|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 26th, 2007 Volume 8, Number 43 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week advisories were released for xen-utils, zoph, reprepro,
xfce4-terminal, ktorrent, xulrunner, icedove, tllib, dhcp,
ImageMagick, HPLIP, MLDonkey, tramp, tikiwiki, pdf kit, sleuth kit,
firefox, nfs-utils, hplip, tk, httpd, php, libpng, flac, openssl,
kernel, seamonkey, thunderbird, gnome-screensaver, ghostscript,
util-linux, and nagios-plugins. The distributors include Debian,
Gentoo, Mandriva, Red Hat, and Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: How To Break Web Software
With a tool so widely used by so many different types of people like the
World Wide Web, it is necessary for everyone to understand as many aspects
as possible about its functionality. From web designers to web developers
to web users, this is a must read. Security is a job for everyone and How
To Break Web Software by Mike Andrews and James A. Whittaker is written
for everyone to understand.
http://www.linuxsecurity.com/content/view/122713/49/
---
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.17 Now Available (Oct 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.17 (Version 3.0, Release 17). This release includes many
updated packages and bug fixes, some feature enhancements to Guardian
Digital WebTool and the SELinux policy, and a few new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database,
e-mail security and
even e-commerce.
http://www.linuxsecurity.com/content/view/129961
--------------------------------------------------------------------------
* Debian: New xen-utils packages fix file truncation (Oct 25)
-----------------------------------------------------------
Steve Kemp from the Debian Security Audit project discovered that
xen-utils, a collection of XEN administrative tools, used temporary files
insecurely within the xenmon tool allowing local users to truncate arbitrary
files.
http://www.linuxsecurity.com/content/view/130295
* Debian: New zoph packages fix SQL injection (Oct 24)
----------------------------------------------------
It was discovered that zoph, a web based photo management system,
performs insufficient input sanitising, which allows SQL injection.
This is an updated advisory to make the update for oldstable (sarge)
available, which had been uploaded to the wrong suite.
http://www.linuxsecurity.com/content/view/130284
* Debian: New reprepro packages fix authentication bypass (Oct 23)
----------------------------------------------------------------
It was discovered that reprepro, a tool to create a repository of
Debian packages, when updating from a remote site only checks for the
validity of known signatures, and thus does not reject packages with only
unknown signatures. This allows an attacker to bypass this authentication
mechanism
http://www.linuxsecurity.com/content/view/130197
* Debian: New xfce4-terminal packages fix arbitrary command execution (Oct 23)
----------------------------------------------------------------------------
It was discovered that xfce-terminal, a terminal emulater for the xfce
environment, did not correctly escape arguments passed to the processes
spawned by "Open Link". This allowed malicious links to execute
arbitary
commands upon the local system.
http://www.linuxsecurity.com/content/view/130196
* Debian: New ktorrent packages fix directory traversal (Oct 23)
--------------------------------------------------------------
It was discovered that ktorrent, a BitTorrent client for KDE, was
vulnerable to a directory traversal bug which potentially allowed remote
users to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/130195
* Debian: New xulrunner packages fix several vulnerabilities (Oct 20)
-------------------------------------------------------------------
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow
information disclosure or spoofing.
http://www.linuxsecurity.com/content/view/130166
* Debian: New icedove packages fix several vulnerabilities (Oct 19)
-----------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Icedove mail
client, an unbranded version of the Thunderbird client. The Common
Vulnerabilities and Exposures project identifies the following
problems...
http://www.linuxsecurity.com/content/view/130161
* Debian: New t1lib packages fix arbitrary code execution (Oct 18)
----------------------------------------------------------------
Hamid Ebadi has discovered a buffer overflow the
intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer
library. This flaw could allow an attacker to crash and application
using the t1lib shared libraries, and potentially execute arbitrary
code within such an application's security context.
http://www.linuxsecurity.com/content/view/130157
* Debian: New zoph packages fix SQL injection (Oct 18)
----------------------------------------------------
It was discovered that zoph, a web based photo management system,
performs insufficient input sanitising, which allows SQL injection.
http://www.linuxsecurity.com/content/view/130153
* Debian: New dhcp packages fix arbitrary code execution (Oct 18)
---------------------------------------------------------------
It was discovered that dhcp, a DHCP server for automatic IP address
assignment, didn't correctly allocate space for network replies. This
could potentially allow a malicious DHCP client to execute arbitary
code upon the DHCP server.
