[ISN] Linux Advisory Watch: February 15th, 2008

From: InfoSec News (alerts@private)
Date: Tue Feb 19 2008 - 01:00:59 PST


+------------------------------------------------------------------------+
| LinuxSecurity.com                                    Weekly Newsletter |
| February 15th, 2008                                 Volume 9, Number 7 |
|                                                                        |
| Editorial Team:                Dave Wreski <dwreski@private> |
|                         Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for nagios, sdl-image, wml, tk,
iceweasel, icedove, xulrunner, phpbb2, libexif, kernel, mandriva-kde,
rpmdrake, Qt4, netpbm, gd, libcdio, python, firefox, imageop, nss_ldap,
rsync, e2fsprogs, and tetex.

---

15-Month NSA Certified Masters in Info Assurance

Now you can earn your Master of Science in Information Assurance (MSIA) in
15 months. Norwich University has recently launched a 30-credit, 15-month
program, alongside the standard 36-credit, 18-month program. To find out
if you are eligible for the 15-month MSIA program, please visit:

http://www.msia.norwich.edu/linsec

---

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Meet the Anti-Nmap: PSAD
------------------------
Having a great defense involves proper detection and recognition of an
attack. In our security world we have great IDS tools to properly
recognize when we are being attacked as well as firewalls to prevent such
attacks from happening. However, certain attacks are not blindly thrown
at you - a good attacker knows that a certain amount of reconnaissance
and knowledge about your defenses greatly increases the chances of a
successful attack.  How would you know if someone is scanning your
defenses?  Is there any way to properly respond to such scans?

http://www.linuxsecurity.com/content/view/134248

---

Open Source Tool of February: Nmap!
-----------------------------------
This February, the team at Linuxsecurity.com has chosen NMAP as the Open
Source Security Tool of the Month!

In January, we chose GnuPG in part because it had just celebrated its
10th anniversary. Well, it wasn't alone. As of this past December Nmap
("Network Mapper"), the free and open source utility for network
exploration and auditing, celebrated its 10th Anniversary as well!  And
because of its popularity, chances are very good that you've already used
NMAP for quite some time.  Even if you have, it's always good to take a
look at how it all got started and what it's all about...

http://www.linuxsecurity.com/content/view/133931

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

--------------------------------------------------------------------------

* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.18 (Version 3.0, Release 18). This release includes the
  brand new Health Center, new packages for FWKNP and PSAD, updated
  packages and bug fixes, some feature enhancements to Guardian Digital
  WebTool and the SELinux policy, as well as other new features.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source, and
  has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database
  and e-mail security, integrated intrusion detection and SELinux
  policies and more.

  http://www.linuxsecurity.com/content/view/131851

--------------------------------------------------------------------------

* Debian: New linux-2.6 packages fix privilege escalation (Feb 13)
  ----------------------------------------------------------------
  The vmsplice system call did not properly verify address arguments
  passed by user space processes, which allowed local attackers to
  overwrite arbitrary kernel memory, gaining root privileges

  http://www.linuxsecurity.com/content/view/134524

* Debian: New mplayer packages fix arbitrary code execution (Feb 12)
  ------------------------------------------------------------------
  Several buffer overflows have been discovered in the MPlayer movie
  player, which might lead to the execution of arbitrary code. The Common
  Vulnerabilities and Exposures project identifies the following
  problems:

  http://www.linuxsecurity.com/content/view/134250

* Debian: New nagios-plugins packages fix several (Feb 12)
  --------------------------------------------------------
  A buffer overflow has been discovered in the parser for HTTP
  Location headers (present in the check_http module).

  http://www.linuxsecurity.com/content/view/134249

* Debian: New linux-2.6 packages fix privilege escalation (Feb 11)
  ----------------------------------------------------------------
  The vmsplice system call did not properly verify address arguments
  passed by user space processes, which allowed local attackers to
  overwrite arbitrary kernel memory, gaining root privileges
  (CVE-2008-0010, CVE-2008-0600).

