[ISN] Linux Advisory Watch: May 9th, 2008

From: InfoSec News (alerts@private)
Date: Mon May 12 2008 - 01:23:31 PDT


+------------------------------------------------------------------------+
| LinuxSecurity.com                                    Weekly Newsletter |
| May 9th, 2008                                      Volume 9, Number 19 |
|                                                                        |
| Editorial Team:                Dave Wreski <dwreski@private> |
|                         Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week security advisories were issued for CUPS, Emacs, KDE, LTSP,
OpenOffice.org, b2evolution, blender, cacti, cpio, gpdf, kazehakase,
kdelibs, kernel, mozilla-thunderbird, openssh, php, roundup, wordpress,
and multiple X11 terminals.  The distributors included Debian, Gentoo,
Mandriva, Red Hat, Slackware, and Ubuntu.

---

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26

---

Review: The Book of Wireless
----------------------------
=93The Book of Wireless=94 by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of Wireless
networks today anyone with a computer should at least know the basics of
wireless. Also, with the wireless networking, users need to know how to
protect themselves from wireless networking attacks.

http://www.linuxsecurity.com/content/view/136167

---

April 2008 Open Source Tool of the Month: sudo
----------------------------------------------
This month the editors at LinuxSecurity.com have chosen sudo as the Open
Source Tool of the Month!

http://www.linuxsecurity.com/content/view/135868

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

--------------------------------------------------------------------------

* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.19 (Version 3.0, Release 19).  This release includes many
  updated packages and bug fixes and some feature enhancements to the
  EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/136174

--------------------------------------------------------------------------

* Debian: New kazehakase packages fix execution of arbitrary (May 6)
  ------------------------------------------------------------------
  The PCRE library has been updated to fix the security issues reported
  against it in previous Debian Security Advisories.  This update ensures
  that kazehakase  uses that supported library, and not its own embedded
  and insecure version.

  http://www.linuxsecurity.com/content/view/136706

* Debian: New roundup packages fix regression (May 6)
  ---------------------------------------------------
  Roundup, an issue tracking system, fails to properly escape HTML input,
  allowing an attacker to inject client-side code (typically JavaScript)
  into a document that may be viewed in the victim's browser.

  http://www.linuxsecurity.com/content/view/136702

* Debian: New cacti packages fix regression (May 6)
  -------------------------------------------------
  It was discovered that Cacti, a systems and services monitoring
  frontend, performed insufficient input sanitising, leading to cross
  site scripting and SQL injection being possible.

  http://www.linuxsecurity.com/content/view/136701

* Debian: New cacti packages fix multiple vulnerabilities (May 5)
  ---------------------------------------------------------------
  It was discovered that Cacti, a systems and services monitoring
  frontend, performed insufficient input sanitising, leading to cross
  site scripting and SQL injection being possible.

  http://www.linuxsecurity.com/content/view/136698

* Debian: New b2evolution packages fix cross site scripting (May 5)
  -----------------------------------------------------------------
  "unsticky" discovered that b2evolution, a blog engine, performs
  insufficient input sanitising, allowing for cross site scripting.

  http://www.linuxsecurity.com/content/view/136697

* Debian: New blender packages fix arbitrary code execution (May 5)
  -----------------------------------------------------------------
  Stefan Cornelius discovered a vulnerability in the Radiance High
  Dynamic Range (HDR) image parser in Blender, a 3D modelling
  application.=09The weakness could enable a stack-based buffer overflow
  and the execution of arbitrary code if a maliciously-crafted HDR file
  is opened, or if a directory containing such a file is browsed via
  Blender's image-open dialog.

  http://www.linuxsecurity.com/content/view/136696

* Debian: New cpio packages fix denial of service (May 2)
  -------------------------------------------------------
  Dmitry Levin discovered a vulnerability in path handling code used by
  the cpio archive utility.  The weakness could enable a denial of
  service (crash) or potentially the execution of arbitrary code if a
  vulnerable version of cpio is used to extract or to list the contents
  of a maliciously crafted archive.

  http://www.linuxsecurity.com/content/view/136691

* Debian: New Linux 2.6.18 packages fix several vulnerabilities (May 1)
  ---------------------------------------------------------------------
  Several local vulnerabilities have been discovered in the Linux kernel
  that may lead to a denial of service or the execution of arbitrary
  code. The Common Vulnerabilities and Exposures project identifies the
  following problems:

  http://www.linuxsecurity.com/content/view/136688

* Debian: New wordpress packages fix several vulnerabilities (May 1)
  ------------------------------------------------------------------
  Several remote vulnerabilities have been discovered in wordpress, a
  weblog manager. The Common Vulnerabilities and Exposures project
  identifies the following problems: Insufficient input sanitising
  allowed for remote attackers to     redirect visitors to external
  websites.

  http://www.linuxsecurity.com/content/view/136687

--------------------------------------------------------------------------

* Gentoo: Multiple X11 terminals Local privilege escalation (May 7)
  -----------------------------------------------------------------
  A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT,
  rxvt-unicode, and wterm, allowing for local privilege escalation.

  http://www.linuxsecurity.com/content/view/136718

--------------------------------------------------------------------------

* Mandriva: Updated openssh packages fix vulnerability (May 6)
  ------------------------------------------------------------
  A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to
  bypass intended security restrictions enabling them to execute commands
  other than those specified by the ForceCommand directive, provided they
  are able to modify to ~/.ssh/rc (CVE-2008-1657). The updated packages
  have been patched to correct this issue.

