[ISN] Linux Advisory Watch - October 2nd 2009

From: InfoSec News <alerts_at_private>
Date: Mon, 5 Oct 2009 03:06:55 -0500 (CDT)
+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| October 2nd, 2009                               Volume 10, Number 40 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski_at_private> |
|                       Benjamin D. Thomas <bthomas_at_private> |
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for horde, shibboleth, xmltooling,
newt, backintime, gnutls, asterisk, rubygem, proftpd, xmp, cyrus, cURL,
backuppc, xkeyboard-config, mdadm, ldtect, postgresql, kdepim4, aria,
drakxtools, newt, php, glib, enlinks, xen, kernel, openssh, kvm, samba,
and dovecot.  The distributors include Debian, Fedora, Gentoo,
Mandriva, Red Hat, and Ubuntu.

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26

---

Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond.  But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?"  The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.

http://www.linuxsecurity.com/content/view/145939

---

A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.

http://www.linuxsecurity.com/content/view/144088

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.22 (Version 3.0, Release 22).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: New horde3 packages fix arbitrary code execution (Sep 28)
  -----------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150242

* Debian: New Shibboleth 1.x packages fix potential code execution (Sep 28)
  -------------------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150241

* Debian: New xmltooling packages fix potential code execution (Sep 24)
  ---------------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150221

* Debian: New newt packages fix arbitrary code execution (Sep 24)
  ---------------------------------------------------------------


  http://www.linuxsecurity.com/content/view/150211

------------------------------------------------------------------------

* Fedora 11 Update: newt-0.52.10-4.fc11 (Sep 25)
  ----------------------------------------------
  Fixes a buffer overflow in textbox, which could be exploited to
  execute arbitrary code.

  http://www.linuxsecurity.com/content/view/150237

* Fedora 10 Update: newt-0.52.10-2.fc10 (Sep 25)
  ----------------------------------------------
  Fixes a buffer overflow in textbox, which could be exploited to
  execute arbitrary code.

  http://www.linuxsecurity.com/content/view/150236

* Fedora 11 Update: backintime-0.9.26-3.fc11 (Sep 25)
  ---------------------------------------------------


  http://www.linuxsecurity.com/content/view/150234

* Fedora 10 Update: backintime-0.9.26-3.fc10 (Sep 25)
  ---------------------------------------------------


  http://www.linuxsecurity.com/content/view/150235

* Fedora 10 Update: gnutls-2.4.2-5.fc10 (Sep 25)
  ----------------------------------------------
  This update fixes handling of NUL characters in certificate  Common
  Name or subjectAltName fields especially in regards to comparsion to
  hostnames.

  http://www.linuxsecurity.com/content/view/150232

* Fedora 11 Update: asterisk-1.6.1.6-1.fc11 (Sep 25)
  --------------------------------------------------
  Update to 1.6.1.6 to fix many bugs...

  http://www.linuxsecurity.com/content/view/150233

* Fedora 11 Update: rubygem-actionpack-2.3.3-2.fc11 (Sep 25)
  ----------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150229

* Fedora 11 Update: rubygem-activesupport-2.3.3-2.fc11 (Sep 25)
  -------------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150230

* Fedora 11 Update: gnutls-2.6.6-3.fc11 (Sep 25)
  ----------------------------------------------
  This update fixes handling of NUL characters in certificate  Common
  Name or subjectAltName fields especially in regards to comparsion to
  hostnames.

  http://www.linuxsecurity.com/content/view/150231

* Fedora 10 Update: asterisk-1.6.0.15-1.fc10 (Sep 25)
  ---------------------------------------------------
  Update to 1.6.0.15 to fix many bugs...

