Linux Advisory Watch: August 22nd, 2008
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| August 22nd, 2008 Volume 9, Number 34 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for postfix, xine-lib, mtr, yelp,
kernel, kdegraphics, amarok, cups, hplip, stunnel, yum-rhn-plugin, and
openwsman. The distributors include Debian, Gentoo, Mandriva, Red Hat,
SuSE, and Ubuntu.
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: Hacking Exposed Linux, Third Edition
--------------------------------------------
"Hacking Exposed Linux" by ISECOM (Institute for Security and Open
Methodologies) is a guide to help you secure your Linux environment.
This book does not only help improve your security it looks at why you
should. It does this by showing examples of real attacks and rates the
importance of protecting yourself from being a victim of each type of
attack.
http://www.linuxsecurity.com/content/view/141165
---
Security Features of Firefox 3.0
--------------------------------
Lets take a look at the security features of the newly released Firefox
3.0. Since it's release on Tuesday I have been testing it out to see
how the new security enhancements work and help in increase user
browsing security. One of the exciting improvements for me was how
Firefox handles SSL secured web sites while browsing the Internet.
There are also many other security features that this article will look
at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
http://www.linuxsecurity.com/content/view/138972
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.20 Now Available (Aug 19)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.20 (Version 3.0, Release 20). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the
very first security platforms developed entirely from open source,
and has been engineered from the ground-up to provide users and
organizations with complete, secure Web functionality, DNS, database,
e-mail security and even e-commerce.
http://www.linuxsecurity.com/content/view/141173
------------------------------------------------------------------------
* Debian: New postfix packages fix installability problem on i386 (Aug 19)
------------------------------------------------------------------------
Note that only specific configurations are vulnerable; the default
Debian installation is not affected. Only a configuration meeting the
following requirements is vulnerable: * The mail delivery style is
mailbox, with the Postfix built-in local(8) or virtual(8) delivery
agents. * The mail spool directory (/var/spool/mail) is
user-writeable. * The user can create hardlinks pointing to
root-owned symlinks located in other directories.
http://www.linuxsecurity.com/content/view/141172
* Debian: New postfix packages fix privilege escalation (Aug 18)
--------------------------------------------------------------
Sebastian Krahmer discovered that Postfix, a mail transfer agent,
incorrectly checks the ownership of a mailbox. In some
configurations, this allows for appending data to arbitrary files as
root.
http://www.linuxsecurity.com/content/view/141170
------------------------------------------------------------------------
* Gentoo: Postfix Local privilege escalation (Aug 14)
---------------------------------------------------
Sebastian Krahmer of SuSE has found that Postfix allows to deliver
mail to root-owned symlinks in an insecure manner under certain
conditions. Normally, Postfix does not deliver mail to symlinks,
except to root-owned symlinks, for compatibility with the systems
using symlinks in /dev like Solaris. Furthermore, some systems like
Linux allow to hardlink a symlink, while the POSIX.1-2001 standard
requires that the symlink is followed.
http://www.linuxsecurity.com/content/view/141161
------------------------------------------------------------------------
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:178 ] xine-lib (Aug 21)
---------------------------------------------------------------------------
Alin Rad Pop found an array index vulnerability in the SDP parser of
xine-lib. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker could possibly execute
arbitrary code with the privileges of the user using the program
(CVE-2008-0073).
http://www.linuxsecurity.com/content/view/141183
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:177 ] xine-lib (Aug 20)
---------------------------------------------------------------------------
Guido Landi found A stack-based buffer overflow in xine-lib that
could allow a remote attacker to cause a denial of service (crash)
and potentially execute arbitrary code via a long NSF title
(CVE-2008-1878). The updated packages have been patched to correct
this issue.
http://www.linuxsecurity.com/content/view/141182
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:176 ] mtr (Aug 20)
----------------------------------------------------------------------
A stack-based buffer overflow was found in mtr prior to version 0.73
that allowed remote attackers to execute arbitrary code via a crafted
DNS PTR record, when called with the --split option (CVE-2008-2357).
The updated packages provide mtr 0.73 which corrects this issue.
http://www.linuxsecurity.com/content/view/141181
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:175 ] yelp (Aug 20)
-----------------------------------------------------------------------
A format string vulnerability was discovered in yelp after version
2.19.90 and before 2.24 that could allow remote attackers to execute
arbitrary code via format string specifiers in an invalid URI on the
command-line or via URI helpers in Firefox, Evolution, or possibly
other programs (CVE-2008-3533). The updated packages have been
patched to correct this issue.