  http://www.linuxsecurity.com/content/view/134233

* Debian: New sdl-image1.2 packages fix arbitrary code execution (Feb 10)
  -----------------------------------------------------------------------
  Gynvael Coldwind discovered a buffer overflow in GIF image parsing,
  which could result in denial of service and potentially the execution
  of arbitrary code.

  http://www.linuxsecurity.com/content/view/134232

* Debian: New wml packages fix denial of service (Feb 10)
  -------------------------------------------------------
  Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML
  generation toolkit, creates insecure temporary files in the eperl and
  ipp backends and in the wmg.cgi script, which could lead to local
  denial of service by overwriting files.

  http://www.linuxsecurity.com/content/view/134231

* Debian: New tk8.4 packages fix arbitrary code execution (Feb 10)
  ----------------------------------------------------------------
  It was discovered that a buffer overflow in the GIF image parsing code
  of Tk, a cross-platform graphical toolkit, could lead to denial of
  service and potentially the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/134230

* Debian: New tk8.3 packages fix arbitrary code execution (Feb 10)
  ----------------------------------------------------------------
  It was discovered that a buffer overflow in the GIF image parsing code
  of Tk, a cross-platform graphical toolkit, could lead to denial of
  service and potentially the execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/134229

* Debian: New iceweasel packages fix several vulnerabilities (Feb 10)
  -------------------------------------------------------------------
  Several remote vulnerabilities have been discovered in the Iceweasel
  web browser, an unbranded version of the Firefox browser. Jesse
  Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson
  discovered crashes in the layout engine, which might allow the
  execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/134228

* Debian: New icedove packages fix several vulnerabilities (Feb 10)
  -----------------------------------------------------------------
  Several remote vulnerabilities have been discovered in the Icedove mail
  client, an unbranded version of the Thunderbird client. Jesse Ruderman,
  Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson
  discovered crashes in the layout engine, which might allow	 the
  execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/134227

* Debian: New xulrunner packages fix several vulnerabilities (Feb 10)
  -------------------------------------------------------------------
  Several remote vulnerabilities have been discovered in Xulrunner, a
  runtime environment for XUL applications. Jesse Ruderman, Kai Engert,
  Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in
  the layout engine, which might allow	   the execution of arbitrary
  code.

  http://www.linuxsecurity.com/content/view/134226

* Debian: New phpbb2 packages fix several vulnerabilities (Feb 8)
  ---------------------------------------------------------------
  Several remote vulnerabilities have been discovered in phpBB, a web
  based bulletin board.Private messaging allowed cross site request
  forgery, making it possible to delete all private messages of a user by
  sending them to a crafted web page.

  http://www.linuxsecurity.com/content/view/134225

* Debian: New libexif packages fix several vulnerabilities (Feb 8)
  ----------------------------------------------------------------
  Several vulnerabilities have been discovered in the EXIF parsing code
  of the libexif library, which can lead to denial of service or the
  xecution of arbitrary code if a user is tricked into opening a
  malformed image.

  http://www.linuxsecurity.com/content/view/134220

--------------------------------------------------------------------------

* Fedora 7 Update: kernel-2.6.23.15-80.fc7 (Feb 11)
  -------------------------------------------------
  Update to Linux kernel 2.6.23.15:
  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.15    Fix
  vmsplice local root vulnerability:  CVE-2008-0009: Fixed by update to
  2.6.23.15. CVE-2008-0010: Fixed by update to 2.6.23.15.  CVE-2008-0600:
  Extra fix from upstream applied.    Fix memory leak in netlabel code
  (#352281)  Autoload the Dell dcdbas driver like in F8 (#326041)  Work
  around broken Seagate LBA48 disks. (F8#429364)  Fix futex oops on
  uniprocessor machine. (F8#429412)  Add support for new Macbook
  touchpads. (F8#426574)  Fix the initio driver broken in 2.6.23.
  (F8#390531)  Fix segfaults from using vdso=2. (F8#427641)  FireWire
  updates, fixing multiple problems.  ACPI: fix multiple problems with
  brightness controls (F8#427518)  Wireless driver updates from upstream.

  http://www.linuxsecurity.com/content/view/134234

* Fedora 8 Update: kernel-2.6.23.15-137.fc8 (Feb 11)
  --------------------------------------------------
  Update to Linux kernel 2.6.23.15: Fix vmsplice local root
  vulnerability:  CVE-2008-0009: Fixed by update to 2.6.23.15.
  CVE-2008-0010: Fixed by update to 2.6.23.15.	CVE-2008-0600: Extra fix
  from upstream applied.    Fix memory leak in netlabel code.  Work
  around broken Seagate LBA48 disks. (#429364)	Fix futex oops on
  uniprocessor machine. (#429412)  Add support for new Macbook touchpads.
  (#426574)  Fix the initio driver broken in 2.6.23. (#390531)	Fix
  segfaults from using vdso=2. (#427641) FireWire updates, fixing
  multiple problems. (#429598)	ACPI: fix multiple problems with
  brightness controls (#427518)  Fix Megahertz PCMCIA Ethernet adapter
  (#233255)  Fix oops in netfilter. (#430663)  ACPI: fix early init of EC
  (#426480)  ALSA: fix audio on some systems with STAC codec (#431360)
  Atheros L2 fast Ethernet driver (atl2) for ASUS Eeepc.  ASUS Eeepc ACPI
  hotkey driver. Wireless driver updates from upstream.

  http://www.linuxsecurity.com/content/view/134235

* Fedora 7 Update: tk-8.4.13-7.fc7 (Feb 7)
  ----------------------------------------
  Fixed security issue - buffer overflow in gif parsing.

  http://www.linuxsecurity.com/content/view/134096

* Fedora 8 Update: dovecot 1.0.10-4.fc8 (Feb 7)
  ---------------------------------------------
  New upstream release, fixing a very minor security issue.

  http://www.linuxsecurity.com/content/view/134058

--------------------------------------------------------------------------

* Mandriva: Updated mandriva-kde-config packages fix loss of (Feb 13)
  -------------------------------------------------------------------
  The KDE panel has a clock applet which includes de hability to change
  its appearance and behavior. Because of a configuration problem, this
  applet was not properly saving these changes were not properly saved,
  being lost at every user login. This update fixes the problem.

  http://www.linuxsecurity.com/content/view/134527

* Mandriva: Updated desktop-common-data package fixes menus, (Feb 13)
  -------------------------------------------------------------------
  In Mandriva Linux 2008.0 some utilities were not correctly displayed in
  Tools menu (such as Yakuake), and settings:// was not working properly
  in KDE konqueror. This update fixes the problems.

  http://www.linuxsecurity.com/content/view/134526

* Mandriva: Updated kernel packages fix multiple (Feb 12)
  -------------------------------------------------------
  The wait_task_stopped function in the Linux kernel before 2.6.23.8
  checks a TASK_TRACED bit instead of an exit_state value, which allows
  local users to cause a denial of service (machine crash) via
  unspecified vectors.	NOTE: some of these details are obtained from
  third party information.

  http://www.linuxsecurity.com/content/view/134237

* Mandriva: Updated kernel packages fix multiple (Feb 12)
  -------------------------------------------------------
  A flaw in the vmsplice system call did not properly verify address
  arguments passed by user-space processes, which allowed local attackers
  to overwrite arbitrary kernel memory and gain root privileges. Mandriva
  urges all users to upgrade to these new kernels immediately as this
  flaw is being actively exploited.  This issue only affects 2.6.17 and
  newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are
  affected.

