+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| February 15th, 2008 Volume 9, Number 7 |
| |
| Editorial Team: Dave Wreski <dwreski@private> |
| Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for nagios, sdl-image, wml, tk,
iceweasel, icedove, xulrunner, phpbb2, libexif, kernel, mandriva-kde,
rpmdrake, Qt4, netpbm, gd, libcdio, python, firefox, imageop, nss_ldap,
rsync, e2fsprogs, and tetex.
---
15-Month NSA Certified Masters in Info Assurance
Now you can earn your Master of Science in Information Assurance (MSIA) in
15 months. Norwich University has recently launched a 30-credit, 15-month
program, alongside the standard 36-credit, 18-month program. To find out
if you are eligible for the 15-month MSIA program, please visit:
http://www.msia.norwich.edu/linsec
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Meet the Anti-Nmap: PSAD
------------------------
Having a great defense involves proper detection and recognition of an
attack. In our security world we have great IDS tools to properly
recognize when we are being attacked as well as firewalls to prevent such
attacks from happening. However, certain attacks are not blindly thrown
at you - a good attacker knows that a certain amount of reconnaissance
and knowledge about your defenses greatly increases the chances of a
successful attack. How would you know if someone is scanning your
defenses? Is there any way to properly respond to such scans?
http://www.linuxsecurity.com/content/view/134248
---
Open Source Tool of February: Nmap!
-----------------------------------
This February, the team at Linuxsecurity.com has chosen NMAP as the Open
Source Security Tool of the Month!
In January, we chose GnuPG in part because it had just celebrated its
10th anniversary. Well, it wasn't alone. As of this past December Nmap
("Network Mapper"), the free and open source utility for network
exploration and auditing, celebrated its 10th Anniversary as well! And
because of its popularity, chances are very good that you've already used
NMAP for quite some time. Even if you have, it's always good to take a
look at how it all got started and what it's all about...
http://www.linuxsecurity.com/content/view/133931
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.18 (Version 3.0, Release 18). This release includes the
brand new Health Center, new packages for FWKNP and PSAD, updated
packages and bug fixes, some feature enhancements to Guardian Digital
WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database
and e-mail security, integrated intrusion detection and SELinux
policies and more.
http://www.linuxsecurity.com/content/view/131851
--------------------------------------------------------------------------
* Debian: New linux-2.6 packages fix privilege escalation (Feb 13)
----------------------------------------------------------------
The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel memory, gaining root privileges
http://www.linuxsecurity.com/content/view/134524
* Debian: New mplayer packages fix arbitrary code execution (Feb 12)
------------------------------------------------------------------
Several buffer overflows have been discovered in the MPlayer movie
player, which might lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following
problems:
http://www.linuxsecurity.com/content/view/134250
* Debian: New nagios-plugins packages fix several (Feb 12)
--------------------------------------------------------
A buffer overflow has been discovered in the parser for HTTP
Location headers (present in the check_http module).
http://www.linuxsecurity.com/content/view/134249
* Debian: New linux-2.6 packages fix privilege escalation (Feb 11)
----------------------------------------------------------------
The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel memory, gaining root privileges
(CVE-2008-0010, CVE-2008-0600).
http://www.linuxsecurity.com/content/view/134233
* Debian: New sdl-image1.2 packages fix arbitrary code execution (Feb 10)
-----------------------------------------------------------------------
Gynvael Coldwind discovered a buffer overflow in GIF image parsing,
which could result in denial of service and potentially the execution
of arbitrary code.
http://www.linuxsecurity.com/content/view/134232
* Debian: New wml packages fix denial of service (Feb 10)
-------------------------------------------------------
Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML
generation toolkit, creates insecure temporary files in the eperl and
ipp backends and in the wmg.cgi script, which could lead to local
denial of service by overwriting files.
