[ISN] Linux Advisory Watch - September 28th 2009

From: InfoSec News <alerts_at_private>
Date: Wed, 30 Sep 2009 03:20:46 -0500 (CDT)
+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| September 28th, 2009                            Volume 10, Number 40 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski_at_private> |
|                       Benjamin D. Thomas <bthomas_at_private> |
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for xmltooling, newt, cyrus-imapd,
dovecot, changetrak, backintime, gnutls, asterisk, rubygem, proftpd,
xmp, cURL, dnsmasq, php, ldetect-lst, drakxtools, glib, freetype,
rrdtool, glpi, xfig, setup, squid, apache, qt4, qca, openssl, firefox,
and pidgen.  The distributors include Debian, Fedora, Gentoo, Mandriva,
Red Hat, and Ubuntu.

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond.  But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?"  The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.

http://www.linuxsecurity.com/content/view/145939

---

A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.

http://www.linuxsecurity.com/content/view/144088

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.22 (Version 3.0, Release 22).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: New xmltooling packages fix potential code execution (Sep 24)
  ---------------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150221

* Debian: New newt packages fix arbitrary code execution (Sep 24)
  ---------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150211

* Debian: New cyrus-imapd-2.2/kolab-cyrus-imapd packages fix arbitrary code execution (Sep 23)
  --------------------------------------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150196

* Debian: New dovecot packages fix arbitrary code execution (Sep 23)
  ------------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150195

* Debian: New changetrack packages fix arbitrary code execution (Sep 22)
  ----------------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150175

------------------------------------------------------------------------

* Fedora 11 Update: newt-0.52.10-4.fc11 (Sep 25)
  ----------------------------------------------
  Fixes a buffer overflow in textbox, which could be exploited to
  execute arbitrary code.

  http://www.linuxsecurity.com/content/view/150237

* Fedora 10 Update: newt-0.52.10-2.fc10 (Sep 25)
  ----------------------------------------------
  Fixes a buffer overflow in textbox, which could be exploited to
  execute arbitrary code.

  http://www.linuxsecurity.com/content/view/150236

* Fedora 11 Update: backintime-0.9.26-3.fc11 (Sep 25)
  ---------------------------------------------------


  http://www.linuxsecurity.com/content/view/150234

* Fedora 10 Update: backintime-0.9.26-3.fc10 (Sep 25)
  ---------------------------------------------------


  http://www.linuxsecurity.com/content/view/150235

* Fedora 10 Update: gnutls-2.4.2-5.fc10 (Sep 25)
  ----------------------------------------------
  This update fixes handling of NUL characters in certificate  Common
  Name or subjectAltName fields especially in regards to comparsion to
  hostnames.

  http://www.linuxsecurity.com/content/view/150232

* Fedora 11 Update: asterisk-1.6.1.6-1.fc11 (Sep 25)
  --------------------------------------------------
  Update to 1.6.1.6 to fix many bugs...

  http://www.linuxsecurity.com/content/view/150233

* Fedora 11 Update: rubygem-actionpack-2.3.3-2.fc11 (Sep 25)
  ----------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150229

* Fedora 11 Update: rubygem-activesupport-2.3.3-2.fc11 (Sep 25)
  -------------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150230

* Fedora 11 Update: gnutls-2.6.6-3.fc11 (Sep 25)
  ----------------------------------------------
  This update fixes handling of NUL characters in certificate  Common
  Name or subjectAltName fields especially in regards to comparsion to
  hostnames.

  http://www.linuxsecurity.com/content/view/150231

* Fedora 10 Update: asterisk-1.6.0.15-1.fc10 (Sep 25)
  ---------------------------------------------------
  Update to 1.6.0.15 to fix many bugs...

  http://www.linuxsecurity.com/content/view/150228

* Fedora 10 Update: proftpd-1.3.2a-5.fc10 (Sep 24)
  ------------------------------------------------
  This update has a large number of changes from previous Fedora
  packages; the highlights are as follows:    - Update to upstream
  release 1.3.2a  - Fix SQL injection vulnerability at login (#485125,
  CVE-2009-0542)  - Fix SELinux compatibility (#498375)  - Fix audit
  logging (#506735)  - Fix default configuration (#509251)  - Many new
  loadable modules including mod_ctrls_admin and mod_wrap2  - National
  Language Support (RFC 2640)  - Enable/disable common features in
  /etc/sysconfig/proftpd

  http://www.linuxsecurity.com/content/view/150210

* Fedora 10 Update: xmp-2.7.1-1.fc10 (Sep 24)
  -------------------------------------------
  Update to latest stable release. Multiple bugfixes and memory leak
  fixes. Fixes for buffer overflows in DTT and OXM loaders.