  http://www.linuxsecurity.com/content/view/150228

* Fedora 10 Update: proftpd-1.3.2a-5.fc10 (Sep 24)
  ------------------------------------------------
  This update has a large number of changes from previous Fedora
  packages; the highlights are as follows:    - Update to upstream
  release 1.3.2a  - Fix SQL injection vulnerability at login (#485125,
  CVE-2009-0542)  - Fix SELinux compatibility (#498375)  - Fix audit
  logging (#506735)  - Fix default configuration (#509251)  - Many new
  loadable modules including mod_ctrls_admin and mod_wrap2  - National
  Language Support (RFC 2640)  - Enable/disable common features in
  /etc/sysconfig/proftpd

  http://www.linuxsecurity.com/content/view/150210

* Fedora 10 Update: xmp-2.7.1-1.fc10 (Sep 24)
  -------------------------------------------
  Update to latest stable release. Multiple bugfixes and memory leak
  fixes. Fixes for buffer overflows in DTT and OXM loaders.

  http://www.linuxsecurity.com/content/view/150208

* Fedora 11 Update: cyrus-imapd-2.3.15-1.fc11 (Sep 24)
  ----------------------------------------------------
  Fixed multiple stack-based buffer overflows in libsieve, which
  allowed context- dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted SIEVE
  script.

  http://www.linuxsecurity.com/content/view/150209

* Fedora 10 Update: cyrus-imapd-2.3.15-1.fc10 (Sep 24)
  ----------------------------------------------------
  Fixed multiple stack-based buffer overflows in libsieve, which
  allowed context- dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted SIEVE
  script.

  http://www.linuxsecurity.com/content/view/150207

* Fedora 11 Update: xmp-2.7.1-1.fc11 (Sep 24)
  -------------------------------------------
  Update to latest stable release. Multiple bugfixes and memory leak
  fixes. Fixes for buffer overflows in DTT and OXM loaders.

  http://www.linuxsecurity.com/content/view/150206

* Fedora 10 Update: rubygem-activesupport-2.1.1-2.fc10 (Sep 24)
  -------------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150204

* Fedora 10 Update: rubygem-actionpack-2.1.1-3.fc10 (Sep 24)
  ----------------------------------------------------------
  A vulnerability is found on Ruby on Rails in the escaping code for
  the form helpers, which also affects the rpms shipped in Fedora
  Project. Attackers who can inject deliberately malformed unicode
  strings into the form helpers can defeat the escaping checks and
  inject arbitrary HTML. This issue has been tagged as CVE-2009-3009.
   These new rpms will fix this issue.

  http://www.linuxsecurity.com/content/view/150205

------------------------------------------------------------------------

* Gentoo: cURL Certificate validation error (Sep 25)
  --------------------------------------------------
  =3D=3D=3D=3D=3D=3D=3D=3D An error in the X.509 certificate handling
  of cURL might enable remote attackers to conduct man-in-the-middle
  attacks.

  http://www.linuxsecurity.com/content/view/150223

------------------------------------------------------------------------

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:254 ] graphviz (Oct 1)
  --------------------------------------------------------------------------
  A vulnerability was discovered and corrected in graphviz: Stack-based
  buffer overflow in the push_subg function in parser.y
  (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier
  versions, allows user-assisted remote attackers to cause a denial of
  service (memory corruption) or execute arbitrary code via a DOT file
  with a large number of Agraph_t elements (CVE-2008-4555). This update
  provides a fix for this vulnerability.

  http://www.linuxsecurity.com/content/view/150272

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:253 ] backuppc (Oct 1)
  --------------------------------------------------------------------------
  A vulnerability was discovered and corrected in backuppc:
  CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in
  use in a multi-user environment, does not restrict users from the
  ClientNameAlias function, which allows remote authenticated users to
  read and write sensitive files by modifying ClientNameAlias to match
  another system, then initiating a backup or restore (CVE-2009-3369).
  This update provides a fix for this vulnerability.