http://www.linuxsecurity.com/content/view/134231
* Debian: New tk8.4 packages fix arbitrary code execution (Feb 10)
----------------------------------------------------------------
It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/134230
* Debian: New tk8.3 packages fix arbitrary code execution (Feb 10)
----------------------------------------------------------------
It was discovered that a buffer overflow in the GIF image parsing code
of Tk, a cross-platform graphical toolkit, could lead to denial of
service and potentially the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/134229
* Debian: New iceweasel packages fix several vulnerabilities (Feb 10)
-------------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. Jesse
Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson
discovered crashes in the layout engine, which might allow the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/134228
* Debian: New icedove packages fix several vulnerabilities (Feb 10)
-----------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Icedove mail
client, an unbranded version of the Thunderbird client. Jesse Ruderman,
Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson
discovered crashes in the layout engine, which might allow the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/134227
* Debian: New xulrunner packages fix several vulnerabilities (Feb 10)
-------------------------------------------------------------------
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. Jesse Ruderman, Kai Engert,
Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in
the layout engine, which might allow the execution of arbitrary
code.
http://www.linuxsecurity.com/content/view/134226
* Debian: New phpbb2 packages fix several vulnerabilities (Feb 8)
---------------------------------------------------------------
Several remote vulnerabilities have been discovered in phpBB, a web
based bulletin board.Private messaging allowed cross site request
forgery, making it possible to delete all private messages of a user by
sending them to a crafted web page.
http://www.linuxsecurity.com/content/view/134225
* Debian: New libexif packages fix several vulnerabilities (Feb 8)
----------------------------------------------------------------
Several vulnerabilities have been discovered in the EXIF parsing code
of the libexif library, which can lead to denial of service or the
xecution of arbitrary code if a user is tricked into opening a
malformed image.
http://www.linuxsecurity.com/content/view/134220
--------------------------------------------------------------------------
* Fedora 7 Update: kernel-2.6.23.15-80.fc7 (Feb 11)
-------------------------------------------------
Update to Linux kernel 2.6.23.15:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.15 Fix
vmsplice local root vulnerability: CVE-2008-0009: Fixed by update to
2.6.23.15. CVE-2008-0010: Fixed by update to 2.6.23.15. CVE-2008-0600:
Extra fix from upstream applied. Fix memory leak in netlabel code
(#352281) Autoload the Dell dcdbas driver like in F8 (#326041) Work
around broken Seagate LBA48 disks. (F8#429364) Fix futex oops on
uniprocessor machine. (F8#429412) Add support for new Macbook
touchpads. (F8#426574) Fix the initio driver broken in 2.6.23.
(F8#390531) Fix segfaults from using vdso=2. (F8#427641) FireWire
updates, fixing multiple problems. ACPI: fix multiple problems with
brightness controls (F8#427518) Wireless driver updates from upstream.
http://www.linuxsecurity.com/content/view/134234
* Fedora 8 Update: kernel-2.6.23.15-137.fc8 (Feb 11)
--------------------------------------------------
Update to Linux kernel 2.6.23.15: Fix vmsplice local root
vulnerability: CVE-2008-0009: Fixed by update to 2.6.23.15.
CVE-2008-0010: Fixed by update to 2.6.23.15. CVE-2008-0600: Extra fix
from upstream applied. Fix memory leak in netlabel code. Work
around broken Seagate LBA48 disks. (#429364) Fix futex oops on
uniprocessor machine. (#429412) Add support for new Macbook touchpads.
(#426574) Fix the initio driver broken in 2.6.23. (#390531) Fix
segfaults from using vdso=2. (#427641) FireWire updates, fixing
multiple problems. (#429598) ACPI: fix multiple problems with
brightness controls (#427518) Fix Megahertz PCMCIA Ethernet adapter
(#233255) Fix oops in netfilter. (#430663) ACPI: fix early init of EC
(#426480) ALSA: fix audio on some systems with STAC codec (#431360)
Atheros L2 fast Ethernet driver (atl2) for ASUS Eeepc. ASUS Eeepc ACPI
hotkey driver. Wireless driver updates from upstream.
http://www.linuxsecurity.com/content/view/134235
* Fedora 7 Update: tk-8.4.13-7.fc7 (Feb 7)
----------------------------------------
Fixed security issue - buffer overflow in gif parsing.
http://www.linuxsecurity.com/content/view/134096
* Fedora 8 Update: dovecot 1.0.10-4.fc8 (Feb 7)
---------------------------------------------
New upstream release, fixing a very minor security issue.
http://www.linuxsecurity.com/content/view/134058
--------------------------------------------------------------------------
* Mandriva: Updated mandriva-kde-config packages fix loss of (Feb 13)
-------------------------------------------------------------------
The KDE panel has a clock applet which includes de hability to change
its appearance and behavior. Because of a configuration problem, this
applet was not properly saving these changes were not properly saved,
being lost at every user login. This update fixes the problem.