  http://www.linuxsecurity.com/content/view/150208

* Fedora 11 Update: cyrus-imapd-2.3.15-1.fc11 (Sep 24)
  ----------------------------------------------------
  Fixed multiple stack-based buffer overflows in libsieve, which
  allowed context- dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted SIEVE
  script.

  http://www.linuxsecurity.com/content/view/150209

* Fedora 10 Update: cyrus-imapd-2.3.15-1.fc10 (Sep 24)
  ----------------------------------------------------
  Fixed multiple stack-based buffer overflows in libsieve, which
  allowed context- dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted SIEVE
  script.

  http://www.linuxsecurity.com/content/view/150207

* Fedora 11 Update: xmp-2.7.1-1.fc11 (Sep 24)
  -------------------------------------------
  Update to latest stable release. Multiple bugfixes and memory leak
  fixes. Fixes for buffer overflows in DTT and OXM loaders.

  http://www.linuxsecurity.com/content/view/150206

* Fedora 10 Update: rubygem-activesupport-2.1.1-2.fc10 (Sep 24)
  -------------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150204

* Fedora 10 Update: rubygem-actionpack-2.1.1-3.fc10 (Sep 24)
  ----------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150205

------------------------------------------------------------------------

* Gentoo: cURL Certificate validation error (Sep 25)
  --------------------------------------------------
  =3D=3D=3D=3D=3D=3D=3D=3D An error in the X.509 certificate handling
  of cURL might enable remote attackers to conduct man-in-the-middle
  attacks.

  http://www.linuxsecurity.com/content/view/150223

* Gentoo: Dnsmasq Multiple vulnerabilities (Sep 20)
  -------------------------------------------------
  =3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities in Dnsmasq might
  result in the remote execution of arbitrary code, or a Denial of
  Service.

  http://www.linuxsecurity.com/content/view/150165

------------------------------------------------------------------------

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:248 ] php (Sep 25)
  ----------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in php: The
  php_openssl_apply_verification_policy function in PHP before 5.2.11
  does not properly perform certificate validation, which has unknown
  impact and attack vectors, probably related to an ability to spoof
  certificates (CVE-2009-3291). Unspecified vulnerability in PHP before
  5.2.11 has unknown impact and attack vectors related to missing
  sanity checks around exif processing. (CVE-2009-3292) Unspecified
  vulnerability in the imagecolortransparent function in PHP before
  5.2.11 has unknown impact and attack vectors related to an incorrect
  sanity check for the color index. (CVE-2009-3293). However in
  Mandriva we don't use the bundled libgd source in php per default,
  there is a unsupported package in contrib named php-gd-bundled that
  eventually will get updated to pickup these fixes. This update
  provides a solution to these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150227

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:247 ] php (Sep 25)
  ----------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in php: The
  dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
  attackers to cause a denial of service (file truncation) via a key
  with the NULL byte.  NOTE: this might only be a vulnerability in
  limited circumstances in which the attacker can modify or add
  database entries but does not have permissions to truncate the file
  (CVE-2008-7068). The php_openssl_apply_verification_policy function
  in PHP before 5.2.11 does not properly perform certificate
  validation, which has unknown impact and attack vectors, probably
  related to an ability to spoof certificates (CVE-2009-3291).
  Unspecified vulnerability in PHP before 5.2.11 has unknown impact and
  attack vectors related to missing sanity checks around exif
  processing. (CVE-2009-3292) Unspecified vulnerability in the
  imagecolortransparent function in PHP before 5.2.11 has unknown
  impact and attack vectors related to an incorrect sanity check for
  the color index. (CVE-2009-3293). However in Mandriva we don't use
  the bundled libgd source in php per default, there is a unsupported
  package in contrib named php-gd-bundled that eventually will get
  updated to pickup these fixes. This update provides a solution to
  these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150226

