Linux Advisory Watch - July 29th 2005

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  July 29th, 2005                            Volume 6, Number 31a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, perhaps the most interesting articles include cacti,
heimdal, webcalendar, ekg, phpbb2, setarch, openoffice, pvm,
fetchmail, mozilla,devhelp, yelp, subversion, zlib, kdenetwork,
perl, module-init-tools, mgetty, system-config-netboot, libsepol,
gnbc-kernel, dlm-kernel, cman-kernel, util-linux, tar, gcc,
libtool, audit, zlib, apr, pam_ldap, fetchmail, sandbox, Koptete,
Clam, Ethereal, cpio, kdenetwork, httpd, and dhcpd.  The distributors
include Debian, Fedora, Gentoo, and Red Hat.

---

## Internet Productivity Suite: Open Source Security ##
Trust Internet Productivity Suite's open source architecture to
give you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced
ideas and methods into their design.

Click to find out more!
http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml

---

Network Intrusion Prevention Systems: When They're Valuable,
and When They're Not

By: Daniel Miessler

Anyone keeping track of the security vendor/technology hype knows that
IPS has quickly replaced IDS as the "next big thing". Depending on who
you are, you may chalk this up to yet another infosec fad, or you could
be of the opinion that IPS is actually making good on the promises that
IDS never lived up to. I think it can be both, depending on your
situation.

What NIPS Isn't

First and foremost, NIPS is not a tool for stopping elite crackers. That
may be how it's being marketed, but it's crap. If you're the type to fall
for that sort of hype then you're probably in a lot more danger than any
given technology can help you with.

Whether or not IPS is worthless or a godsend to your organization hinges
on a single question, "How good is your organization at staying patched?"
This is the single question that organizations need to be asking themselves
when considering network intrusion prevention technology.

The reason this question matters is because of the fact that NIPS only
protects you against vulnerabilities that you can mitigate by applying
patches and/or implementing other controls. If you are a relatively small
organization with a highly technical administrative/security staff that
keeps your systems constantly patched and locked down, a network IPS can't
offer you much of anything. Despite claims to the contrary, a network IPS
system is about as good at stopping zero-day attacks as wordpad.exe.

Remember, stout security teams knows their systems. They read advisories
daily and know what's in the wild and what's likely to be there soon. A
team like this can more than likely patch their systems and/or mitigate
the risk to their organization in other ways before a NIPS vendor can
release a signature for their product. The benefit gained from someone
blocking exploits at the perimeter at that point is virtually null. In
short, anything that.s going to compromise a fully patched and locked
down system is going to walk right through a NIPS as well.

Read Entire Article:
http://www.linuxsecurity.com/content/view/119888/49/

----------------------

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/


--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+


* Debian: New cacti packages fix several vulnerabilities
  21st, July, 2005

Several vulnerabilities have been discovered in cacti, a round-robin
database (RRD) tool that helps create graphs from database
information.

http://www.linuxsecurity.com/content/view/119838


* Debian: New webcalendar package fixes information disclosure
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119907


* Debian: New heimdal packages fix arbitrary code execution
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119908


* Debian: New ekg packages fix arbitrary code execution
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119915


* Debian: New phpbb2 packages fix cross-site scripting
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119916



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: setarch-1.8-1.FC4
  21st, July, 2005

Bugfix package release.

http://www.linuxsecurity.com/content/view/119842


* Fedora Core 4 Update: openoffice.org-1.9.117-3.1.0.fc4
  21st, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119843


* Fedora Core 3 Update: pvm-3.4.5-5_FC3
  21st, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119844


* Fedora Core 4 Update: pvm-3.4.5-5_FC4
  21st, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119845


* Fedora Core 4 Update: fetchmail-6.2.5-7.fc4.1
  21st, July, 2005

A buffer overflow was discovered in fetchmail's POP3 client. A
malicious server could cause fetchmail to execute arbitrary code.
The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2355 to this issue.  All fetchmail users should upgrade to
the updated package, which fixes this issue.

