|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 14th, 2007 Volume 8, Number 51 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for ruby, libnss, htdig, samba, qt,
firefox, wpa_supplicant, openssh-askpass, mysql, e2fsprogs, tomcat, java,
autofs, python, and cairo. The distributors include Debian, Fedora,
Mandriva, Red Hat, SuSE, and Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Knock, Knock, Knockin' on EnGarde's Door (with FWKNOP)
------------------------------------------------------
Secret knocks have been used for purposes as simple and childish as
identifying friend or foe during a schoolyard fort war. Fraternities
teach these knocks as a rite of passage into their society, and in our
security world we can implement this layer of security to lock down an
SSH server.
With this guide on FWKNOP by Eckie S. (one of our own), you are taken on
an easy-to-follow process of securing your platform with your own client
and server port knocking set-up.
Installation, iptable Rules setup, configuring access for the client and
server, and everything in between. Check it out!
http://www.linuxsecurity.com/content/view/131846
---
Master's Student: Social Engineering is not just a definition!
--------------------------------------------------------------
We are happy to announce a new addition to the Linux Security
Contributing Team: Gian G. Spicuzza. Currently a Graduate Student
pursuing a Masters Degree in Computer Security (MSIA), Gian is a
certified Linux/Unix administrator, the lead developer for the
OSCAR-Backup System (at Sourceforge.com) and has experience in a variety
of CSO, Management and consulting positions.
His first topic is a quick foray into the world and psychology of Social
Engineering:
All the security in the world isn't going to stop one of your employees
or coworkers from giving up information. Just how easy is it?
http://www.linuxsecurity.com/content/view/131036
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.18 (Version 3.0, Release 18). This release includes the
brand new Health Center, new packages for FWKNP and PSAD, updated
packages and bug fixes, some feature enhancements to Guardian Digital
WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source, and
has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database
and e-mail security, integrated intrusion detection and SELinux
policies and more.
http://www.linuxsecurity.com/content/view/131851
--------------------------------------------------------------------------
* Debian: New Linux 2.6.18 packages fix several vulnerabilities (Dec 11)
----------------------------------------------------------------------
Eric Sandeen provided a backport of Tejun Heo's fix for a local denial
of service vulnerability in sysfs. Under memory pressure, a dentry
structure maybe reclaimed resulting in a bad pointer dereference
causing an oops during a readdir.
http://www.linuxsecurity.com/content/view/132136
* Debian: New ruby-gnome2 packages fix execution of arbitrary code (Dec 11)
-------------------------------------------------------------------------
It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby
language, didn't properly sanitize input prior to constructing dialogs.
This could allow for the execution of arbitary code if untrusted input
is displayed within a dialog.
http://www.linuxsecurity.com/content/view/132133
* Debian: New libnss-ldap packages fix denial of service (Dec 11)
---------------------------------------------------------------
It was reported that a race condition exists in libnss-ldap, an NSS
module for using LDAP as a naming service, which could cause denial of
service attacks when applications use pthreads.
http://www.linuxsecurity.com/content/view/132132
* Debian: New htdig packages fix cross site scripting (Dec 11)
------------------------------------------------------------
Michael Skibbe discovered that htdig, a WWW search system for an
intranet or small internet, did not adequately quote values submitted
to the search script, allowing remote attackers to inject arbitrary
script or HTML into specially crafted links.
http://www.linuxsecurity.com/content/view/132131
* Debian: New Linux 2.6.18 packages fix several vulnerabilities (Dec 11)
----------------------------------------------------------------------
and remote vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. Eric Sandeen provided a backport of Tejun Heo's fix for a local
denial of service vulnerability in sysfs. Under memory pressure, a
dentry structure maybe reclaimed resulting in a bad pointer dereference
causing an oops during a readdir.