http://www.linuxsecurity.com/content/view/134527
* Mandriva: Updated desktop-common-data package fixes menus, (Feb 13)
-------------------------------------------------------------------
In Mandriva Linux 2008.0 some utilities were not correctly displayed in
Tools menu (such as Yakuake), and settings:// was not working properly
in KDE konqueror. This update fixes the problems.
http://www.linuxsecurity.com/content/view/134526
* Mandriva: Updated kernel packages fix multiple (Feb 12)
-------------------------------------------------------
The wait_task_stopped function in the Linux kernel before 2.6.23.8
checks a TASK_TRACED bit instead of an exit_state value, which allows
local users to cause a denial of service (machine crash) via
unspecified vectors. NOTE: some of these details are obtained from
third party information.
http://www.linuxsecurity.com/content/view/134237
* Mandriva: Updated kernel packages fix multiple (Feb 12)
-------------------------------------------------------
A flaw in the vmsplice system call did not properly verify address
arguments passed by user-space processes, which allowed local attackers
to overwrite arbitrary kernel memory and gain root privileges. Mandriva
urges all users to upgrade to these new kernels immediately as this
flaw is being actively exploited. This issue only affects 2.6.17 and
newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are
affected.
http://www.linuxsecurity.com/content/view/134236
* Mandriva: Updated rpmdrake packages fix various bugs (Feb 8)
------------------------------------------------------------
This drakxtools update package fixes issues with the hardrake tool to
make sure that USB keys are not auto-configured by the service at boot
(#34568), and adds back the Run Config tool button in the harddrake
interface (#34794).
http://www.linuxsecurity.com/content/view/134224
* Mandriva: Updated rpmdrake packages fix various bugs (Feb 8)
------------------------------------------------------------
This update fixes a crash when reading packages with an empty backport
media (#36720). This is a rare bug since DVD media did not include
backport media, and network media provides a non-empty backport media.
It also makes sure that a wait dialog always got destroyed (#36921).
http://www.linuxsecurity.com/content/view/134222
* Mandriva: Updated Qt4 packages fix vulnerability in (Feb 8)
-----------------------------------------------------------
A potential vulnerability was discovered in Qt4 version 4.3.0 through
4.3.2 which may cause a certificate verification in SSL connections not
to be performed. As a result, code that uses QSslSocket could be
tricked into thinking that the certificate was verified correctly when
it actually failed in one or more criteria. The updated packages have
been patched to correct this issue.
http://www.linuxsecurity.com/content/view/134217
* Mandriva: Updated tk packages fix buffer overflow (Feb 7)
---------------------------------------------------------
The ReadImage() function in Tk did not check codeSize read from GIF
images prior to initializing the append array, which could lead to a
buffer overflow with unknown impact. The updated packages have been
patched to correct this issue.
http://www.linuxsecurity.com/content/view/134215
* Mandriva: Updated SDL_image packages fix vulnerabilities (Feb 7)
----------------------------------------------------------------
The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a
boundary error that could be triggered to cause a static buffer
overflow and a heap-based buffer overflow. If a user using an
application linked against the SDL_image library were to open a
carefully crafted GIF or IFF ILBM file, the application could crash or
possibly allow for the execution of arbitrary code. The updated
packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/134214
* Mandriva: Updated netpbm packages fix buffer overflow (Feb 7)
-------------------------------------------------------------
A buffer overflow in the giftopnm utility in netpbm prior to version
10.27 could allow attackers to have an unknown impact via a specially
crafted GIF file. The updated packages have been patched to correct
this issue.
http://www.linuxsecurity.com/content/view/134212
* Mandriva: Updated gd packages fix buffer overflow (Feb 7)
---------------------------------------------------------
Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD
prior to 2.0.34 allows remote attackers to have an unknown impact via a
GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers
an overflow when initializing the table array. This was originally
fixed in PHP's embedded GD with MDKSA-2006:162; patches had not been
applied to the system libgd at that time. The updated packages have
been patched to correct this issue.
http://www.linuxsecurity.com/content/view/134213
* Mandriva: Updated libcdio packages fix DoS vulnerability (Feb 7)
----------------------------------------------------------------
A stack-based buffer overflow was discovered in libcdio that allowed
context-dependent attackers to cause a denial of service (core dump)
and possibly execute arbitrary code via a disk or image file that
contains a long joliet file name. In addition, a fix for failed UTF-8
conversions that would cause a segfault on certain ISOs was also fixed.
The updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/134211
--------------------------------------------------------------------------
* Slackware: kernel exploit fix (Feb 12)
----------------------------------------
New kernel packages are available for Slackware 12.0, and -current to
fix a local root exploit. More details about this issue may be found in
the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600
http://www.linuxsecurity.com/content/view/134251
--------------------------------------------------------------------------
* Ubuntu: Linux kernel vulnerabilities (Feb 13)
----------------------------------------------
The minix filesystem did not properly validate certain filesystem
values. If a local attacker could trick the system into attempting to
mount a corrupted minix filesystem, the kernel could be made to hang
for long periods of time, resulting in a denial of service.
(CVE-2006-6058)
http://www.linuxsecurity.com/content/view/134529
* Ubuntu: Linux kernel vulnerability (Feb 12)
--------------------------------------------
Wojciech Purczynski discovered that the vmsplice system call did not
properly perform verification of user-memory pointers. A local attacker
could exploit this to overwrite arbitrary kernel memory and gain root
privileges. (CVE-2008-0600)
http://www.linuxsecurity.com/content/view/134247
* Ubuntu: Firefox vulnerabilities (Feb 7)
----------------------------------------
Various flaws were discovered in the browser and JavaScript engine. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2008-0412,
CVE-2008-0413)
http://www.linuxsecurity.com/content/view/134216
--------------------------------------------------------------------------
* Foresight: python (Feb 12)
--------------------------
Previous versions of the python package contain an integer overflow in
the imageop module which could cause a denial-of-service (crash) or
possibly leak sensitive information.
http://www.linuxsecurity.com/content/view/134246
* Foresight: firefox (Feb 12)
---------------------------
Multiple vulnerabilities have been fixed in firefox, the most serious
of which is thought to allow unauthorized remote execution of
abitrary code at the permission level of the user running firefox.
http://www.linuxsecurity.com/content/view/134245
* Foresight: imageop (Feb 12)
---------------------------
Previous versions of the python package contain an integer overflow in
the imageop module which could cause a denial-of-service (crash) or
possibly leak sensitive information.
http://www.linuxsecurity.com/content/view/134244
* Foresight: nss_ldap (Feb 12)
----------------------------
Previous versions of nss_ldap contain a race condition that can allow
nss_ldap to return the wrong information, allowing for the possibility
of improper information disclosure.
http://www.linuxsecurity.com/content/view/134243
* Foresight: rsync (Feb 12)
-------------------------
Previous versions of the rsync package contain vulnerabilities in the
rsync server, potentially allowing users to bypass security
restrictions. Foresight Linux does not, by default, configure the
rsync server to run.
http://www.linuxsecurity.com/content/view/134242
* Foresight: e2fsprogs (Feb 12)
-----------------------------
Previous versions of the e2fsprogs package are vulnerable to multiple
integer overflows which may be exploited via specially-crafted
filesystems. The workaround for is to not run fsck on a filesystem to
which an untrusted user has the ability to directly modify filesystem
metadata. This is most commonly an issue when using a virtualization
solution in which the root user for the guest OS is not trusted, and
can convince the host's root user to run fsck on the guests's
filesystem. Foresight Linux neither enables nor supports any form of
virtualization in the default install.
http://www.linuxsecurity.com/content/view/134241
* Foresight: tetex (Feb 12)
-------------------------
Previous versions of the tetex package are vulnerable to multiple
issues, the worst of which is believed to allow arbitrary code
execution via user-assisted vectors when dvips or dviljk are run of
specially-crafted files, or when loading malformed font data using
t1lib.
http://www.linuxsecurity.com/content/view/134240
* Foresight: gd (Feb 12)
----------------------
Previous versions of the gd package are vulnerable to a possible
Arbitrary Code Execution attack in which an attacker may use a
maliciously crafted GIF file to trigger a buffer overflow. The libgd
library is not exposed via any privileged or remote interfaces within
Foresight Linux proper.
http://www.linuxsecurity.com/content/view/134239
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Feb 19 2008 - 01:11:11 PST