Linux Advisory Watch - May 12th 2006
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| May 12th, 2006 Volume 7, Number 20n |
| |
| Editorial Team: Dave Wreski dave@xxxxxxxxxxxxxxxxx |
| Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for thunderbird, cgiirc, tiff,
rsync, firefox, nagios, xorg-x11, cpio, gzip, gdm, mysql, xine,
libtiff, ruby, php, and cyrus. The distributors include Debain,
Gentoo, Mandriva, Red Hat, and SuSE.
---
EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.
http://www.engardelinux.org/modules/index/register.cgi
---
OSSEC HIDS v0.8 Available
OSSEC HIDS is an Open Source Host-based Intrusion Detection System.
It performs log analysis, integrity checking, rootkit detection,
time-based alerting and active response. It runs on most operating
systems, including Linux, OpenBSD, FreeBSD, Solaris and Windows.
This is the first version offering native support for Windows
(XP/2000/2003). It includes as well a new set of log analysis
rules for sendmail, web logs (Apache and IIS), IDSs and Windows
authentication events.
The correlation rules for squid, mail logs, firewall events and
authentication systems have been improved, now detecting scans,
worms and internal attacks.The active-responses were also refined,
with support to IPFW (FreeBSD) added.
The installation process was re-organized, now including simpler
configuration options and translation to 6 different languages
(English, Portuguese, German, Turkish, Polish and Italian).
To download the Unix and Windows versions:
http://www.ossec.net/en/downloads.html
More information:
http://www.ossec.net/en/v08-2006-05-12.html
Use our mailling list if you have questions or comments:
http://www.ossec.net/en/mailing_lists.html
---
EnGarde Secure Linux v3.0.6 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.6 (Version 3.0, Release 6). This release includes
several bug fixes and feature enhancements to the Guardian Digital
WebTool and the SELinux policy, several updated packages, and a couple
of new packages available for installation. The following reported
bugs from bugs.engardelinux.org are fixed in this release:
Read Article:
http://www.linuxsecurity.com/content/view/122648/65/
----------------------
Linux File & Directory Permissions Mistakes
One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.
http://www.linuxsecurity.com/content/view/119415/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New Mozilla Thunderbird packages fix several
vulnerabilities
4th, May, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122674
* Debian: New cgiirc packages fix arbitrary code execution
8th, May, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122704
* Debian: New Mozilla packages fix arbitrary code execution
9th, May, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122714
* Debian: New TIFF packages fix denial of service and arbitrary code
execution
9th, May, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122715
* Debian: New Mozilla Firefox packages fix arbitrary code execution
11th, May, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122741
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: rsync Potential integer overflow
6th, May, 2006
An attacker having write access to an rsync module might be able to
execute arbitrary code on an rsync server.
http://www.linuxsecurity.com/content/view/122699
* Gentoo: Mozilla Firefox Potential remote code execution
6th, May, 2006
The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow in
the JavaScript extension which may in theory lead to remote execution
of arbitrary code.
http://www.linuxsecurity.com/content/view/122700
* Gentoo: Nagios Buffer overflow
7th, May, 2006
Nagios is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/122701
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated xorg-x11 packages fix vulnerability
5th, May, 2006
A problem was discovered in xorg-x11 where the X render extension
would mis-calculate the size of a buffer, leading to an overflow that
could possibly be exploited by clients of the X server.
http://www.linuxsecurity.com/content/view/122687
* Mandriva: Updated cpio package fixes symlink bug in passthrough
mode
9th, May, 2006
When using cpio in passthrough mode (i.e.: find dira|cpio -pdmv dirb)
symbolic links are replaced with the actual files or directories they
point to.
Updated packages have been rebuilt with the correct CPPFLAGS to
correct
this issue.
http://www.linuxsecurity.com/content/view/122723
* Mandriva: Updated gzip packages fix bug with zgrep passing options
to grep
9th, May, 2006
The zgrep wrapper script does not correctly pass all available
options that grep accepts to the grep binary. Updated packages have
been patched to correct this issue.
http://www.linuxsecurity.com/content/view/122730
* Mandriva: Updated gdm package fixes symlink attack vulnerability
10th, May, 2006
A race condition in daemon/slave.c in gdm before 2.14.1 allows local
users to gain privileges via a symlink attack when gdm performs chown
and chgrp operations on the .ICEauthority file. Packages have been
patched to correct this issue.
http://www.linuxsecurity.com/content/view/122731
* Mandriva: Updated MySQL packages fix several vulnerabilities
10th, May, 2006
The check_connection function in sql_parse.cc in MySQL 4.0.x up to
4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote
attackers to read portions of memory via a username without a
trailing null byte, which causes a buffer over-read. (CVE-2006-1516)
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and
5.0.x up to 5.0.20 allows remote attackers to obtain sensitive
information via a COM_TABLE_DUMP request with an incorrect packet
length, which includes portions of memory in an error message.
(CVE-2006-1517) Updated packages have been patched to correct these
issues.
http://www.linuxsecurity.com/content/view/122738
* Mandriva: Updated xine-ui packages fix format string
vulnerabilities
10th, May, 2006
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine
allow remote attackers to execute arbitrary code via format string
specifiers in a long filename on an EXTINFO line in a playlist file.
Packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/122740
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Important: xorg-x11 security update
4th, May, 2006
Updated X.org packages that fix a security issue are now available
for Red Hat Enterprise Linux 4. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/122679
* RedHat: Important: libtiff security update
9th, May, 2006
Updated libtiff packages that fix several security flaws are now
availabl for Red Hat Enterprise Linux. This update has been rated as
having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/122717
* RedHat: Moderate: ruby security update
9th, May, 2006
Updated ruby packages that fix a denial of service issue are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/122719
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: php4,php5 various security problems
5th, May, 2006
This update fixes the following security issues in the scripting
languages PHP4 and PHP5.
http://www.linuxsecurity.com/content/view/122692
* SuSE: cyrus-sasl-digestmd5 denial of
5th, May, 2006
If a server or client is using DIGEST-MD5 authentication via the
cyrus-sasl libraries it is possible to cause a denial of service
attack against the other side (client or server) by leaving out
the "realm=" header in the authentication.
http://www.linuxsecurity.com/content/view/122693
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