http://www.linuxsecurity.com/content/view/119846


* Fedora Core 3 Update: fetchmail-6.2.5-7.fc3.1
  21st, July, 2005

A buffer overflow was discovered in fetchmail's POP3 client. A
malicious server could cause fetchmail to execute arbitrary code.
The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2355 to this issue.  All fetchmail users should upgrade to
the updated package, which fixes this issue.

http://www.linuxsecurity.com/content/view/119847


* Fedora Core 3 Update: mozilla-1.7.10-1.3.1
  22nd, July, 2005

Package repairs various vulnerabilities.

http://www.linuxsecurity.com/content/view/119853


* Fedora Core 3 Update: epiphany-1.4.4-4.3.5
  22nd, July, 2005

There were several security flaws found in the mozilla package, which
epiphany depends on.   Users of epiphany are advised to upgrade to
this updated package which has been rebuilt against a version of
mozilla not vulnerable to these flaws.

http://www.linuxsecurity.com/content/view/119854


* Fedora Core 3 Update: devhelp-0.9.2-2.3.5
  22nd, July, 2005

There were several security flaws found in the mozilla package, which
devhelp depends on.   Users of devhelp are advised to upgrade to this
updated package which has been rebuilt against a version of mozilla
not vulnerable to these flaws.

http://www.linuxsecurity.com/content/view/119855


* Fedora Core 4 Update: mozilla-1.7.10-1.5.1
  22nd, July, 2005

Package repairs various vulnerabilities.

http://www.linuxsecurity.com/content/view/119856


* Fedora Core 4 Update: epiphany-1.6.3-2
  22nd, July, 2005

There were several security flaws found in the mozilla package, which
epiphany depends on.   Users of epiphany are advised to upgrade to
this updated package which has been rebuilt against a version of
mozilla not vulnerable to these flaws.

http://www.linuxsecurity.com/content/view/119857


* Fedora Core 4 Update: devhelp-0.10-1.4.1
  22nd, July, 2005

There were several security flaws found in the mozilla package, which
devhelp depends on.   Users of devhelp are advised to upgrade to this
updated package which has been rebuilt against a version of mozilla
not vulnerable to these flaws.

http://www.linuxsecurity.com/content/view/119858


* Fedora Core 4 Update: yelp-2.10.0-1.4.1
  22nd, July, 2005

There were several security flaws found in the mozilla package, which
yelp depends on.   Users of yelp are advised to upgrade to this
updated package which has been rebuilt against a version of mozilla
not vulnerable to these flaws.

http://www.linuxsecurity.com/content/view/119859


* Fedora Core 4 Update: subversion-1.2.1-2.1
  22nd, July, 2005

This update contains the latest release of Subversion.	Subversion
1.2 adds support for locking (reserved checkouts), and includes many
bug fixes and improvements.

http://www.linuxsecurity.com/content/view/119866


* Fedora Core 4 Update: zlib-1.2.2.2-5.fc4
  22nd, July, 2005

Fix zlib buffer overflow.

http://www.linuxsecurity.com/content/view/119867


* Fedora Core 3 Update: zlib-1.2.1.2-3.fc3
  22nd, July, 2005

Fix zlib buffer overflow.

http://www.linuxsecurity.com/content/view/119868


* Fedora Core 4 Update: kdenetwork-3.4.1-0.fc4.2
  22nd, July, 2005

Multiple integer overflow flaws were found in the way Kopete
processes Gadu-Gadu messages. A remote attacker could send a
specially crafted Gadu-Gadu message which would cause Kopete to
crash or possibly execute arbitrary code.

http://www.linuxsecurity.com/content/view/119869



* Fedora Core 3 Update: kdenetwork-3.3.1-3.2
  22nd, July, 2005

Multiple integer overflow flaws were found in the way Kopete
processes Gadu-Gadu messages. A remote attacker could send a
specially crafted Gadu-Gadu message which would cause Kopete to
crash or possibly execute arbitrary code.