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:246 ] php (Sep 25)
  ----------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in php: The
  dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
  attackers to cause a denial of service (file truncation) via a key
  with the NULL byte.  NOTE: this might only be a vulnerability in
  limited circumstances in which the attacker can modify or add
  database entries but does not have permissions to truncate the file
  (CVE-2008-7068). The php_openssl_apply_verification_policy function
  in PHP before 5.2.11 does not properly perform certificate
  validation, which has unknown impact and attack vectors, probably
  related to an ability to spoof certificates (CVE-2009-3291).
  Unspecified vulnerability in PHP before 5.2.11 has unknown impact and
  attack vectors related to missing sanity checks around exif
  processing. (CVE-2009-3292) Unspecified vulnerability in the
  imagecolortransparent function in PHP before 5.2.11 has unknown
  impact and attack vectors related to an incorrect sanity check for
  the color index. (CVE-2009-3293) This update provides a solution to
  these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150224

* Mandriva: Subject: [Security Announce] [ MDVA-2009:171 ] ldetect-lst (Sep 24)
  -----------------------------------------------------------------------------
  This makes the configuration tools use the proper driver for two
  Matrox cards (bug #53564)

  http://www.linuxsecurity.com/content/view/150220

* Mandriva: Subject: [Security Announce] [ MDVA-2009:170 ] ldetect (Sep 24)
  -------------------------------------------------------------------------
  This update fixes a very trivial issue with lspcidrake displaying
  warnings about some USB devices.

  http://www.linuxsecurity.com/content/view/150219

* Mandriva: Subject: [Security Announce] [ MDVA-2009:169-1 ] drakxtools (Sep 24)
  ------------------------------------------------------------------------------
  These updated packages fix a bug preventing the use of firefox if the
  user had seen the help of drak3d in the drak3d session before first
  running firefox (bug #29775). These updated packages also adds
  support for VirtIO devices. Last but not least it ensures we have a
  recent enough perl-Gtk2 binding (eg: after failed KDE3 upgrade (bug
  #51870)).

  Update:

  The previous update was incomplete, this update corrects this.

  http://www.linuxsecurity.com/content/view/150218

* Mandriva: Subject: [Security Announce] [ MDVA-2009:169 ] drakxtools (Sep 24)
  ----------------------------------------------------------------------------
  These updated packages fix a bug preventing the use of firefox if the
  user had seen the help of drak3d in the drak3d session before first
  running firefox (bug #29775). These updated packages also adds
  support for VirtIO devices. Last but not least it ensures we have a
  recent enough perl-Gtk2 binding (eg: after failed KDE3 upgrade (bug
  #51870)).

  http://www.linuxsecurity.com/content/view/150214

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:245 ] glib2.0 (Sep 24)
  --------------------------------------------------------------------------
  A vulnerability was discovered and corrected in glib2.0: The
  g_file_copy function in glib 2.0 sets the permissions of a target
  file to the permissions of a symbolic link (777), which allows
  user-assisted local users to modify files of other users, as
  demonstrated by using Nautilus to modify the permissions of the user
  home directory (CVE-2009-3289). This update provides a solution to
  this vulnerability.

  http://www.linuxsecurity.com/content/view/150213

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:243-1 ] freetype2 (Sep 23)
  ------------------------------------------------------------------------------
  Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
  attackers to execute arbitrary code via vectors related to large
  values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
  and (3) cff/cffload.c. This update corrects the problem.

  Update:

  Correct a problem in the 2009.1 update of the lzw handling code.

  http://www.linuxsecurity.com/content/view/150203

* Mandriva: Subject: [Security Announce] [ MDVA-2009:168 ] rrdtool (Sep 23)
  -------------------------------------------------------------------------
  This update addresses a problem where rrdtool-1.3.x required a font
  installed like for example the DejaVuSansMono.ttf font. A dependancy
  was added on fonts-ttf-dejavu to address this problem.

  http://www.linuxsecurity.com/content/view/150199

* Mandriva: Subject: [Security Announce] [ MDVA-2009:167 ] glpi (Sep 23)
  ----------------------------------------------------------------------
  - To properly end installation, permission are not set for apache
  user for the following files: /var/www/glpi/glpi/config
  /var/www/glpi/docs /var/www/glpi/backups/dump, this update fixes this
  permissions. - Also php-mysql was included as a required dependencie
  for glpi.

  http://www.linuxsecurity.com/content/view/150198

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:244 ] xfig (Sep 23)
  -----------------------------------------------------------------------
  A vulnerability was discovered and corrected in xfig: Xfig in Debian
  GNU/Linux, possibly 3.2.5, allows local users to read and write
  arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2)
  xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5)
  xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8)
  xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or
  (11) xfig-spell.[PID] temporary files, where [PID] is a process ID
  (CVE-2009-1962). This update provides a solution to this
  vulnerability.

  http://www.linuxsecurity.com/content/view/150197

* Mandriva: Subject: [Security Announce] [ MDVA-2009:166 ] setup (Sep 23)
  -----------------------------------------------------------------------
  There was a small typo in /etc/services conserning the xmpp services.
  This update addresses this problem.

  http://www.linuxsecurity.com/content/view/150194

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:243 ] freetype2 (Sep 22)
  ----------------------------------------------------------------------------
  Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
  attackers to execute arbitrary code via vectors related to large
  values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
  and (3) cff/cffload.c. This update corrects the problem.

  http://www.linuxsecurity.com/content/view/150191

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:242-1 ] dovecot (Sep 22)
  ----------------------------------------------------------------------------
  A vulnerability was discovered and corrected in dovecot: Multiple
  stack-based buffer overflows in the Sieve plugin in Dovecot 1.0
  before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
  allow context-dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted SIEVE
  script, as demonstrated by forwarding an e-mail message to a large
  number of recipients, a different vulnerability than CVE-2009-2632
  (CVE-2009-3235). This update provides a solution to this
  vulnerability.

  Update:

  Packages for Enterprise 5 i586 were missing with the previous update.
  This update corrects this.

  http://www.linuxsecurity.com/content/view/150190

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:242 ] dovecot (Sep 22)
  --------------------------------------------------------------------------
  A vulnerability was discovered and corrected in dovecot: Multiple
  stack-based buffer overflows in the Sieve plugin in Dovecot 1.0
  before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
  allow context-dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted SIEVE
  script, as demonstrated by forwarding an e-mail message to a large
  number of recipients, a different vulnerability than CVE-2009-2632
  (CVE-2009-3235). This update provides a solution to this
  vulnerability.

  http://www.linuxsecurity.com/content/view/150184

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:241 ] squid (Sep 22)
  ------------------------------------------------------------------------
  A vulnerability was discovered and corrected in squid: The
  strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows
  remote attackers to cause a denial of service via a crafted auth
  header with certain comma delimiters that trigger an infinite loop of
  calls to the strcspn function (CVE-2009-2855). This update provides a
  solution to this vulnerability.

  http://www.linuxsecurity.com/content/view/150183

* Mandriva: Subject: [Security Announce] [ MDVA-2009:165 ] cfengine (Sep 22)
  --------------------------------------------------------------------------
  The 'recurse' keyword in any editfile action trigger the following
  warning, for each file found: cfengine:hostname: Unknown action in
  editing of file XYZ. This update fixes this issue.

  http://www.linuxsecurity.com/content/view/150182

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:240 ] apache (Sep 22)
  -------------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in apache: The
  ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the
  mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13
  allows remote FTP servers to cause a denial of service (NULL pointer
  dereference and child process crash) via a malformed reply to an EPSV
  command (CVE-2009-3094). The mod_proxy_ftp module in the Apache HTTP
  Server allows remote attackers to bypass intended access restrictions
  and send arbitrary commands to an FTP server via vectors related to
  the embedding of these commands in the Authorization HTTP header, as
  demonstrated by a certain module in VulnDisco Pack Professional 8.11.
   NOTE: as of 20090903, this disclosure has no actionable information.
  However, because the VulnDisco Pack author is a reliable researcher,
  the issue is being assigned a CVE identifier for tracking purposes
  (CVE-2009-3095). This update provides a solution to these
  vulnerabilities.

  http://www.linuxsecurity.com/content/view/150181

* Mandriva: Subject: [Security Announce] [ MDVA-2009:164 ] qt4 (Sep 22)
  ---------------------------------------------------------------------
  A higher version of qt4 in 2009.0 updates was preventing a proper
  upgrade from 2009.0 -> 2009.1. Additional required dependencies is
  also provided.

  http://www.linuxsecurity.com/content/view/150179

* Mandriva: Subject: [Security Announce] [ MDVA-2009:163 ] libxcb (Sep 22)
  ------------------------------------------------------------------------
  In 2009.1, if you launch Firefox remotely via ssh, xdm, or rlogin,
  the menus are sluggish.  When you right click on links, it takes 2-3
  *seconds* for the menu to appear. A new libxcb package was build with
  fixes for this issue, bringing firefox back to it's normal speed when
  running remotely.

  http://www.linuxsecurity.com/content/view/150178

* Mandriva: Subject: [Security Announce] [ MDVA-2009:162 ] qca (Sep 22)
  ---------------------------------------------------------------------
  This update resolves a new dependency introduced by okular added with
  the kde-4.2.x updates.

  http://www.linuxsecurity.com/content/view/150177

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:239 ] openssl (Sep 22)
  --------------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in openssl:
  Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
  function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
  attackers to cause a denial of service (openssl s_client crash) and
  possibly have unspecified other impact via a DTLS packet, as
  demonstrated by a packet from a server that uses a crafted server
  certificate (CVE-2009-1379). The dtls1_retrieve_buffered_fragment
  function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows
  remote attackers to cause a denial of service (NULL pointer
  dereference and daemon crash) via an out-of-sequence DTLS handshake
  message, related to a fragment bug. (CVE-2009-1387) The NSS library
  library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and
  2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2
  with X.509 certificates, which might allow remote attackers to spooof
  certificates by using MD2 design flaws to generate a hash collision
  in less than brute-force time.  NOTE: the scope of this issue is
  currently limited because the amount of computation required is still
  large (CVE-2009-2409). This update provides a solution to these
  vulnerabilities.

  http://www.linuxsecurity.com/content/view/150176

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:238 ] openssl (Sep 21)
  --------------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in openssl:
  Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
  function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
  attackers to cause a denial of service (openssl s_client crash) and
  possibly have unspecified other impact via a DTLS packet, as
  demonstrated by a packet from a server that uses a crafted server
  certificate (CVE-2009-1379). ssl/s3_pkt.c in OpenSSL before 0.9.8i
  allows remote attackers to cause a denial of service (NULL pointer
  dereference and daemon crash) via a DTLS ChangeCipherSpec packet that
  occurs before ClientHello (CVE-2009-1386). The
  dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL
  before 1.0.0 Beta 2 allows remote attackers to cause a denial of
  service (NULL pointer dereference and daemon crash) via an
  out-of-sequence DTLS handshake message, related to a fragment bug.
  (CVE-2009-1387) The NSS library library before 3.12.3, as used in
  Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k;
  and other products support MD2 with X.509 certificates, which might
  allow remote attackers to spooof certificates by using MD2 design
  flaws to generate a hash collision in less than brute-force time.
  NOTE: the scope of this issue is currently limited because the amount
  of computation required is still large (CVE-2009-2409). This update
  provides a solution to these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150173

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:237 ] openssl (Sep 21)
  --------------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in openssl:
  ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to
  cause a denial of service (NULL pointer dereference and daemon crash)
  via a DTLS ChangeCipherSpec packet that occurs before ClientHello
  (CVE-2009-1386). The NSS library library before 3.12.3, as used in
  Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k;
  and other products support MD2 with X.509 certificates, which might
  allow remote attackers to spooof certificates by using MD2 design
  flaws to generate a hash collision in less than brute-force time.
  NOTE: the scope of this issue is currently limited because the amount
  of computation required is still large (CVE-2009-2409). This update
  provides a solution to these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150172