  http://www.linuxsecurity.com/content/view/136710

* Mandriva: Updated kdelibs packages fix vulnerability in (May 6)
  ---------------------------------------------------------------
  A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9
  where, if it was installed setuid root, it could allow local users to
  cause a denial of service or possibly execute arbitrary code
  (CVE-2008-1671). By default, start_kdeinit is not installed setuid root
  on Mandriva Linux, however updated packages have been patched to
  correct this issue.

  http://www.linuxsecurity.com/content/view/136709

* Mandriva: Updated emacs packages fix vulnerability in vcdiff (May 6)
  --------------------------------------------------------------------
  Steve Grubb found that the vcdiff script in Emacs create temporary
  files insecurely when used with SCCS.  A local user could exploit a
  race condition to create or overwrite files with the privileges of the
  user invoking the program (CVE-2008-1694). The updated packages have
  been patched to correct this issue.

  http://www.linuxsecurity.com/content/view/136708

* Mandriva: Updated OpenOffice.org packages fix (May 2)
  -----------------------------------------------------
  A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow
  user-assisted remote attackers to execute arbitrary Java code via
  crafted database documents (CVE-2007-4575).

  http://www.linuxsecurity.com/content/view/136692

--------------------------------------------------------------------------

* RedHat: Important: gpdf security update (May 8)
  -----------------------------------------------
  Kees Cook discovered a flaw in the way gpdf displayed malformed fonts
  embedded in PDF files. An attacker could create a malicious PDF file
  that would cause gpdf to crash, or, potentially, execute arbitrary code
  when opened. (CVE-2008-1693)

  http://www.linuxsecurity.com/content/view/136721

* RedHat: Important: kernel security and bug fix update (May 7)
  -------------------------------------------------------------
  Updated kernel packages that fix various security issues and several
  bugs are now available for Red Hat Enterprise Linux 3. This update has
  been rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/136713

* RedHat: Important: kernel security and bug fix update (May 7)
  -------------------------------------------------------------
  Updated kernel packages that fix various security issues and several
  bugs are now available for Red Hat Enterprise Linux 5. This update has
  been rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/136714

* RedHat: Important: kernel security and bug fix update (May 7)
  -------------------------------------------------------------
  Updated kernel packages that fix various security issues and several
  bugs are now available for Red Hat Enterprise Linux 4. This update has
  been rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/136715

--------------------------------------------------------------------------

* Slackware:   php (May 8)
  ------------------------
  New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,
  and -current to fix security issues. Note that PHP5 is not the default
  PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is
  not ready for PHP5, don't upgrade until it is or you'll (by definition)
  run into problems. More details about one of the issues may be found in
  the Common Vulnerabilities and Exposures (CVE) database:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-0599

  http://www.linuxsecurity.com/content/view/136719

* Slackware:   mozilla-thunderbird (May 8)
  ----------------------------------------
  New mozilla-thunderbird packages are available for Slackware 10.2,
  11.0, 12.0, 12.1, and -current to fix security issues, including
  crashes that can corrupt memory, as well as a JavaScript privilege
  escalation and arbitrary code execution flaw. More details about these
  issues may be found here:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#thu
  nderbird

  http://www.linuxsecurity.com/content/view/136720

--------------------------------------------------------------------------

* Ubuntu:  LTSP vulnerability (May 7)
  -----------------------------------
  Christian Herzog discovered that it was possible to connect to any LTSP
  client's X session over the network.=09A remote attacker could eavesdrop
  on X events, read window contents, and record keystrokes, possibly
  gaining access to private information.

  http://www.linuxsecurity.com/content/view/136712

* Ubuntu:  OpenOffice.org vulnerabilities (May 7)
  -----------------------------------------------
  It was discovered that arbitrary Java methods were not filtered out
  when opening databases in OpenOffice.org.  If a user were tricked into
  running a specially crafted query, a remote attacker could execute
  arbitrary Java with user privileges. (CVE-2007-4575)

  http://www.linuxsecurity.com/content/view/136711

* Ubuntu:  Thunderbird vulnerabilities (May 6)
  --------------------------------------------
  Various flaws were discovered in the JavaScript engine. If a user had
  JavaScript enabled and were tricked into opening a malicious email, an
  attacker could escalate privileges within Thunderbird, perform
  cross-site scripting attacks and/or execute arbitrary code with the
  user's privileges.

  http://www.linuxsecurity.com/content/view/136707

* Ubuntu:  KDE vulnerability (May 6)
  ----------------------------------
  It was discovered that start_kdeinit in KDE 3 did not properly sanitize
  its input. A local attacker could exploit this to send signals to other
  processes and cause a denial of service or possibly execute arbitrary
  code. (CVE-2008-1671)

  http://www.linuxsecurity.com/content/view/136703

* Ubuntu:  Emacs vulnerabilities (May 6)
  --------------------------------------
  It was discovered that Emacs did not account for precision when
  formatting integers. If a user were tricked into opening a specially
  crafted file, an attacker could cause a denial of service or possibly
  other unspecified actions. This issue does not affect Ubuntu 8.04.
  (CVE-2007-6109) Steve Grubb discovered that the vcdiff script as
  included in Emacs created temporary files in an insecure way when used
  with SCCS. Local users could exploit a race condition to create or
  overwrite files with the privileges of the user invoking the program.
  (CVE-2008-1694)

  http://www.linuxsecurity.com/content/view/136704

* Ubuntu:  CUPS vulnerability (May 5)
  -----------------------------------
  Thomas Pollet discovered that CUPS did not properly validate the size
  of PNG images. A local attacker, and a remote attacker if printer
  sharing is enabled, could send a crafted file and cause a denial of
  service or possibly execute arbitrary code as the non-root user in
  Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated
  by the AppArmor CUPS profile. (CVE-2008-1722)

  http://www.linuxsecurity.com/content/view/136695

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 12 2008 - 01:32:06 PDT