Linux Advisory Watch: May 23rd, 2008
+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| May 23rd, 2008 Volume 9, Number 21 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for xine-lib, speex, libfissound,
gnome-peercast, gnutls13, phpgedview, netpbm-free, php4, GnuTLS, ClamAV,
Mozilla, Perl, kernel, libid3tag, libvorbis, rdisktop, bind, mysql,
nss_ldap, compiz, vsftpd, dovecot, settroubleshoot, libxslt, gnutls,
java, openssl-blacklist. The distributors include Debian, Gentoo,
Mandriva, Red Hat, and Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26
---
Review: The Book of Wireless
----------------------------
=93The Book of Wireless=94 by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of Wireless
networks today anyone with a computer should at least know the basics of
wireless. Also, with the wireless networking, users need to know how to
protect themselves from wireless networking attacks.
http://www.linuxsecurity.com/content/view/136167
---
April 2008 Open Source Tool of the Month: sudo
----------------------------------------------
This month the editors at LinuxSecurity.com have chosen sudo as the Open
Source Tool of the Month!
http://www.linuxsecurity.com/content/view/135868
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.19 (Version 3.0, Release 19). This release includes many
updated packages and bug fixes and some feature enhancements to the
EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/136174
--------------------------------------------------------------------------
* Debian: New xine-lib packages fix several vulnerabilities (May 22)
------------------------------------------------------------------
Integer overflow vulnerabilities exist in xine's FLV, QuickTime,
RealMedia, MVE and CAK demuxers, as well as the EBML parser used by
the Matroska demuxer. These weaknesses allow an attacker to
overflow heap buffers and potentially execute arbitrary code by
supplying a maliciously crafted file of those types.
http://www.linuxsecurity.com/content/view/137481
* Debian: New speex packages fix execution of arbitrary code (May 21)
-------------------------------------------------------------------
It was discovered that speex, The Speex codec command line tools, did
not correctly did not correctly deal with negative offsets in a
particular header field. This could allow a malicious file to execute
arbitrary code.
http://www.linuxsecurity.com/content/view/137476
* Debian: New libfissound packages fix execution of arbitrary (May 21)
--------------------------------------------------------------------
It was discovered that libfishsound, a simple programming interface
that wraps Xiph.Org audio codecs, didn't correctly handle negative
values in a particular header field.=09This could allow malicious files
to execute arbitrary code
http://www.linuxsecurity.com/content/view/137475
* Debian: New gnome-peercast packages fix several vulnerabilities (May 20)
------------------------------------------------------------------------
Luigi Auriemma discovered that PeerCast is vulnerable to a heap
overflow in the HTTP server code, which allows remote attackers to
cause a denial of service and possibly execute arbitrary code via a
long SOURCE request.
http://www.linuxsecurity.com/content/view/137247
* Debian: New peercast packages fix arbitrary code execution (May 20)
-------------------------------------------------------------------
Nico Golde discovered that PeerCast, a P2P audio and video streaming
server, is vulnerable to a buffer overflow in the HTTP Basic
Authentication code, allowing a remote attacker to crash PeerCast or
execure arbitrary code.
http://www.linuxsecurity.com/content/view/137246
* Debian: New gnutls13 packages fix potential code execution (May 20)
-------------------------------------------------------------------
A pre-authentication heap overflow involving oversized session
resumption data may lead to arbitrary code execution (CVE-2008-1948).
http://www.linuxsecurity.com/content/view/137244
* Debian: New phpgedview packages fix privilege escalation (May 20)
-----------------------------------------------------------------
It was discovered that phpGedView, an application to provide online
access to genealogical data, allowed remote attackers to gain
administrator privileges due to a programming error.
http://www.linuxsecurity.com/content/view/137239
* Debian: New netpbm-free packages fix arbitrary code execution (May 18)
----------------------------------------------------------------------
A vulnerability was discovered in the GIF reader implementation in
netpbm-free, a suite of image manipulation utilities. Insufficient
input data validation could allow a maliciously-crafted GIF file to
overrun a stack buffer, potentially permitting the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/137227
* Debian: New php4 packages fix several vulnerabilities (May 17)
--------------------------------------------------------------
Several vulnerabilities have been discovered in PHP version 4, a
server-side, HTML-embedded scripting language. The Common
Vulnerabilities and Exposures project identifies the following
problems:
http://www.linuxsecurity.com/content/view/137086
--------------------------------------------------------------------------
* Gentoo: GnuTLS Execution of arbitrary code (May 22)
---------------------------------------------------
Multiple vulnerabilities might allow for the execution of arbitrary
code in daemons using GnuTLS.