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:236 ] firefox (Sep 20)
  --------------------------------------------------------------------------
  Security issues were identified and fixed in firefox 3.0.x: Multiple
  unspecified vulnerabilities in the browser engine in Mozilla Firefox
  before 3.0.14 allow remote attackers to cause a denial of service
  (memory corruption and application crash) or possibly execute
  arbitrary code via unknown vectors (CVE-2009-3069, CVE-2009-3070,
  CVE-2009-3071, CVE-2009-3072). Multiple unspecified vulnerabilities
  in the JavaScript engine in Mozilla Firefox before 3.0.14 allows
  remote attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown
  vectors (CVE-2009-3073, CVE-2009-3074, CVE-2009-3075). Mozilla
  Firefox before 3.0.14 does not properly implement certain dialogs
  associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule
  operations, which makes it easier for remote attackers to trick a
  user into installing or removing an arbitrary PKCS11 module
  (CVE-2009-3076). Mozilla Firefox before 3.0.14 does not properly
  manage pointers for the columns (aka TreeColumns) of a XUL tree
  element, which allows remote attackers to execute arbitrary code via
  a crafted HTML document, related to a dangling pointer vulnerability.
  (CVE-2009-3077). Visual truncation vulnerability in Mozilla Firefox
  before 3.0.14 allows remote attackers to trigger a vertical scroll
  and spoof URLs via unspecified Unicode characters with a tall
  line-height property (CVE-2009-3078). Unspecified vulnerability in
  Mozilla Firefox before 3.0.14 allows remote attackers to execute
  arbitrary JavaScript with chrome privileges via vectors involving an
  object, the FeedWriter, and the BrowserFeedWriter (CVE-2009-3079).
  This update provides the latest Mozilla Firefox 3.0.x to correct
  these issues. Additionally, some packages which require so, have been
  rebuilt and are being provided as updates.

  http://www.linuxsecurity.com/content/view/150164

------------------------------------------------------------------------

* RedHat: Moderate: newt security update (Sep 24)
  -----------------------------------------------
  Updated newt packages that fix one security issue are now available
  for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated
  as having moderate security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/150222

* RedHat: Important: Red Hat Application Stack v2.4 (Sep 23)
  ----------------------------------------------------------
  Red Hat Application Stack v2.4 is now available. This update fixes
  several security issues and adds various enhancements. This update
  has been rated as having important security impact by the Red Hat
  Security Response Team.

  http://www.linuxsecurity.com/content/view/150200

* RedHat: Important: cyrus-imapd security update (Sep 23)
  -------------------------------------------------------
  Updated cyrus-imapd packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4 and 5. This update has been
  rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/150193

* RedHat: Important: kernel security update (Sep 22)
  --------------------------------------------------
  Updated kernel packages that fix several security issues are now
  available for Red Hat Enterprise Linux 5.2 Extended Update Support.
  This update has been rated as having important security impact by the
  Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/150180

* RedHat: Moderate: neon security update (Sep 21)
  -----------------------------------------------
  Updated neon packages that fix two security issues are now available
  for Red Hat Enterprise Linux 4 and 5. This update has been rated as
  having moderate security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/150168

* RedHat: Moderate: pidgin security update (Sep 21)
  -------------------------------------------------
  Updated pidgin packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4 and 5. This update has been
  rated as having moderate security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/150169

------------------------------------------------------------------------

* Ubuntu:  Newt vulnerability (Sep 24)
  ------------------------------------
  Miroslav Lichvar discovered that Newt incorrectly handled rendering
  in a text box. An attacker could exploit this and cause a denial of
  service or possibly execute arbitrary code with the privileges of the
  user invoking the program.

  http://www.linuxsecurity.com/content/view/150212

* Ubuntu:  WebKit vulnerabilities (Sep 23)
  ----------------------------------------
  It was discovered that WebKit did not properly handle certain
  SVGPathList data structures. If a user were tricked into viewing a
  malicious website, an attacker could exploit this to execute
  arbitrary code with the privileges of the user invoking the program.
  (CVE-2009-0945) Several flaws were discovered in the WebKit browser
  and JavaScript engines. If a user were tricked into viewing a
  malicious website, a remote attacker could cause a denial of service
  or possibly execute arbitrary code with the privileges of the user
  invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698,
  CVE-2009-1711, CVE-2009-1725) It was discovered that WebKit did not
  prevent the loading of local Java applets. If a user were tricked
  into viewing a malicious website, an attacker could exploit this to
  execute arbitrary code with the privileges of the user invoking the
  program. (CVE-2009-1712)

  http://www.linuxsecurity.com/content/view/150192

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request_at_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Wed Sep 30 2009 - 01:20:46 PDT

This archive was generated by hypermail 2.2.0 : Wed Sep 30 2009 - 02:00:38 PDT