http://www.linuxsecurity.com/content/view/130151
--------------------------------------------------------------------------
* Gentoo: Sylpheed, Claws Mail User-assisted remote (Oct 25)
----------------------------------------------------------
A format string error has been discovered in Sylpheed and Claws Mail,
potentially leading to the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/130300
* Gentoo: Qt Buffer overflow (Oct 25)
-----------------------------------
An off-by-one vulnerability has been discovered in Qt, possibly
resulting in the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/130299
* Gentoo: ImageMagick Multiple vulnerabilities (Oct 24)
-----------------------------------------------------
Multiple vulnerabilities have been discovered in ImageMagick, possibly
resulting in arbitrary code execution or a Denial of Service.
http://www.linuxsecurity.com/content/view/130283
* Gentoo: HPLIP Privilege escalation (Oct 24)
-------------------------------------------
The hpssd daemon might allow local attackers to execute arbitrary
commands with root privileges.
http://www.linuxsecurity.com/content/view/130282
* Gentoo: MLDonkey Privilege escalation (Oct 24)
----------------------------------------------
The Gentoo MLDonkey ebuild adds a user to the system with a valid login
shell and no password. A remote attacker could log into a vulnerable
system as the p2p user.
This would require an installed login service that permitted empty
passwords, such as SSH configured with the "PermitEmptyPasswords yes"
option, a local login console, or a telnet server.
http://www.linuxsecurity.com/content/view/130281
* Gentoo: OpenOffice.org Heap-based buffer overflow (Oct 23)
----------------------------------------------------------
A heap-based buffer overflow vulnerability has been discovered in
OpenOffice.org, allowing for the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/130186
* Gentoo: Star Directory traversal vulnerability (Oct 22)
-------------------------------------------------------
A directory traversal vulnerability has been discovered in Star.
Robert Buchholz of the Gentoo Security team discovered a directory
traversal vulnerability in the has_dotdot() function which does not
identify //.. (slash slash dot dot) sequences in file names inside tar
files.
http://www.linuxsecurity.com/content/view/130181
* Gentoo: TRAMP Insecure temporary file creation (Oct 20)
-------------------------------------------------------
The TRAMP package for GNU Emacs insecurely creates temporary files.
Stefan Monnier discovered that the tramp-make-tramp-temp-file()
function creates temporary files in an insecure manner.
http://www.linuxsecurity.com/content/view/130168
* Gentoo: TikiWiki Arbitrary command execution (Oct 20)
-----------------------------------------------------
Tikiwiki contains a command injection vulnerability which may allow
remote execution of arbitrary code. ShAnKaR reported that input passed
to the "f" array parameter in
tiki-graph_formula.php is not properly verified before being used to
execute PHP functions.
http://www.linuxsecurity.com/content/view/130167
* Gentoo: PDFKit, ImageKits Buffer overflow (Oct 18)
--------------------------------------------------
PDFKit and ImageKits are vulnerable to an integer overflow and a stack
overflow allowing for the user-assisted execution of arbitrary code.
http://www.linuxsecurity.com/content/view/130156
* Gentoo: The Sleuth Kit Integer underflow (Oct 18)
-------------------------------------------------
An integer underflow vulnerability has been reported in The Sleuth Kit
allowing for the user-assisted execution of arbitrary code.
http://www.linuxsecurity.com/content/view/130155
* Gentoo: util-linux Local privilege escalation (Oct 18)
------------------------------------------------------
The mount and umount programs might allow local attackers to gain root
privileges.
http://www.linuxsecurity.com/content/view/130152
--------------------------------------------------------------------------
* Mandriva: Updated shared-mime-info packages fix incorrect (Oct 24)
------------------------------------------------------------------
The freedesktop.org MIME type database contains a wrong MIME type for
HTML documents. This information is used by GNOME and other desktop
environments to identify files and could cause trouble with the beagle
desktop search and other applications.
This update corrects this issue.
http://www.linuxsecurity.com/content/view/130279
* Mandriva: Updated Firefox packages fix multiple (Oct 23)
--------------------------------------------------------
A number of security vulnerabilities have been discovered and corrected
in the latest Mozilla Firefox program, version 2.0.0.8.
This update provides the latest Firefox to correct these issues.
As well, it provides Firefox 2.0.0.8 for older products.
http://www.linuxsecurity.com/content/view/130194
* Mandriva: Updated nfs-utils package fixes bug with (Oct 23)
-----------------------------------------------------------
The nfs-utils package had some issues with it's provided initscripts
including: a lack of dependency on portmap made the various services
start in an arbitary order prior to portmap starting, and parallel
execution of rpcidmapd and rpcgss led to a launch failure due to a
sunrpc module loading failure.
The updated packages correct these issues.
http://www.linuxsecurity.com/content/view/130185
* Mandriva: Updated hplip packages fix vulnerabilities (Oct 22)
-------------------------------------------------------------
A vulnerability in the hpssd tool was discovered where it did not
correctly handle shell meta-characters. A local attacker could use
this flaw to execute arbitrary commands as the hplip user.
As well, this update fixes a problem with some HP scanners on Mandriva
Linux 2007.1, particularly HP PSC 1315, which wouldn't be detected and
also fixes a problem with HP 1220 and possibly other models when
scanning via the OpenOffice.org suite.
Updated packages have been patched to prevent these issues.
http://www.linuxsecurity.com/content/view/130183
* Mandriva: Updated tk packages fix vulnerabilities (Oct 18)
----------------------------------------------------------
A vulnerablity in Tk was found that could be used to overrun a buffer
when loading certain GIF images. If a user were tricked into opening a
specially crafted GIF file, it could lead to a denial of service
condition or possibly the execution of arbitrary code with the user's
privileges. Updated packages have been patched to prevent this issue.
http://www.linuxsecurity.com/content/view/130158
--------------------------------------------------------------------------
* RedHat: Moderate: httpd security update (Oct 25)
------------------------------------------------
Updated httpd packages that fix two security issues are now available
for Red Hat Application Stack.
http://www.linuxsecurity.com/content/view/130297
* RedHat: Moderate: php security update (Oct 25)
----------------------------------------------
Updated PHP packages that fix several security issues are now available
for Red Hat Application Stack. Various integer overflow flaws were found in
the PHP gd extension.
http://www.linuxsecurity.com/content/view/130296
* RedHat: Moderate: libpng security update (Oct 23)
-------------------------------------------------
Updated libpng packages that fix security issues are now available for
Red
Hat Enterprise Linux. Several flaws were discovered in the way libpng
handled various PNG image
chunks. An attacker could create a carefully crafted PNG image file in
such a way that it could cause an application linked with libpng to
crash
when the file was manipulated.
This update has been rated as having moderate security impact by the
Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130193
* RedHat: Moderate: php security update (Oct 23)
----------------------------------------------
Updated PHP packages that fix several security issues are now available
for Red Hat Application Stack.
http://www.linuxsecurity.com/content/view/130192
* RedHat: Moderate: php security update (Oct 23)
----------------------------------------------
Updated PHP packages that fix several security issues are now available
for Red Hat Enterprise Linux 2.1. Various integer overflow flaws were found
in the PHP gd extension. A script that could be forced to resize images
from an untrusted source could possibly allow a remote attacker to execute
arbitrary code as the apache user.
http://www.linuxsecurity.com/content/view/130191
* RedHat: Important: dhcp security update (Oct 23)
------------------------------------------------
An updated dhcp package that corrects a security flaw is now available
for Red Hat Enterprise Linux 2.1. The dhcp package provides the ISC Dynamic
Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP
is a protocol that allows devices to get their own network configuration
information from a server. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130187
* RedHat: Important: flac security update (Oct 22)
------------------------------------------------
An updated flac package to correct a security issue is now available
for Red Hat Enterprise Linux 4 and 5. FLAC is a Free Lossless Audio Codec.
The flac package consists of a FLAC encoder and decoder in library
form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various
music players.
http://www.linuxsecurity.com/content/view/130174
* RedHat: Moderate: openssl security update (Oct 22)
--------------------------------------------------
Updated OpenSSL packages that correct security issues are now available
for Red Hat Enterprise Linux 2.1 and 3. A flaw was found in the
SSL_get_shared_ciphers() utility function. An attacker could send a
list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-5135).
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130170
* RedHat: Important: kernel security update (Oct 22)
--------------------------------------------------
Updated kernel packages that fix various security issues in the Red Hat
Enterprise Linux 5 kernel are now available. A flaw was found in the
backported stack unwinder fixes in Red Hat Enterprise Linux 5. On
AMD64 and Intel 64 platforms, a local user could
trigger this flaw and cause a denial of service.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/130171
* RedHat: Critical: seamonkey security update (Oct 19)
----------------------------------------------------
Updated seamonkey packages that fix several security bugs are now
available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has
been rated as having critical security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/130162
* RedHat: Critical: firefox security update (Oct 19)
--------------------------------------------------
Updated firefox packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having critical security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/130163
* RedHat: Moderate: thunderbird security update (Oct 19)
------------------------------------------------------
Updated thunderbird packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/130164
--------------------------------------------------------------------------
* Slackware: firefox, seamonkey (Oct 25)
----------------------------------------
New mozilla-firefox packages are available for Slackware 10.2, 11.0,
12.0, and -current to fix security issues. New seamonkey updates are
available for Slackware 11.0, 12.0, and -current to address similar issues.
http://www.linuxsecurity.com/content/view/130292
--------------------------------------------------------------------------
* Ubuntu: libpng vulnerabilities (Oct 25)
----------------------------------------
It was discovered that libpng did not properly perform bounds checking
and comparisons in certain operations. An attacker could send a
specially crafted PNG image and cause a denial of service in applications
linked against libpng.
http://www.linuxsecurity.com/content/view/130298
* Ubuntu: gnome-screensaver vulnerability (Oct 23)
-------------------------------------------------
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver.
http://www.linuxsecurity.com/content/view/130199
* Ubuntu: Thunderbird vulnerabilities (Oct 23)
---------------------------------------------
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5339,
http://www.linuxsecurity.com/content/view/130200
* Ubuntu: dhcp vulnerability (Oct 23)
------------------------------------
USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete,
and only reduced the scope of the vulnerability, without fully solving
it. This update fixes the problem.
Nahuel Riva and Gerardo Richarte discovered that the DHCP server did
not correctly handle certain client options. A remote attacker could send
malicious DHCP replies to the server and execute arbitrary code.
http://www.linuxsecurity.com/content/view/130198
* Ubuntu: Firefox vulnerabilities (Oct 23)
-----------------------------------------
Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5336,
CVE-2007-5339, CVE-2007-5340)
http://www.linuxsecurity.com/content/view/130184
* Ubuntu: Ghostscript vulnerability (Oct 22)
-------------------------------------------
USN-501-1 fixed vulnerabilities in Jasper.
It was discovered that Jasper did not correctly handle corrupted
JPEG2000 images. By tricking a user into opening a specially crafted JPG,
a remote attacker could cause the application using libjasper to crash,
resulting in a denial of service.
http://www.linuxsecurity.com/content/view/130182
* Ubuntu: util-linux vulnerability (Oct 22)
------------------------------------------
Ludwig Nussel discovered that mount and umount did not properly
drop privileges when using helper programs. Local attackers may be
able to bypass security restrictions and gain root privileges using
programs such as mount.nfs or mount.cifs.
http://www.linuxsecurity.com/content/view/130178
* Ubuntu: OpenSSL vulnerability (Oct 22)
---------------------------------------
Andy Polyakov discovered that the DTLS implementation in OpenSSL
was vulnerable. A remote attacker could send a specially crafted
connection request to services using DTLS and execute arbitrary code
with the service's privileges. There are no known Ubuntu applications
that are currently using DTLS.
http://www.linuxsecurity.com/content/view/130179
* Ubuntu: nagios-plugins vulnerability (Oct 22)
----------------------------------------------
Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user.
http://www.linuxsecurity.com/content/view/130177
* Ubuntu: dhcp vulnerability (Oct 22)
------------------------------------
Nahuel Riva and Gerardo Richarte discovered that the DHCP server did
not correctly handle certain client options. A remote attacker could
send malicious DHCP replies to the server and execute arbitrary code.
http://www.linuxsecurity.com/content/view/130176
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Home] [Fedora Announce] [Linux Crypto] [Kernel] [Netfilter] [Video for Linux] [Bugtraq] [USB] [Network Security] [Fedora Security]
|