http://www.linuxsecurity.com/content/view/119870


* Fedora Core 3 Update: perl-5.8.5-14.FC3
  22nd, July, 2005

Paul Szabo discovered another vulnerability in the File::Path::rmtree
function of perl, the popular scripting language. When a process is
deleting a directory tree, a different user could exploit a race
condition to create setuid binaries in this directory tree, provided
that he already had write permissions in any subdirectory of that
tree.

http://www.linuxsecurity.com/content/view/119871


* Fedora Core 4 Update: module-init-tools-3.1-4
  22nd, July, 2005

This fixes a crash in depmod when encountering certain misbuilt
modules.

http://www.linuxsecurity.com/content/view/119872


* Fedora Core 3 Update: mgetty-1.1.31-3_FC3
  22nd, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119874


* Fedora Core 4 Update: system-config-netboot-0.1.22-1_FC4
  22nd, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119875


* Fedora Core 3 Update: system-config-netboot-0.1.22-1_FC3
  22nd, July, 2005

Update package.

http://www.linuxsecurity.com/content/view/119876


* Fedora Core 4 Update: setools-2.1.1-2
  24th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119880


* Fedora Core 4 Update: nfs-utils-1.0.7-10
  24th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119881


* Fedora Core 4 Update: libsepol-1.5.10-1.1
  25th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119889


* Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.43
  25th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119894


* Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.10
  25th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119895


* Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.9
  25th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119896


* Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.9
  25th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119897


* Fedora Core 4 Update: gnome-panel-2.10.1-10.2
  26th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119902


* Fedora Core 4 Update: system-config-printer-0.6.131.3-1
  26th, July, 2005

This release fixes an unwanted interaction with SELinux when writing
configuration files, and adds preliminary support for a future HPLIP
package.

http://www.linuxsecurity.com/content/view/119903


* Fedora Core 3 Update: util-linux-2.12a-24.4
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119920


* Fedora Core 4 Update: tar-1.15.1-7.FC4
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119921


* Fedora Core 3 Update: tar-1.14-5.FC3
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119922


* Fedora Core 4 Update: util-linux-2.12p-9.7
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119923


* Fedora Core 4 Update: gcc-4.0.1-4.fc4
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119924


* Fedora Core 4 Update: libtool-1.5.16.multilib2-2
  27th, July, 2005

This update needs to accompany gcc-4.0.1 update.

http://www.linuxsecurity.com/content/view/119925


* Fedora Core 3 Update: gcc-3.4.4-2.fc3
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119926


* Fedora Core 4 Update: system-config-bind-4.0.0-20_FC4
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119927


* Fedora Core 3 Update: system-config-bind-4.0.0-20
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119928


* Fedora Core 4 Update: mgetty-1.1.33-3_FC4
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119929


* Fedora Core 3 Update: mgetty-1.1.31-4_FC3
  27th, July, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119930


* Fedora Core 4 Update: apr-0.9.6-3.1
  27th, July, 2005

This update includes an updated libtool script to synchronize with
the gcc 4.0.1 update.

http://www.linuxsecurity.com/content/view/119931


* Fedora Core 4 Update: audit-0.9.19-2.FC4
  27th, July, 2005

This update quietens some error messages, fixes support for long file
names, and allows 32 bit machines to search in logs created by 64 bit
kernel.

http://www.linuxsecurity.com/content/view/119932


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: zlib Buffer overflow
  22nd, July, 2005

zlib is vulnerable to a buffer overflow which could potentially lead
to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/119860


* Gentoo: Shorewall Security policy bypass
  22nd, July, 2005

A vulnerability in Shorewall allows clients authenticated by MAC
address filtering to bypass all other security rules.