http://www.linuxsecurity.com/content/view/132128
* Debian: New samba packages fix arbitrary code execution (Dec 10)
----------------------------------------------------------------
Alin Rad Pop discovered that Samba, a LanManager-like file and printer
server for Unix, is vulnerable to a buffer overflow in the nmbd code
which handles GETDC mailslot requests, which might lead to the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/132047
--------------------------------------------------------------------------
* Fedora 7 Update: qt4-theme-quarticurve (Dec 13)
-----------------------------------------------
This update fixes Quarticurve to use system icons (rather than builtin
Qt ones) in Qt 4 dialogs (e.g. QPrintDialog) also in KDE 4 apps.
http://www.linuxsecurity.com/content/view/132203
--------------------------------------------------------------------------
* Mandriva: Updated Firefox packages fix multiple (Dec 14)
--------------------------------------------------------
A number of security vulnerabilities have been discovered and corrected
in the latest Mozilla Firefox program, version 2.0.0.11. This update
provides the latest Firefox to correct these issues. As well, it
provides Firefox 2.0.0.11 for older products.
http://www.linuxsecurity.com/content/view/132236
* Mandriva: Updated wpa_supplicant package fixes remote (Dec 13)
--------------------------------------------------------------
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0
allows remote attackers to cause a denial of service (crash) via
crafted TSF data. Updated package fixes this issue.
http://www.linuxsecurity.com/content/view/132201
* Mandriva: Updated samba packages fix vulnerability (Dec 11)
-----------------------------------------------------------
Alin Rad Pop of Secunia Research discovered a stack buffer overflow in
how Samba authenticates remote users. A remote unauthenticated user
could trigger this flaw to cause the Samba server to crash, or possibly
execute arbitrary code with the permissions of the Samba server. The
updated packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/132135
* Mandriva: Updated openssh-askpass-qt package fixes exit (Dec 11)
----------------------------------------------------------------
The QT openssh password asking dialog, provided by openssh-askpass-qt
package, would always exit with successful status (0), even when the
user did not press the Ok button. This would, at least, make the
openssh client always allow sharing a connection when ControlMaster
option was set to ask. This update fixes the issue.
http://www.linuxsecurity.com/content/view/132134
* Mandriva: Updated MySQL packages fix multiple (Dec 10)
------------------------------------------------------
A vulnerability in MySQL prior to 5.0.45 did not require priveliges
such as SELECT for the source table in a CREATE TABLE LIKE statement,
allowing remote authenticated users to obtain sensitive information
such as the table structure (CVE-2007-3781).
http://www.linuxsecurity.com/content/view/132127
* Mandriva: Updated e2fsprogs packages fix vulnerability (Dec 10)
---------------------------------------------------------------
Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained
multiple integer overflows in memory allocations, based on sizes taken
directly from filesystem information. These flaws could result in
heap-based overflows potentially allowing for the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/132126
* Mandriva: Updated tomcat5 packages fix multiple (Dec 10)
--------------------------------------------------------
A number of vulnerabilities were found in Tomcat: A directory traversal
vulnerability, when using certain proxy modules, allows a remote
attacker to read arbitrary files via a .. (dot dot) sequence with
various slash, backslash, or url-encoded backslash characters
(CVE-2007-0450; affects Mandriva Linux 2007.1 only). Multiple
cross-site scripting vulnerabilities in certain JSP files allow remote
attackers to inject arbitrary web script or HTML (CVE-2007-2449).
http://www.linuxsecurity.com/content/view/132048
--------------------------------------------------------------------------
* RedHat: Moderate: java-1.4.2-bea security update (Dec 12)
---------------------------------------------------------
A buffer overflow in the Java Runtime Environment image handling code
was found. If an attacker is able to cause a server application to
process a specially crafted image file, it may be possible to execute
arbitrary code as the user running the Java Virtual Machine.