  http://www.linuxsecurity.com/content/view/150269

* Mandriva: Subject: [Security Announce] [ MDVA-2009:178 ] xkeyboard-config (Oct 1)
  ---------------------------------------------------------------------------------
  The script mandriva-setup-keyboard, used to set the xkb options on
  HAL devices, did not set xkb.model. This would case Brazillian ABNT2
  keyboards to output the wrong character for the keypad dot key. This
  update fixes this issue. You may need to restart the service
  haldaemon or reboot for this change to take effect.

  http://www.linuxsecurity.com/content/view/150268

* Mandriva: Subject: [Security Announce] [ MDVA-2009:177 ] x11-server (Oct 1)
  ---------------------------------------------------------------------------
  Display keeps sleeping. Settings set not to but within seconds on
  being idle screen sleeps or hibernates. This update fixes this issue
  making the users settings about display respected.

  http://www.linuxsecurity.com/content/view/150267

* Mandriva: Subject: [Security Announce] [ MDVA-2009:176 ] mdadm (Oct 1)
  ----------------------------------------------------------------------
  updated mdadm packages fix a bug causing raid arrays not being fully
  assembled at boot.

  http://www.linuxsecurity.com/content/view/150266

* Mandriva: Subject: [Security Announce] [ MDVA-2009:170-1 ] ldetect (Oct 1)
  --------------------------------------------------------------------------
  This update fixes a very trivial issue with lspcidrake displaying
  warnings about some USB devices.

  Update:

  ldetect was built against the wrong modprobe library for MES5. This
  update corrects this problem.

  http://www.linuxsecurity.com/content/view/150265

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:178 ] perl-IO-Socket-SSL (Sep 30)
  -------------------------------------------------------------------------------------
  A vulnerability was discovered and corrected in perl-IO-Socket-SSL:
  The verify_hostname_of_cert function in the certificate checking
  feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only
  matches the prefix of a hostname when no wildcard is used, which
  allows remote attackers to bypass the hostname check for a
  certificate (CVE-2009-3024). This update provides a fix for this
  vulnerability.

  http://www.linuxsecurity.com/content/view/150264

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:177 ] postgresql (Sep 30)
  -----------------------------------------------------------------------------
  The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
  8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to
  cause a denial of service (backend shutdown) by re-LOAD-ing libraries
  from a certain plugins directory (CVE-2009-3229). The core server
  component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2
  before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before
  7.4.26 does not use the appropriate privileges for the (1) RESET ROLE
  and (2) RESET SESSION AUTHORIZATION operations, which allows remote
  authenticated users to gain privileges.  NOTE: this is due to an
  incomplete fix for CVE-2007-6600 (CVE-2009-3230). The core server
  component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when
  using LDAP authentication with anonymous binds, allows remote
  attackers to bypass authentication via an empty password
  (CVE-2009-3231). This update provides a fix for this vulnerability.

  http://www.linuxsecurity.com/content/view/150262

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:176 ] postgresql (Sep 30)
  -----------------------------------------------------------------------------
  The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before
  8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and
  7.4 before 7.4.26 does not use the appropriate privileges for the (1)
  RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which
  allows remote authenticated users to gain privileges.  NOTE: this is
  due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230). This
  update provides a fix for this vulnerability.

  http://www.linuxsecurity.com/content/view/150261

* Mandriva: Subject: [Security Announce] [ MDVA-2009:175 ] kdepim4 (Sep 29)
  -------------------------------------------------------------------------
  Kmail users using DIMAP ( Disconected IMAP ) can have occasional
  deletion of folder emails in server in situations of local/server
  name move. This fix solves this major bug.

  http://www.linuxsecurity.com/content/view/150252

* Mandriva: Subject: [Security Announce] [ MDVA-2009:174 ] aria2 (Sep 29)
  -----------------------------------------------------------------------
  This update fixes an issue with aria2: - the default path aria2c uses
  to look for certificates for public CAs isn't the right one on
  mandriva systems

  http://www.linuxsecurity.com/content/view/150251

* Mandriva: Subject: [Security Announce] [ MDVA-2009:173 ] ldetect-lst (Sep 29)
  -----------------------------------------------------------------------------
  This makes the configuration tools use the proper driver for two
  Matrox cards (bug #53564). It also adds support for ION video card
  (bug #53515) Last but not least, it defaults to use the nvidia driver
  instead of the nv one for nVidia Geforce2 MX/MX, thus enabling one to
  use 3D (bug #53841)

  http://www.linuxsecurity.com/content/view/150250

* Mandriva: Subject: [Security Announce] [ MDVA-2009:172 ] drakxtools (Sep 29)
  ----------------------------------------------------------------------------
  This update fixes several minor issues with draksound: - it fixes
  starting firefox for tools help (bug #29775) - it makes tools aware
  of the snd_ctxfi sound driver - it fixes memory detection in
  harddrake (bug #50106) It also enable harddrake not to configure
  framebuffer and splash removal for OEM.

  http://www.linuxsecurity.com/content/view/150249

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:249 ] newt (Sep 27)
  -----------------------------------------------------------------------
  A vulnerability was discovered and corrected in newt: A heap-based
  buffer overflow flaw was found in the way newt processes content that
  is to be displayed in a text dialog box. A local attacker could issue
  a specially-crafted text dialog box display request (direct or via a
  custom application), leading to a denial of service (application
  crash) or, potentially, arbitrary code execution with the privileges
  of the user running the application using the newt library
  (CVE-2009-2905). This update provides a solution to this
  vulnerability.

  http://www.linuxsecurity.com/content/view/150240

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:248 ] php (Sep 25)
  ----------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in php: The
  php_openssl_apply_verification_policy function in PHP before 5.2.11
  does not properly perform certificate validation, which has unknown
  impact and attack vectors, probably related to an ability to spoof
  certificates (CVE-2009-3291). Unspecified vulnerability in PHP before
  5.2.11 has unknown impact and attack vectors related to missing
  sanity checks around exif processing. (CVE-2009-3292) Unspecified
  vulnerability in the imagecolortransparent function in PHP before
  5.2.11 has unknown impact and attack vectors related to an incorrect
  sanity check for the color index. (CVE-2009-3293). However in
  Mandriva we don't use the bundled libgd source in php per default,
  there is a unsupported package in contrib named php-gd-bundled that
  eventually will get updated to pickup these fixes. This update
  provides a solution to these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150227

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:247 ] php (Sep 25)
  ----------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in php: The
  dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
  attackers to cause a denial of service (file truncation) via a key
  with the NULL byte.  NOTE: this might only be a vulnerability in
  limited circumstances in which the attacker can modify or add
  database entries but does not have permissions to truncate the file
  (CVE-2008-7068). The php_openssl_apply_verification_policy function
  in PHP before 5.2.11 does not properly perform certificate
  validation, which has unknown impact and attack vectors, probably
  related to an ability to spoof certificates (CVE-2009-3291).
  Unspecified vulnerability in PHP before 5.2.11 has unknown impact and
  attack vectors related to missing sanity checks around exif
  processing. (CVE-2009-3292) Unspecified vulnerability in the
  imagecolortransparent function in PHP before 5.2.11 has unknown
  impact and attack vectors related to an incorrect sanity check for
  the color index. (CVE-2009-3293). However in Mandriva we don't use
  the bundled libgd source in php per default, there is a unsupported
  package in contrib named php-gd-bundled that eventually will get
  updated to pickup these fixes. This update provides a solution to
  these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150226

