[ISN] Linux Advisory Watch: May 16th, 2008

From: InfoSec News (alerts@private)
Date: Mon May 19 2008 - 00:07:01 PDT


+------------------------------------------------------------------------+
| LinuxSecurity.com                                    Weekly Newsletter |
| May 16th, 2008                                     Volume 9, Number 20 |
|                                                                        |
| Editorial Team:                Dave Wreski <dwreski@private> |
|                         Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for gforge, openssh, openssl,
icedove, sipp, openoffic, libid3tag, InspIRCd, firebird, perl,
drakxtools, hal-info, ImageMagick, libvorbis, xen, gpdf, php,
mozilla-thunderbird, OpenVPN, and Speex.  The distributors include
Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.

---

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26

---

Review: The Book of Wireless
----------------------------
'The Book of Wireless' by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of Wireless
networks today anyone with a computer should at least know the basics of
wireless. Also, with the wireless networking, users need to know how to
protect themselves from wireless networking attacks.

http://www.linuxsecurity.com/content/view/136167

---

April 2008 Open Source Tool of the Month: sudo
----------------------------------------------
This month the editors at LinuxSecurity.com have chosen sudo as the Open
Source Tool of the Month!

http://www.linuxsecurity.com/content/view/135868

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

--------------------------------------------------------------------------

* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.19 (Version 3.0, Release 19).  This release includes many
  updated packages and bug fixes and some feature enhancements to the
  EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/136174

--------------------------------------------------------------------------

* Debian: New gforge packages fix insecure temporary files (May 14)
  -----------------------------------------------------------------
  Stephen Gran and Mark Hymers discovered that some scripts run by
  GForge, a collaborative development tool, open files in write mode in a
  potentially insecure manner. This may be exploited to overwrite
  arbitary files on the local system.

  http://www.linuxsecurity.com/content/view/136980

* Debian: New openssh packages fix predictable randomness (May 14)
  ----------------------------------------------------------------
  Jan Pechanec discovered that ssh fails back to creating a trusted X11
   cookie if creating an untrusted cookie fails, potentially exposing
  the local display to a malicious remote server when using X11
  forwarding.

  http://www.linuxsecurity.com/content/view/136975

* Debian: New openssl packages fix predictable random number generator (May 13)
  -------------------------------------------------------------------------
  Luciano Bello discovered that the random number generator in Debian's
  openssl package is predictable.  This is caused by an incorrect
  Debian-specific change to the openssl package (CVE-2008-0166).  As a
  result, cryptographic key material may be guessable.

  http://www.linuxsecurity.com/content/view/136865

* Debian: New Linux 2.6.18 packages fix denial of service (May 12)
  ----------------------------------------------------------------
  Alexander Viro discovered a race condition in the fcntl code that may
  permit local users on multi-processor systems to execute parallel code
  paths that are otherwise prohibited and gain re-ordered access to the
  descriptor table.

  http://www.linuxsecurity.com/content/view/136862

* Debian: New icedove packages fix several vulnerabilities (May 12)
  -----------------------------------------------------------------
  Several remote vulnerabilities have been discovered in the Icedove mail
  client, an unbranded version of the Thunderbird client. The Common
  Vulnerabilities and Exposures project identifies the following
  problems:

  http://www.linuxsecurity.com/content/view/136861

--------------------------------------------------------------------------

* Fedora 7 Update: sipp-3.1-1.fc7 (May 10)
  ----------------------------------------
  Bug #444728 - CVE-2008-1959 SIPp stack based buffer overflow in
  get_remote_video_port_media()
  https://bugzilla.redhat.com/show_bug.cgi?id=3D444728

  http://www.linuxsecurity.com/content/view/136739

--------------------------------------------------------------------------

* Gentoo: OpenOffice.org Multiple vulnerabilities (May 14)
  --------------------------------------------------------
  Multiple vulnerabilities have been reported in OpenOffice.org, possibly
  allowing for user-assisted execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/136982

* Gentoo: libid3tag Denial of Service (May 14)
  --------------------------------------------
  A Denial of Service vulnerability was found in libid3tag.