http://www.linuxsecurity.com/content/view/137478
* Gentoo: GnuTLS Execution of arbitrary code (May 21)
---------------------------------------------------
Multiple vulnerabilities might allow for the execution of arbitrary
code in daemons using GnuTLS.
http://www.linuxsecurity.com/content/view/137477
* Gentoo: ClamAV Multiple vulnerabilities (May 20)
------------------------------------------------
Multiple vulnerabilities in ClamAV may result in the remote execution
of arbitrary code.
http://www.linuxsecurity.com/content/view/137250
* Gentoo: Mozilla products Multiple vulnerabilities (May 20)
----------------------------------------------------------
Multiple vulnerabilities have been reported in Mozilla Firefox,
Thunderbird, SeaMonkey and XULRunner, some of which may allow
user-assisted execution of arbitrary code.
http://www.linuxsecurity.com/content/view/137249
* Gentoo: Perl Execution of arbitrary code (May 20)
-------------------------------------------------
A double free vulnerability was discovered in
Perl, possibly resulting in the execution of arbitrary code and a
Denial of Service.
http://www.linuxsecurity.com/content/view/137248
--------------------------------------------------------------------------
* Mandriva: Updated kernel packages fix vulnerabilities (May 21)
--------------------------------------------------------------
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740) The
drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11
session and Direct Rendering Manager (DRM) to write to arbitrary memory
locations and gain privileges via a crafted batchbuffer.
(CVE-2007-3851)
http://www.linuxsecurity.com/content/view/137462
* Mandriva: Updated kernel packages fix vulnerabilities (May 20)
--------------------------------------------------------------
A race condition in the directory notification subsystem (dnotify) in
Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows
local users to cause a denial of service (OOPS) and possibly gain
privileges via unspecified vectors. (CVE-2008-1375) The Linux kernel
before 2.6.25.2 does not apply a certain protection mechanism for fcntl
functionality, which allows local users to (1) execute code in parallel
or (2) exploit a race condition to obtain re-ordered access to the
descriptor table. (CVE-2008-1669) Additionaly, the updated kernel for
Mandriva Linux 2008.0 has bug fixes for sound on NEC S970 systems, an
oops in module rt73, and the -devel package fixes DKMS builds. To
update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
http://www.linuxsecurity.com/content/view/137251
* Mandriva: Updated libid3tag packages fix denial of service (May 19)
-------------------------------------------------------------------
field.c in the libid3tag 0.15.0b library allows context-dependent
attackers to cause a denial of service (CPU and memory consumption) via
an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an
infinite loop. The updated packages have been patched to correct this.
http://www.linuxsecurity.com/content/view/137233
* Mandriva: Updated libvorbis packages fix vulnerabilities (May 16)
-----------------------------------------------------------------
Will Drewry of the Google Security Team reported several
vulnerabilities in how libvorbis processed audio data. An attacker
could create a carefuly crafted OGG audio file in such a way that it
would cause an application linked to libvorbis to crash or possibly
execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420,
CVE-2008-1423).
http://www.linuxsecurity.com/content/view/137085
* Mandriva: Updated rdesktop packages fix vulnerabilities (May 16)
----------------------------------------------------------------
Several vulnerabilities were discovered in rdesktop, a Remote Desktop
Protocol client. An integer underflow vulnerability allowed attackers
to cause a denial of service (crash) and possibly execute arbitrary
code with the privileges of the logged-in user (CVE-2008-1801).
