[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Linux Advisory Watch - December 7th 2001

+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  December 7th, 2001                       Volume 2, Number 49a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
 
This week, advisories were released for postfix, openssh, wuftpd, apache,
fml, icecast-server, xtel, ssh, and xmtv.  The vendors include Conectiva,
Debian, FreeBSD, Mandrake, Red Hat, and SuSE.


* Rainbow and Guardian Digital Team Up on Linux Security Acceleration 

 Rainbow Technologies, the leading solutions provider of digital
 content and transaction security, and Guardian Digital, the open
 source security company, announced a strategic and technology
 partnership aimed at securing Linux-based transactions. This
 integrated solution consists of Rainbow's CryptoSwift eCommerce
 accelerator and Guardian Digital's EnGarde Secure Linux software
 suite. 

  Press Release: http://www.guardiandigital.com/press5.html

 
Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
 
 
 
+---------------------------------+
|  postfix                        | ----------------------------//
+---------------------------------+
 
Wietse Venema, the author of postfix, reported a vulnerability in the SMTP
server where a remote attacker could execute a Denial of Service attack on
it.  The SMTP session log could grow to an unreasonable size and could
possibly exhause the server's memory if no other limits were enforced.

 http://www.linux-mandrake.com/en/ftp.php3 

 Mandrake Linux 8.1: 
 8.1/RPMS/postfix-20010228-15.1mdk.i586.rpm 
 e5a8b7703cb3340522bc232a03a64716 
 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1724.html


  

+---------------------------------+
|  openssh                        | ----------------------------//
+---------------------------------+

Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and
7.2.  These updates fix a bug in handling of restricted keys which may
allow users to bypass command restrictions by using subsystems and a
subtle bug which might aid a passive analysis attack.

 PLEASE SEE VENDOR ADVISORY 
 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1725.html 
 Updated:
 http://www.linuxsecurity.com/advisories/redhat_advisory-1731.html 

 SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/
 openssh-2.9.9p2-38.i386.rpm 
 6ba603f1115b0125abf0b62f28ba6666 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1728.html 
 Update:
 http://www.linuxsecurity.com/advisories/suse_advisory-1738.html 
  

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/
 SA-01:63/security-patch-sshd- 01.63.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1729.html


+---------------------------------+
|  wu-ftpd                        | ----------------------------//
+---------------------------------+

The wu-ftpd developers now released[1] an official fix for that problem,
but with two additional corrections: format string fixes: some new format
string bugs have been patched; additional checks: null-pointer checks have
been added to some parts of the code.

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/7.0/
 RPMS/wu-ftpd-2.6.1-6U70_2cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1726.html 
  

 Debian  Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/
 updates/main/binary-i386/wu-ftpd_2.6.0-6_i386.deb 
 MD5 checksum: c3fc484e08210d7a1363c93c9d29d6eb 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1727.html 
  

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/
 packages-5-current/ftp/wu-ftpd-2.6.1_7.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1730.html


  
+---------------------------------+
| apache                          | ----------------------------//
+---------------------------------+

Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1,
and 7.2.  These packages upgrade the Apache Web server to version 1.3.22,
which closes a potential security bug which would present clients with a
listing of the contents of a directory instead of the contents of an index
file, or in case of an error, the error message.

 PLEASE SEE VENDOR ADVISORY 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1732.html


  
+---------------------------------+
|  fml                            | ----------------------------//
+---------------------------------+

When generating index pages for list archives the `<' and `>' characters
were not properly escaped for subjects.

 Debian: 
 http://security.debian.org/dists/stable/
 updates/main/binary-all/fml_3.0+beta.20000106-5_all.deb 
 MD5 checksum: 022401cdfa939b628a10b6d8109a6c72 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1733.html


  
+---------------------------------+
| icecast-server                  | ----------------------------//
+---------------------------------+

The icecast-server (a streaming music server) package as distributed in
Debian GNU/Linux 2.2 has several security problems:  if a client added a /
after the filename of a file to be downloaded the server would crash, by
escaping dots as %2E it was possible to circumvent security measures and
download arbitrary files, there were several buffer overflows that could
be exploited to gain root access


 Debian  Intel IA-32 architecture:     
 http://security.debian.org/dists/stable/
 updates/main/binary-i386/icecast-server_1.3.10-1_i386.deb 
 MD5 checksum: eb3869696168f5fad229166490061d4b 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1734.html


+---------------------------------+
|  xtel                           | ----------------------------//
+---------------------------------+

The xtel (a X emulator for minitel) package as distributed with Debian
GNU/Linux 2.2 has two possible symlink attacks: xteld creates a temporary
file /tmp/.xtel- without checking for symlinks, when printing a hardcope
xtel would create a temporary file without protecting itself against
symlink attacks.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/
 main/binary-i386/xtel_3.2.1-4.potato.1_i386.deb 
 MD5 checksum: 325874239da03f93d0ff9039336d1231 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1735.html


  
+---------------------------------+
|  ssh                            | ----------------------------//
+---------------------------------+

If the UseLogin feature is enabled in for ssh local users could pass
environment variables (including variables like LD_PRELOAD) to the login
process. This has been fixed by not copying the environment of UseLogin is
enabled.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/
 updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.4_i386.deb 
 MD5 checksum: 174cc64dbb0996cd09d58f2691817dbf 

 http://security.debian.org/dists/stable/updates/
 main/binary-i386/ssh_1.2.3-9.4_i386.deb 
 MD5 checksum: 1426d1c8d424b8af6e94a1eec87075aa 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1736.html



+---------------------------------+
| wmtv                            | ----------------------------//
+---------------------------------+

wmtv can optionally run a command if you double-click on the tv window.
This command can be specified using the -e command-line option. However
since wmtv is installed suid root this command was also run as root, which
gives local users a very simple way to get root access.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/
 main/binary-i386/wmtv_0.6.5-2potato1_i386.deb 
 MD5 checksum: fd3ce69d983ae4b316114628c7c5fc74 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1737.html



------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

[Home]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Video for Linux]     [Bugtraq]     [USB]     [Network Security]     [Fedora Security]

Add to Google Powered by Linux