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:246 ] php (Sep 25)
  ----------------------------------------------------------------------
  Multiple vulnerabilities was discovered and corrected in php: The
  dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
  attackers to cause a denial of service (file truncation) via a key
  with the NULL byte.  NOTE: this might only be a vulnerability in
  limited circumstances in which the attacker can modify or add
  database entries but does not have permissions to truncate the file
  (CVE-2008-7068). The php_openssl_apply_verification_policy function
  in PHP before 5.2.11 does not properly perform certificate
  validation, which has unknown impact and attack vectors, probably
  related to an ability to spoof certificates (CVE-2009-3291).
  Unspecified vulnerability in PHP before 5.2.11 has unknown impact and
  attack vectors related to missing sanity checks around exif
  processing. (CVE-2009-3292) Unspecified vulnerability in the
  imagecolortransparent function in PHP before 5.2.11 has unknown
  impact and attack vectors related to an incorrect sanity check for
  the color index. (CVE-2009-3293) This update provides a solution to
  these vulnerabilities.

  http://www.linuxsecurity.com/content/view/150224

* Mandriva: Subject: [Security Announce] [ MDVA-2009:171 ] ldetect-lst (Sep 24)
  -----------------------------------------------------------------------------
  This makes the configuration tools use the proper driver for two
  Matrox cards (bug #53564)

  http://www.linuxsecurity.com/content/view/150220

* Mandriva: Subject: [Security Announce] [ MDVA-2009:170 ] ldetect (Sep 24)
  -------------------------------------------------------------------------
  This update fixes a very trivial issue with lspcidrake displaying
  warnings about some USB devices.

  http://www.linuxsecurity.com/content/view/150219

* Mandriva: Subject: [Security Announce] [ MDVA-2009:169-1 ] drakxtools (Sep 24)
  ------------------------------------------------------------------------------
  These updated packages fix a bug preventing the use of firefox if the
  user had seen the help of drak3d in the drak3d session before first
  running firefox (bug #29775). These updated packages also adds
  support for VirtIO devices. Last but not least it ensures we have a
  recent enough perl-Gtk2 binding (eg: after failed KDE3 upgrade (bug
  #51870)).

  Update:

  The previous update was incomplete, this update corrects this.

  http://www.linuxsecurity.com/content/view/150218

* Mandriva: Subject: [Security Announce] [ MDVA-2009:169 ] drakxtools (Sep 24)
  ----------------------------------------------------------------------------
  These updated packages fix a bug preventing the use of firefox if the
  user had seen the help of drak3d in the drak3d session before first
  running firefox (bug #29775). These updated packages also adds
  support for VirtIO devices. Last but not least it ensures we have a
  recent enough perl-Gtk2 binding (eg: after failed KDE3 upgrade (bug
  #51870)).

  http://www.linuxsecurity.com/content/view/150214

* Mandriva: Subject: [Security Announce] [ MDVSA-2009:245 ] glib2.0 (Sep 24)
  --------------------------------------------------------------------------
  A vulnerability was discovered and corrected in glib2.0: The
  g_file_copy function in glib 2.0 sets the permissions of a target
  file to the permissions of a symbolic link (777), which allows
  user-assisted local users to modify files of other users, as
  demonstrated by using Nautilus to modify the permissions of the user
  home directory (CVE-2009-3289). This update provides a solution to
  this vulnerability.

  http://www.linuxsecurity.com/content/view/150213

------------------------------------------------------------------------

* RedHat: Important: elinks security update (Oct 1)
  -------------------------------------------------
  An updated elinks package that fixes two security issues is now
  available for Red Hat Enterprise Linux 4 and 5. This update has been
  rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/150270

* RedHat: Moderate: xen security and bug fix update (Oct 1)
  ---------------------------------------------------------
  Updated xen packages that fix a security issue and multiple bugs are
  now available for Red Hat Enterprise Linux 5. This update has been
  rated as having moderate security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/150271

* RedHat: Important: kernel security update (Sep 30)
  --------------------------------------------------
  Updated kernel packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4.7 Extended Update Support.
  This update has been rated as having important security impact by the
  Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/150258