http://www.linuxsecurity.com/content/view/141180
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:174 ] kernel (Aug 19)
-------------------------------------------------------------------------
Some vulnerabilities were discovered and corrected in the Linux 2.6
kernel: Linux kernel before 2.6.22.17, when using certain drivers
that register a fault handler that does not perform range checks,
allows local users to access kernel memory via an out-of-range
offset. (CVE-2008-0007) The asn1 implementation in (a) the Linux
kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the
cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does
not properly validate length values during decoding of ASN.1 BER
data, which allows remote attackers to cause a denial of service
(crash) or execute arbitrary code via (1) a length greater than the
working buffer, which can lead to an unspecified overflow; (2) an oid
length of zero, which can lead to an off-by-one error; or (3) an
indefinite length for a primitive encoding. (CVE-2008-1673)
http://www.linuxsecurity.com/content/view/141177
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:173 ] kdegraphics (Aug 19)
------------------------------------------------------------------------------
Kees Cook of Ubuntu security found a flaw in how poppler prior to
version 0.6 displayed malformed fonts embedded in PDF files. An
attacker could create a malicious PDF file that would cause
applications using poppler to crash, or possibly execute arbitrary
code when opened (CVE-2008-1693). This vulnerability also affected
older versions of kpdf, so the updated packages have been patched to
correct this issue.
http://www.linuxsecurity.com/content/view/141174
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:171 ] postfix (Aug 15)
--------------------------------------------------------------------------
Sebastian Krahmer of the SUSE Security Team discovered a flaw in the
way Postfix dereferenced symbolic links. If a local user had write
access to a mail spool directory without a root mailbox file, it
could be possible for them to append arbitrary data to files that
root had write permissions to (CVE-2008-2936).
http://www.linuxsecurity.com/content/view/141166
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:172 ] amarok (Aug 15)
-------------------------------------------------------------------------
A flaw in Amarok prior to 1.4.10 would allow local users to overwrite
arbitrary files via a symlink attack on a temporary file that Amarok
created with a predictable name (CVE-2008-3699).
http://www.linuxsecurity.com/content/view/141167
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:170 ] cups (Aug 14)
-----------------------------------------------------------------------
Thomas Pollet discovered an integer overflow vulnerability in the PNG
image handling filter in CUPS. This could allow a malicious user to
execute arbitrary code with the privileges of the user running CUPS,
or cause a denial of service by sending a specially crafted PNG image
to the print server (CVE-2008-1722).
http://www.linuxsecurity.com/content/view/141154
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:169 ] hplip (Aug 14)
------------------------------------------------------------------------
Marc Schoenefeld of the Red Hat Security Response Team discovered a
vulnerability in the hplip alert-mailing functionality that could
allow a local attacker to elevate their privileges by using
specially-crafted packets to trigger alert mails that are sent by the
root account (CVE-2008-2940).
http://www.linuxsecurity.com/content/view/141153
* Mandriva: Subject: [Security Announce] [ MDVSA-2008:168 ] stunnel (Aug 14)
--------------------------------------------------------------------------
A vulnerability was found in the OCSP search functionality in stunnel
that could allow a remote attacker to use a revoked certificate that
would be successfully authenticated by stunnel (CVE-2008-2420). This
flaw only concerns users who have enabled OCSP validation
http://www.linuxsecurity.com/content/view/141152
------------------------------------------------------------------------
* RedHat: Moderate: postfix security update (Aug 14)
--------------------------------------------------
Updated postfix packages that fix a security issue are now available
for Red Hat Enterprise Linux 3, 4, and 5. A flaw was found in the way
Postfix dereferences symbolic links. If a local user has write access
to a mail spool directory with no root mailbox, it may be possible
for them to append arbitrary data to files that root has write
permission to. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/141159
* RedHat: Moderate: yum-rhn-plugin security update (Aug 14)
---------------------------------------------------------
Updated yum-rhn-plugin packages that fix a security issue are now
available for Red Hat Enterprise Linux 5. It was discovered that
yum-rhn-plugin did not verify the SSL certificate for all
communication with a Red Hat Network server. An attacker able to
redirect the network communication between a victim and an RHN server
could use this flaw to provide malicious repository metadata. This
metadata could be used to block the victim from receiving specific
security updates. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/141157
------------------------------------------------------------------------
* SuSE: openwsman (SUSE-SA:2008:041) (Aug 14)
-------------------------------------------
The SuSE Security-Team has found two critical issues in the code:
- two remote buffer overflows while decoding the HTTP basic
authentication header (CVE-2008-2234) - a possible SSL
session replay attack affecting the client (depending on the
configuration) (CVE-2008-2233)
http://www.linuxsecurity.com/content/view/141158
* SuSE: postfix (SUSE-SA:2008:040) (Aug 14)
-----------------------------------------
Postfix is a well known MTA. During a source code audit the SuSE
Security-Team discovered a local privilege escalation bug
(CVE-2008-2936) as well as a mailbox ownership problem
(CVE-2008-2937) in postfix. The first bug allowed local users to
execute arbitrary commands as root while the second one allowed local
users to read other users mail
http://www.linuxsecurity.com/content/view/141156
------------------------------------------------------------------------
* Ubuntu: xine-lib vulnerabilities (Aug 19)
------------------------------------------
Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)
http://www.linuxsecurity.com/content/view/141176
* Ubuntu: Postfix vulnerability (Aug 19)
---------------------------------------
Sebastian Krahmer discovered that Postfix was not correctly handling
mailbox ownership when dealing with Linux's implementation of
hardlinking to symlinks. In certain mail spool configurations, a
local attacker could exploit this to append data to arbitrary files
as the root user. The default Ubuntu configuration was not
vulnerable.
http://www.linuxsecurity.com/content/view/141175
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