  http://www.linuxsecurity.com/content/view/134236

* Mandriva: Updated rpmdrake packages fix various bugs (Feb 8)
  ------------------------------------------------------------
  This drakxtools update package fixes issues with the hardrake tool to
  make sure that USB keys are not auto-configured by the service at boot
  (#34568), and adds back the Run Config tool button in the harddrake
  interface (#34794).

  http://www.linuxsecurity.com/content/view/134224

* Mandriva: Updated rpmdrake packages fix various bugs (Feb 8)
  ------------------------------------------------------------
  This update fixes a crash when reading packages with an empty backport
  media (#36720).  This is a rare bug since DVD media did not include
  backport media, and network media provides a non-empty backport media.
  It also makes sure that a wait dialog always got destroyed (#36921).

  http://www.linuxsecurity.com/content/view/134222

* Mandriva: Updated Qt4 packages fix vulnerability in (Feb 8)
  -----------------------------------------------------------
  A potential vulnerability was discovered in Qt4 version 4.3.0 through
  4.3.2 which may cause a certificate verification in SSL connections not
  to be performed.  As a result, code that uses QSslSocket could be
  tricked into thinking that the certificate was verified correctly when
  it actually failed in one or more criteria. The updated packages have
  been patched to correct this issue.

  http://www.linuxsecurity.com/content/view/134217

* Mandriva: Updated tk packages fix buffer overflow (Feb 7)
  ---------------------------------------------------------
  The ReadImage() function in Tk did not check codeSize read from GIF
  images prior to initializing the append array, which could lead to a
  buffer overflow with unknown impact. The updated packages have been
  patched to correct this issue.

  http://www.linuxsecurity.com/content/view/134215

* Mandriva: Updated SDL_image packages fix vulnerabilities (Feb 7)
  ----------------------------------------------------------------
  The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a
  boundary error that could be triggered to cause a static buffer
  overflow and a heap-based buffer overflow.  If a user using an
  application linked against the SDL_image library were to open a
  carefully crafted GIF or IFF ILBM file, the application could crash or
  possibly allow for the execution of arbitrary code. The updated
  packages have been patched to correct this issue.

  http://www.linuxsecurity.com/content/view/134214

* Mandriva: Updated netpbm packages fix buffer overflow (Feb 7)
  -------------------------------------------------------------
  A buffer overflow in the giftopnm utility in netpbm prior to version
  10.27 could allow attackers to have an unknown impact via a specially
  crafted GIF file. The updated packages have been patched to correct
  this issue.

  http://www.linuxsecurity.com/content/view/134212

* Mandriva: Updated gd packages fix buffer overflow (Feb 7)
  ---------------------------------------------------------
  Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD
  prior to 2.0.34 allows remote attackers to have an unknown impact via a
  GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers
  an overflow when initializing the table array. This was originally
  fixed in PHP's embedded GD with MDKSA-2006:162; patches had not been
  applied to the system libgd at that time. The updated packages have
  been patched to correct this issue.

  http://www.linuxsecurity.com/content/view/134213

* Mandriva: Updated libcdio packages fix DoS vulnerability (Feb 7)
  ----------------------------------------------------------------
  A stack-based buffer overflow was discovered in libcdio that allowed
  context-dependent attackers to cause a denial of service (core dump)
  and possibly execute arbitrary code via a disk or image file that
  contains a long joliet file name. In addition, a fix for failed UTF-8
  conversions that would cause a segfault on certain ISOs was also fixed.
  The updated packages have been patched to correct this issue.