http://www.linuxsecurity.com/content/view/132138
* RedHat: Important: autofs security update (Dec 12)
--------------------------------------------------
Updated autofs packages are now available to fix a security flaw for
Red Hat Enterprise Linux 5. There was a security issue with the
default installed configuration of autofs version 5 whereby the entry
for the "hosts" map did not specify the "nosuid" mount option. A local
user with control of a remote nfs server could create a setuid root
executable within an exported filesystem on the remote nfs server that,
if mounted using the default hosts map, would allow the user to gain
root privileges.
http://www.linuxsecurity.com/content/view/132139
* RedHat: Important: autofs5 security update (Dec 12)
---------------------------------------------------
Updated Red Hat Enterprise Linux 4 Technology Preview autofs5 packages
are now available to fix a security flaw. There was a security issue
with the default installed configuration of autofs version 5 whereby
the entry for the "hosts" map did not specify the "nosuid" mount
option. A local user with control of a remote nfs server could create a
setuid root executable within an exported filesystem on the remote nfs
server that, if mounted using the default hosts map, would allow the
user to gain root privileges. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132140
* RedHat: Critical: samba security update (Dec 10)
------------------------------------------------
Updated samba packages that fix a security issue are now available for
Red Hat Enterprise Linux 4.5 Extended Update Support.A stack buffer
overflow flaw was found in the way Samba authenticates remote users. A
remote unauthenticated user could trigger this flaw to cause the Samba
server to crash, or execute arbitrary code with the permissions of the
Samba server. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132043
* RedHat: Moderate: python security update (Dec 10)
-------------------------------------------------
Updated python packages that fix several security issues are now
available for Red Hat Enterprise Linux 3 and 4.An integer overflow flaw
was discovered in the way Python's pcre module handled certain regular
expressions. If a Python application used the pcre module to compile
and execute untrusted regular expressions, it may be possible to cause
the application to crash, or allow arbitrary code execution with the
privileges of the Python interpreter. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132044
* RedHat: Moderate: python security update (Dec 10)
-------------------------------------------------
Updated python packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1. An integer overflow flaw
was discovered in the way Python's pcre module handled certain regular
expressions. If a Python application used the pcre module to compile
and execute untrusted regular expressions, it may be possible to cause
the application to crash, or allow arbitrary code execution with the
privileges of the Python interpreter. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132041
* RedHat: Critical: samba security and bug fix update (Dec 10)
------------------------------------------------------------
Updated samba packages that fix a security issue and a bug are now
available for Red Hat Enterprise Linux. A stack buffer overflow flaw
was found in the way Samba authenticates remote users. A remote
unauthenticated user could trigger this flaw to cause the Samba server
to crash, or execute arbitrary code with the permissions of the Samba
server. This update has been rated as having critical security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/132042
--------------------------------------------------------------------------
* SuSE: samba (SUSE-SA:2007:068) (Dec 12)
---------------------------------------
The Samba suite is an open-source implementatin of the SMB protocol.
This update of samba fixes a buffer overflow in function
send_mailslot() that allows remote attackers to overwrite the stack
with 0 (via memset(3)) by sending specially crafted SAMLOGON packets.
http://www.linuxsecurity.com/content/view/132137
--------------------------------------------------------------------------
* Ubuntu: Cairo regression (Dec 12)
----------------------------------
USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph
rendering was uncovered as a result of the new memory allocation
routines. In certain situations, fonts containing characters with no
width or height would not render any more. This update fixes the
problem. We apologize for the inconvenience.
http://www.linuxsecurity.com/content/view/132198
* Ubuntu: Cairo regression (Dec 10)
----------------------------------
Peter Valchev discovered that Cairo did not correctly decode PNG image
data. By tricking a user or automated system into processing a
specially crafted PNG with Cairo, a remote attacker could execute
arbitrary code with user privileges.
http://www.linuxsecurity.com/content/view/132046
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Home] [Fedora Announce] [Linux Crypto] [Kernel] [Netfilter] [Video for Linux] [Bugtraq] [USB] [Network Security] [Fedora Security]
|