http://www.linuxsecurity.com/content/view/137084
--------------------------------------------------------------------------
* RedHat: Moderate: bind security, bug fix, (May 21)
--------------------------------------------------
Updated bind packages that fix two security issues, several bugs, and
add enhancements are now available for Red Hat Enterprise Linux 5. This
update has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/137469
* RedHat: Low: mysql security and bug fix update (May 21)
-------------------------------------------------------
Updated mysql packages that fix various security issues and several
bugs are now available for Red Hat Enterprise Linux 5. This update has
been rated as having low security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/137470
* RedHat: Low: nss_ldap security and bug fix update (May 21)
----------------------------------------------------------
An updated nss_ldap package that fixes a security issue and several
bugs is now available. This update has been rated as having low
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/137471
* RedHat: Low: compiz security update (May 21)
--------------------------------------------
Updated compiz packages that prevent Compiz from breaking screen saver
grabs are now available for Red Hat Enterprise Linux 5. This update has
been rated as having low security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/137472
* RedHat: Low: vsftpd security and bug fix update (May 21)
--------------------------------------------------------
An updated vsftpd package that fixes a security issue and several bugs
is now available for Red Hat Enterprise Linux 5. A memory leak was
discovered in the vsftpd daemon. An attacker who is able to connect to
an FTP service, either as an authenticated or anonymous user, could
cause vsftpd to allocate all available memory if the "deny_file" option
was enabled in vsftpd.conf. (CVE-2007-5962)
http://www.linuxsecurity.com/content/view/137467
* RedHat: Low: dovecot security and bug fix update (May 21)
---------------------------------------------------------
An updated dovecot package that fixes several security issues and
various bugs is now available for Red Hat Enterprise Linux 5. This
update has been rated as having low security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/137468
* RedHat: Moderate: setroubleshoot security and bug fix (May 21)
--------------------------------------------------------------
Updated setroubleshoot packages that fix two security issues and
several bugs are now available for Red Hat Enterprise Linux 5. The
setroubleshoot packages provide tools to help diagnose SELinux
problems. When AVC messages occur, an alert is generated that gives
information about the problem, and how to create a resolution.
http://www.linuxsecurity.com/content/view/137466
* RedHat: Important: libxslt security update (May 21)
---------------------------------------------------
Updated libxslt packages that fix a security issue are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/137252
* RedHat: Critical: gnutls security update (May 20)
-------------------------------------------------
Updated gnutls packages that fix several security issues are now
available for Red Hat Enterprise Linux 5. Flaws were found in the way
GnuTLS handles malicious client connections. A malicious remote client
could send a specially crafted request to a service using GnuTLS that
could cause the service to crash. (CVE-2008-1948, CVE-2008-1949,
CVE-2008-1950)
http://www.linuxsecurity.com/content/view/137241
* RedHat: Important: gnutls security update (May 20)
--------------------------------------------------
Updated gnutls packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. Flaws were found in the way
GnuTLS handles malicious client connections. A malicious remote client
could send a specially crafted request to a service using GnuTLS that
could cause the service to crash. (CVE-2008-1948, CVE-2008-1949,
CVE-2008-1950)
http://www.linuxsecurity.com/content/view/137242
* RedHat: Important: kernel security and bug fix update (May 20)
--------------------------------------------------------------
Updated kernel packages that fix various security issues and several
bugs are now available for Red Hat Enterprise Linux 5. This update has
been rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/137238
* RedHat: Critical: java-1.6.0-ibm security update (May 19)
---------------------------------------------------------
Updated java-1.6.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 5 Supplementary. A flaw was
found in the Java XSLT processing classes. An untrusted application or
applet could cause a denial of service, or execute arbitrary code with
the permissions of the user running the JRE. (CVE-2008-1187)
http://www.linuxsecurity.com/content/view/137231
--------------------------------------------------------------------------
* Ubuntu: openssl-blacklist update (May 21)
------------------------------------------
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by introducing openssl-blacklist to aid in
detecting vulnerable private keys. This update enhances the
openssl-vulnkey tool to check X.509 certificates as well, and provides
the corresponding update for Ubuntu 6.06. While the OpenSSL in Ubuntu
6.06 was not vulnerable, openssl-blacklist is now provided for Ubuntu
6.06 for checking certificates and keys that may have been imported on
these systems.
http://www.linuxsecurity.com/content/view/137474
* Ubuntu: GnuTLS vulnerabilities (May 21)
----------------------------------------
Multiple flaws were discovered in the connection handling of GnuTLS. A
remote attacker could exploit this to crash applications linked against
GnuTLS, or possibly execute arbitrary code with permissions of the
application's user.
http://www.linuxsecurity.com/content/view/137464
* Ubuntu: OpenSSH update (May 20)
--------------------------------
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1. This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the
OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak
keys generated on systems that may have been affected themselves.
Original advisory details:
http://www.linuxsecurity.com/content/view/137240
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