* RedHat: Moderate: openssh security update (Sep 30)
  --------------------------------------------------
  Updated openssh packages that fix a security issue are now available
  for Red Hat Enterprise Linux 5. This update has been rated as having
  moderate security impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/150259

* RedHat: Moderate: kernel security and bug fix update (Sep 29)
  -------------------------------------------------------------
  Updated kernel packages that fix one security issue and several bugs
  are now available for Red Hat Enterprise Linux 5. This update has
  been rated as having moderate security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/150253

* RedHat: Important: kvm security and bug fix update (Sep 29)
  -----------------------------------------------------------
  Updated kvm packages that fix one security issue and several bugs are
  now available for Red Hat Enterprise Linux 5. This update has been
  rated as having important security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/150247

* RedHat: Important: kernel security and bug fix update (Sep 29)
  --------------------------------------------------------------
  Updated kernel packages that fix two security issues and several bugs
  are now available for Red Hat Enterprise Linux 5.3 Extended Update
  Support. This update has been rated as having important security
  impact by the Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/150248

* RedHat: Moderate: newt security update (Sep 24)
  -----------------------------------------------
  Updated newt packages that fix one security issue are now available
  for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated
  as having moderate security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/150222

------------------------------------------------------------------------

* Ubuntu:  Samba vulnerabilities (Oct 1)
  --------------------------------------
  J. David Hester discovered that Samba incorrectly handled users that
  lack home directories when the automated [homes] share is enabled. An
  authenticated user could connect to that share name and gain access
  to the whole filesystem. (CVE-2009-2813) Tim Prouty discovered that
  the smbd daemon in Samba incorrectly handled certain unexpected
  network replies. A remote attacker could send malicious replies to
  the server and cause smbd to use all available CPU, leading to a
  denial of service. (CVE-2009-2906) Ronald Volgers discovered that the
  mount.cifs utility, when installed as a setuid program, would not
  verify user permissions before opening a credentials file. A local
  user could exploit this to use or read the contents of unauthorized
  credential files. (CVE-2009-2948) Reinhard Nil discovered that the
  smbclient utility contained format string vulnerabilities in its file
  name handling. Because of security features in Ubuntu, exploitation
  of this vulnerability is limited. If a user or automated system were
  tricked into processing a specially crafted file name, smbclient
  could be made to crash, possibly leading to a denial of service. This
  only affected Ubuntu 8.10. (CVE-2009-1886) Jeremy Allison discovered
  that the smbd daemon in Samba incorrectly handled permissions to
  modify access control lists when dos filemode is enabled. A remote
  attacker could exploit this to modify access control lists. This only
  affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)

  http://www.linuxsecurity.com/content/view/150273

* Ubuntu:  Dovecot vulnerabilities (Sep 28)
  -----------------------------------------
  It was discovered that the ACL plugin in Dovecot would incorrectly
  handle negative access rights. An attacker could exploit this flaw to
  access the Dovecot server, bypassing the indended access
  restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It
  was discovered that the ManageSieve service in Dovecot incorrectly
  handled ".." in script names. A remote attacker could exploit this to
  read and modify arbitrary sieve files on the server. This only
  affected Ubuntu 8.10. (CVE-2008-5301) It was discovered that the
  Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An
  authenticated user could exploit this with a crafted sieve script to
  cause a denial of service or possibly execute arbitrary code.
  (CVE-2009-2632, CVE-2009-3235)

  http://www.linuxsecurity.com/content/view/150244

* Ubuntu:  Newt vulnerability (Sep 24)
  ------------------------------------
  Miroslav Lichvar discovered that Newt incorrectly handled rendering
  in a text box. An attacker could exploit this and cause a denial of
  service or possibly execute arbitrary code with the privileges of the
  user invoking the program.

  http://www.linuxsecurity.com/content/view/150212

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request_at_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Mon Oct 05 2009 - 01:06:55 PDT

This archive was generated by hypermail 2.2.0 : Mon Oct 05 2009 - 01:35:23 PDT