  http://www.linuxsecurity.com/content/view/136978

* Gentoo: InspIRCd Denial of Service (May 9)
  ------------------------------------------
  A buffer overflow in InspIRCd allows remote attackers to cause a Denial
  of Service.

  http://www.linuxsecurity.com/content/view/136736

* Gentoo: Linux Terminal Server Project Multiple vulnerabilities (May 9)
  ----------------------------------------------------------------------
  Multiple vulnerabilities have been discovered in components shipped
  with LTSP which allow remote attackers to compromise terminal clients.

  http://www.linuxsecurity.com/content/view/136735

* Gentoo: Firebird Data disclosure (May 9)
  ----------------------------------------
  Firebird allows remote connections to the administrative account
  without verifying credentials.

  http://www.linuxsecurity.com/content/view/136734

--------------------------------------------------------------------------

* Mandriva: Updated perl packages fix denial of service (May 11)
  --------------------------------------------------------------
  A double free vulnerability in Perl 5.8.8 and earlier versions, allows
  context-dependent attackers to cause a denial of service (memory
  corruption and crash) via a crafted regular expression containing UTF8
  characters. The updated packages have been patched to prevent this.

  http://www.linuxsecurity.com/content/view/136857

* Mandriva: Updated drakxtools package fixes various bugs (May 9)
  ---------------------------------------------------------------
  This update fixes several minor issues:   - some GUIes (eg: rpmdrake)
  would crash on clicking on the close=09 button while they load (bug
  #35230)   - draksec was crashing if the administrator refused to
  install   (bug #38911)   - localdrake: After changing the localization
  language from drakconf   in a high security level, the permissions of
  /etc/sysconfig/i18n were   changed such that the file was only readable
  by root.  This caused   graphical login via kdm to fail (bug #39027)

  http://www.linuxsecurity.com/content/view/136738

* Mandriva: Updated hal-info package fixes resume issue (May 8)
  -------------------------------------------------------------
  An updated hal-info package fixes resume from suspend to RAM on HP
  6710b systems.  It had previously failed with a black screen on
  Mandriva Linux 2008.0.

  http://www.linuxsecurity.com/content/view/136731

* Mandriva: Updated ImageMagick packages fix vulnerabilities (May 8)
  ------------------------------------------------------------------
  A heap-based buffer overflow vulnerability was found in how ImageMagick
  parsed XCF files.  If ImageMagick opened a specially-crafted XCF file,
  it could be made to overwrite heap memory beyond the bounds of its
  allocated memory, potentially allowing an attacker to execute arbitrary
  code on the system running ImageMagick (CVE-2008-1096).

  http://www.linuxsecurity.com/content/view/136729

--------------------------------------------------------------------------

* RedHat: Important: libvorbis security update (May 14)
  -----------------------------------------------------
  Updated libvorbis packages that fix various security issues are now
  available for Red Hat Enterprise Linux 3, 4, and 5. This update has
  been rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/136972

* RedHat: Important: libvorbis security update (May 14)
  -----------------------------------------------------
  Updated libvorbis packages that fix various security issues are now
  available for Red Hat Enterprise Linux 2.1. This update has been rated
  as having important security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/136973

* RedHat: Important: xen security and bug fix update (May 13)
  -----------------------------------------------------------
  Daniel P. Berrange discovered that the hypervisor's para-virtualized
  framebuffer (PVFB) backend failed to validate the format of messages
  serving to update the contents of the framebuffer. This could allow a
  malicious user to cause a denial of service, or compromise the
  privileged domain (Dom0). (CVE-2008-1944)

  http://www.linuxsecurity.com/content/view/136866

* RedHat: Important: gpdf security update (May 8)
  -----------------------------------------------
  Kees Cook discovered a flaw in the way gpdf displayed malformed fonts
  embedded in PDF files. An attacker could create a malicious PDF file
  that would cause gpdf to crash, or, potentially, execute arbitrary code
  when opened. (CVE-2008-1693)

  http://www.linuxsecurity.com/content/view/136721

--------------------------------------------------------------------------

* Slackware:   php (May 8)
  ------------------------
  New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,
  and -current to fix security issues. Note that PHP5 is not the default
  PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is
  not ready for PHP5, don't upgrade until it is or you'll (by definition)
  run into problems. More details about one of the issues may be found in
  the Common Vulnerabilities and Exposures (CVE) database:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-0599

  http://www.linuxsecurity.com/content/view/136719

* Slackware:   mozilla-thunderbird (May 8)
  ----------------------------------------
  New mozilla-thunderbird packages are available for Slackware 10.2,
  11.0, 12.0, 12.1, and -current to fix security issues, including
  crashes that can corrupt memory, as well as a JavaScript privilege
  escalation and arbitrary code execution flaw. More details about these
  issues may be found here:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#thu
  nderbird

  http://www.linuxsecurity.com/content/view/136720

--------------------------------------------------------------------------

* Ubuntu:  OpenVPN regression (May 14)
  ------------------------------------
  USN-612-3 addressed a weakness in OpenSSL certificate and keys
  generation in OpenVPN by adding checks for vulnerable certificates and
  keys to OpenVPN. A regression was introduced in OpenVPN when using TLS
  and multi-client/server which caused OpenVPN to not start  when using
  valid SSL certificates.

  http://www.linuxsecurity.com/content/view/136983

* Ubuntu:  OpenSSH update (May 14)
  --------------------------------
  Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with
  options (such as "no-port-forwarding" or forced commands) were ignored
  by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This
  could cause some compromised keys not to be listed in ssh-vulnkey's
  output.

  http://www.linuxsecurity.com/content/view/136981

* Ubuntu:  ssl-cert vulnerability (May 14)
  ----------------------------------------
  A weakness has been discovered in the random number generator used  by
  OpenSSL on Debian and Ubuntu systems.  As a result of this  weakness,
  certain encryption keys are much more common than they  should be, such
  that an attacker could guess the key through a  brute-force attack
  given minimal knowledge of the system.  This=09particularly affects the
  use of encryption keys in OpenSSH, OpenVPN  and SSL certificates.

  http://www.linuxsecurity.com/content/view/136974

* Ubuntu:  OpenSSH vulnerability (May 13)
  ---------------------------------------
  A weakness has been discovered in the random number generator used by
  OpenSSL on Debian and Ubuntu systems.  As a result of this weakness,
  certain encryption keys are much more common than they should be, such
  that an attacker could guess the key through a brute-force attack given
  minimal knowledge of the system.  This particularly affects the use of
  encryption keys in OpenSSH.

  http://www.linuxsecurity.com/content/view/136970

* Ubuntu:  OpenSSL vulnerability (May 13)
  ---------------------------------------
  A weakness has been discovered in the random number generator used by
  OpenSSL on Debian and Ubuntu systems.  As a result of this weakness,
  certain encryption keys are much more common than they should be, such
  that an attacker could guess the key through a brute-force attack given
  minimal knowledge of the system.  This particularly affects the use of
  encryption keys in OpenSSH, OpenVPN and SSL certificates.

  http://www.linuxsecurity.com/content/view/136870

* Ubuntu:  GStreamer Good Plugins vulnerability (May 8)
  -----------------------------------------------------
  It was discovered that Speex did not properly validate its input when
  processing Speex file headers. If a user or automated system were
  tricked into opening a specially crafted Speex file, an attacker could
  create a denial of service in applications linked against Speex or
  possibly execute arbitrary code as the user invoking the program.

  http://www.linuxsecurity.com/content/view/136728

* Ubuntu:  vorbis-tools vulnerability (May 8)
  -------------------------------------------
  It was discovered that Speex did not properly validate its input when
  processing Speex file headers. If a user or automated system were
  tricked into opening a specially crafted Speex file, an attacker could
  create a denial of service in applications linked against Speex or
  possibly execute arbitrary code as the user invoking the program.

  http://www.linuxsecurity.com/content/view/136726

* Ubuntu:  Speex vulnerability (May 8)
  ------------------------------------
  It was discovered that Speex did not properly validate its input when
  processing Speex file headers. If a user or automated system were
  tricked into opening a specially crafted Speex file, an attacker could
  create a denial of service in applications linked against Speex or
  possibly execute arbitrary code as the user invoking the program.

  http://www.linuxsecurity.com/content/view/136725

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 19 2008 - 00:14:17 PDT