http://www.linuxsecurity.com/content/view/119861


* Gentoo: Mozilla Thunderbird Multiple vulnerabilities
  24th, July, 2005

Several vulnerabilities in Mozilla Thunderbird allow attacks ranging
from execution of script code with elevated privileges to information
leak.

http://www.linuxsecurity.com/content/view/119877


* Gentoo: pam_ldap and nss_ldap Plain text authentication
  24th, July, 2005

pam_ldap and nss_ldap fail to restart TLS when following a referral,
possibly leading to credentials being sent in plain text.

http://www.linuxsecurity.com/content/view/119878


* Gentoo: fetchmail Buffer Overflow
  25th, July, 2005

fetchmail is susceptible to a buffer overflow resulting in a Denial
of Service or arbitrary code execution.

http://www.linuxsecurity.com/content/view/119890


* Gentoo: sandbox Insecure temporary file handling
  25th, July, 2005

The sandbox utility may create temporary files in an insecure manner.

http://www.linuxsecurity.com/content/view/119891


* Gentoo: Kopete Vulnerability in included Gadu library
  25th, July, 2005

Kopete is vulnerable to several input validation vulnerabilities
which may lead to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/119892


* Gentoo: Mozilla Suite Multiple vulnerabilities
  26th, July, 2005

Several vulnerabilities in the Mozilla Suite allow attacks ranging
from the execution of javascript code with elevated privileges
to information leakage.

http://www.linuxsecurity.com/content/view/119904


* Gentoo: Clam AntiVirus Integer overflows
  26th, July, 2005

Clam AntiVirus is vulnerable to integer overflows when handling
several file formats, potentially resulting in the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/119905


* Gentoo: GNU Gadu, CenterICQ, Kadu, EKG, libgadu Remote code
execution in Gadu library
  27th, July, 2005

GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an
integer overflow which could potentially lead to the execution of
arbitrary code or a Denial of Service.

http://www.linuxsecurity.com/content/view/119909


* Gentoo: Ethereal Multiple vulnerabilities
  28th, July, 2005

Ethereal is vulnerable to numerous vulnerabilities potentially
resulting in the execution of arbitrary code or abnormal termination.

http://www.linuxsecurity.com/content/view/119934



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: firefox security update
  21st, July, 2005

An updated firefox package that fixes various security bugs is now
available for Red Hat Enterprise Linux 4.  This update has been rated
as having important security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119839


* RedHat: Low: cpio security update
  21st, July, 2005

An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119848


* RedHat: Important: zlib security update
  21st, July, 2005

Updated zlib packages that fix a buffer overflow are now available
for Red Hat Enterprise Linux 4.  This update has been rated as having
important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119849


* RedHat: Important: thunderbird security update
  21st, July, 2005

Updated thunderbird package that fixes various bugs is now available
for Red Hat Enterprise Linux 4. This update has been rated as having
important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119850


* RedHat: Critical: kdenetwork security update
  21st, July, 2005

Updated kdenetwork packages to correct a security flaw in Kopete are
now available for Red Hat Enterprise Linux 4. This update has been
rated as having critical security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119852


* RedHat: Important: mozilla security update
  22nd, July, 2005

Updated mozilla packages that fix various security issues are now
available.  This update has been rated as having important security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119862


* RedHat: Moderate: httpd security update
  25th, July, 2005

Updated Apache httpd packages to correct two security issues are now
available for Red Hat Enterprise Linux 3 and 4. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/119882


* RedHat: Important: fetchmail security update
  25th, July, 2005

Updated fetchmail packages that fix a security flaw are now
available. This update has been rated as having important security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119883


* RedHat: Moderate: dhcpcd security update
  27th, July, 2005

An updated dhcpcd package that fixes a denial of service issue is now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119917


* RedHat: Moderate: kdelibs security update
  27th, July, 2005

Updated kdelibs packages are now available for Red Hat Enterprise
Linux 4. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119918

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux