directories
  that are not normally accessible to that user (CVE-2007-5958).

  http://www.linuxsecurity.com/content/view/133655

* Mandriva: Updated xorg-x11 packages fix multiple (Jan 24)
  ---------------------------------------------------------
  Aaron Plattner discovered a buffer overflow in the Composite extension
  of the X.org X server, which if exploited could lead to local privilege
  escalation (CVE-2007-4730).

  http://www.linuxsecurity.com/content/view/133654

* Mandriva: Updated XFree86 packages fix multiple (Jan 24)
  --------------------------------------------------------
  A flaw was found in the XFree86 server's XC-SECURITY extension that
  could allow a local user to verify the existence of an arbitrary file,
  even in directories that are not normally accessible to that user
  (CVE-2007-5958).

  http://www.linuxsecurity.com/content/view/133653

* Mandriva: Updated x11-server-xgl packages fix multiple (Jan 24)
  ---------------------------------------------------------------
  An input validation flaw was found in the X.org server's XFree86-Misc
  extension that could allow a malicious authorized client to cause a
  denial of service (crash), or potentially execute arbitrary code with
  root privileges on the X.org server (CVE-2007-5760). A flaw was found
  in the X.org server's XC-SECURITY extension that could allow a local
  user to verify the existence of an arbitrary file, even in directories
  that are not normally accessible to that user (CVE-2007-5958).

  http://www.linuxsecurity.com/content/view/133652

* Mandriva: Updated xine-lib packages fix remote code (Jan 22)
  ------------------------------------------------------------
  Two vulnerabilities discovered in xine-lib allow remote execution of
  arbitrary code: Heap-based buffer overflow in the rmff_dump_cont
  function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows
  remote attackers to execute arbitrary code via the SDP Abstract
  attribute, related to the rmff_dump_header function and related to
  disregarding the max field. (CVE-2008-0225)

  http://www.linuxsecurity.com/content/view/133644

* Mandriva: Updated cairo packages fix vulnerability (Jan 22)
  -----------------------------------------------------------
  Peter Valchev discovered that Cairo did not correctly decode PNG image
  data.  By tricking a user or automated system into processing a
  specially crafted PNG with Cairo, a remote attacker could execute
  arbitrary code with the privileges of the user opening the file. The
  updated packages have been patched to correct this issue.

  http://www.linuxsecurity.com/content/view/133485

* Mandriva: Updated gFTP packages fix vulnerabilities (Jan 21)
  ------------------------------------------------------------
  Kalle Olavi Niemitalo found two boundary errors in the fsplib library,
  a copy of which is included in gFTP source.  A remote attacer could
  trigger these vulnerabilities by enticing a user to download a file
  with a specially crafted directory or file name, possibly resulting in
  the execution of arbitrary code (CVE-2007-3962) or a denial of service
  (CVE-2007-3961). The updated packages have been patched to correct
  these issues.

  http://www.linuxsecurity.com/content/view/133484

* Mandriva: Updated MySQL packages fix multiple (Jan 19)
  ------------------------------------------------------
  MySQL 5.0.x did not update the DEFINER value of a view when the view is
  altered, which allows remote authenticated users to gain privileges via
  a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW
  statement and an ALTER VIEW statement (CVE-2007-6303).

  http://www.linuxsecurity.com/content/view/133472

* Mandriva: Updated lzma packages fix possible data loss issue (Jan 17)
  ---------------------------------------------------------------------
  The lzma program did not properly check that the closing of output
  succeeded, which could lead to rare, but possible, data loss. Another
  issue with liblzmadec was also discovered where programs could crash if
  decoding of a stream was not properly initialized. This update ensures
  that output is properly closed so as to avoid silent data loss, and
  adds consistency checks to liblzmadec so that programs will no longer
  crash if a stream isn't properly initialized.

  http://www.linuxsecurity.com/content/view/133422

--------------------------------------------------------------------------

* SuSE: Xorg and XFree (SUSE-SA:2008:003) (Jan 17)
  ------------------------------------------------
  The X windows system is vulnerable to several kind of vulner-
  abilities that are caused due to insufficient input validation.
  The bugs range from crashing the X server to executing arbitrary
  code with the privilges of the X server process.

  http://www.linuxsecurity.com/content/view/133417

--------------------------------------------------------------------------

* Ubuntu:  X.org regression (Jan 19)
  ----------------------------------
  Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
  TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
  function arguments.  An authenticated attacker could send specially
  crafted requests and gain root privileges. (CVE-2007-5760,
  CVE-2007-6427,  CVE-2007-6428, CVE-2007-6429)

  http://www.linuxsecurity.com/content/view/133467

* Ubuntu:  apt-listchanges vulnerability (Jan 18)
  -----------------------------------------------
  Felipe Sateler discovered that apt-listchanges did not use safe paths
  when importing additional Python libraries.  A local attacker could
  exploit this and execute arbitrary commands as the user running
  apt-listchanges.

  http://www.linuxsecurity.com/content/view/133427

* Ubuntu:  X.org vulnerabilities (Jan 18)
  ---------------------------------------
  Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
  TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
  function arguments.  An authenticated attacker could send specially
  crafted requests and gain root privileges.

  http://www.linuxsecurity.com/content/view/133423

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Jan 28 2008 - 00:23:50 PST