  http://www.linuxsecurity.com/content/view/134211

--------------------------------------------------------------------------

* Slackware:   kernel exploit fix (Feb 12)
  ----------------------------------------
  New kernel packages are available for Slackware 12.0, and -current to
  fix a local root exploit. More details about this issue may be found in
  the Common Vulnerabilities and Exposures (CVE) database:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0010
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0163
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600

  http://www.linuxsecurity.com/content/view/134251

--------------------------------------------------------------------------

* Ubuntu:  Linux kernel vulnerabilities (Feb 13)
  ----------------------------------------------
  The minix filesystem did not properly validate certain filesystem
  values. If a local attacker could trick the system into attempting to
  mount a corrupted minix filesystem, the kernel could be made to hang
  for long periods of time, resulting in a denial of service.
  (CVE-2006-6058)

  http://www.linuxsecurity.com/content/view/134529

* Ubuntu:  Linux kernel vulnerability (Feb 12)
  --------------------------------------------
  Wojciech Purczynski discovered that the vmsplice system call did not
  properly perform verification of user-memory pointers. A local attacker
  could exploit this to overwrite arbitrary kernel memory and gain root
  privileges. (CVE-2008-0600)

  http://www.linuxsecurity.com/content/view/134247

* Ubuntu:  Firefox vulnerabilities (Feb 7)
  ----------------------------------------
  Various flaws were discovered in the browser and JavaScript engine. By
  tricking a user into opening a malicious web page, an attacker could
  execute arbitrary code with the user's privileges. (CVE-2008-0412,
  CVE-2008-0413)

  http://www.linuxsecurity.com/content/view/134216

--------------------------------------------------------------------------

* Foresight: python (Feb 12)
  --------------------------
  Previous versions of the python package contain an integer overflow in
  the	 imageop module which could cause a denial-of-service (crash) or
  possibly    leak sensitive information.

  http://www.linuxsecurity.com/content/view/134246

* Foresight: firefox (Feb 12)
  ---------------------------
  Multiple vulnerabilities have been fixed in firefox, the most serious
  of	which is thought to allow unauthorized remote execution of
  abitrary code at    the permission level of the user running firefox.

  http://www.linuxsecurity.com/content/view/134245

* Foresight: imageop (Feb 12)
  ---------------------------
  Previous versions of the python package contain an integer overflow in
  the	 imageop module which could cause a denial-of-service (crash) or
  possibly    leak sensitive information.

  http://www.linuxsecurity.com/content/view/134244

* Foresight: nss_ldap (Feb 12)
  ----------------------------
  Previous versions of nss_ldap contain a race condition that can allow
  nss_ldap to return the wrong information, allowing for the possibility
  of improper information disclosure.

  http://www.linuxsecurity.com/content/view/134243

* Foresight: rsync (Feb 12)
  -------------------------
  Previous versions of the rsync package contain vulnerabilities in the
  rsync    server, potentially allowing users to bypass security
  restrictions.    Foresight Linux does not, by default, configure the
  rsync server to run.

  http://www.linuxsecurity.com/content/view/134242

* Foresight: e2fsprogs (Feb 12)
  -----------------------------
  Previous versions of the e2fsprogs package are vulnerable to multiple
  integer overflows which may be exploited via specially-crafted
  filesystems. The workaround for is to not run fsck on a filesystem to
  which an untrusted user has the ability to directly modify filesystem
  metadata. This is most commonly an issue when using a virtualization
  solution in which the root user for the guest OS is not trusted, and
  can convince the host's root user to run fsck on the guests's
  filesystem. Foresight Linux neither enables nor supports any form of
  virtualization in the default install.

  http://www.linuxsecurity.com/content/view/134241

* Foresight: tetex (Feb 12)
  -------------------------
  Previous versions of the tetex package are vulnerable to multiple
  issues, the worst of which is believed to allow arbitrary code
  execution via user-assisted vectors when dvips or dviljk are run of
  specially-crafted files, or when loading malformed font data using
  t1lib.

  http://www.linuxsecurity.com/content/view/134240

* Foresight: gd (Feb 12)
  ----------------------
  Previous versions of the gd package are vulnerable to a possible
  Arbitrary Code Execution attack in which an attacker may use a
  maliciously crafted GIF file to trigger a buffer overflow. The libgd
  library is not exposed via any privileged or remote interfaces within
  Foresight Linux proper.

  http://www.linuxsecurity.com/content/view/134239

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Feb 19 2008 - 01:11:11 PST