Linux Advisory Watch - January 30th 2009
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| January 30th, 2009 Volume 10, Number 5 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for moin, rt, typo3,
ganglia-monitor-core, dia, kernel, vnc, ntp, tor, libnasl, nessus,
drupal, amaorok, mumbles, moodle, uw-imap, cups, phpMyAdmin, pidgin,
java, openssl, bind, vim, ktorrent, xine-lib, libpng, python, and dbus.
The distributors include Debian, Fedora, Mandriva, Red Hat, SuSE, and
Pardus.
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond. But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?" The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.
http://www.linuxsecurity.com/content/view/145939
---
A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.
http://www.linuxsecurity.com/content/view/144088
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: New moin packages fix insufficient input sanitising (Jan 29)
--------------------------------------------------------------------
It was discovered that the AttachFile action in moin, a python clone
of WikiWiki, is prone to cross-site scripting attacks
(CVE-2009-0260). Another cross-site scripting vulnerability was
discovered in the antispam feature (CVE-2009-0312).
http://www.linuxsecurity.com/content/view/147871
* Debian: New rt2570 packages fix arbitrary code execution (Jan 28)
-----------------------------------------------------------------
It was discovered that an integer overflow in the "Probe Request"
packet parser of the Ralinktech wireless drivers might lead to remote
denial of service or the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/147870
* Debian: New rt2500 packages fix arbitrary code execution (Jan 28)
-----------------------------------------------------------------
It was discovered that an integer overflow in the "Probe Request"
packet parser of the Ralinktech wireless drivers might lead to remote
denial of service or the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/147869
* Debian: New rt2400 packages fix arbitrary code execution (Jan 28)
-----------------------------------------------------------------
It was discovered that an integer overflow in the "Probe Request"
packet parser of the Ralinktech wireless drivers might lead to remote
denial of service or the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/147868
* Debian: New TYPO3 packages fix remote code execution (Jan 26)
-------------------------------------------------------------
Several remotely exploitable vulnerabilities have been discovered in
the TYPO3 web content management framework. The Common
Vulnerabilities and Exposures project identifies the following
problems...
http://www.linuxsecurity.com/content/view/147856
* Debian: New ganglia-monitor-core packages fix remote code execution (Jan 25)
----------------------------------------------------------------------------
Spike Spiegel discovered a stack-based buffer overflow in gmetad, the
meta-daemon for the ganglia cluster monitoring toolkit, which could
be triggered via a request with long path names and might enable
arbitrary code execution.
http://www.linuxsecurity.com/content/view/147842
------------------------------------------------------------------------
* Fedora 9 Update: dia-0.96.1-7.fc9 (Jan 26)
------------------------------------------
Filter out untrusted python modules search path to remove the
possibility to run arbitrary code on the user's system if there is a
python file in dia's working directory named the same as one that
dia's python scripts try to import.
http://www.linuxsecurity.com/content/view/147862
* Fedora 9 Update: kernel-2.6.27.12-78.2.8.fc9 (Jan 26)
-----------------------------------------------------
Includes security fixes: CVE-2009-0029 Linux Kernel insecure 64 bit
system call argument passing CVE-2009-0065 kernel: sctp: memory
overflow when FWD-TSN chunk is received with bad stream ID Also
fixes bug 478299, reported against Fedora 10: AVC denials on kernel
2.6.27.9-159.fc10.x86_64 Reverts ALSA driver to the version that
is upstream in kernel 2.6.27. This should fix lack of audio on
headphone outputs for some notebooks.
http://www.linuxsecurity.com/content/view/147861
* Fedora 9 Update: vnc-4.1.3-1.fc9 (Jan 26)
-----------------------------------------
Update to 4.1.3 maintenance release which contains fix for
CVE-2008-4770
http://www.linuxsecurity.com/content/view/147860
* Fedora 10 Update: vnc-4.1.3-1.fc10 (Jan 26)
-------------------------------------------
Update to 4.1.3 maintenance release which contains fix for
CVE-2008-4770
http://www.linuxsecurity.com/content/view/147859
* Fedora 10 Update: kernel-2.6.27.12-170.2.5.fc10 (Jan 26)
--------------------------------------------------------
Includes security fixes: CVE-2009-0029 Linux Kernel insecure 64 bit
system call argument passing CVE-2009-0065 kernel: sctp: memory
overflow when FWD-TSN chunk is received with bad stream ID Reverts
ALSA driver to the version that is upstream in kernel 2.6.27. This
should be the last 2.6.27 kernel update for Fedora 10. A 2.6.28
update kernel is being tested.
http://www.linuxsecurity.com/content/view/147858
* Fedora 10 Update: dia-0.96.1-9.fc10 (Jan 26)
--------------------------------------------
Filter out untrusted python modules search path to remove the
possibility to run arbitrary code on the user's system if there is a
python file in dia's working directory named the same as one that
dia's python scripts try to import.
http://www.linuxsecurity.com/content/view/147857
* Fedora 9 Update: ntp-4.2.4p6-1.fc9 (Jan 26)
-------------------------------------------
This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and
4.2.5 before 4.2.5p150 does not properly check the return value from
the OpenSSL EVP_VerifyFinal function, which allows remote attackers
to bypass validation of the certificate chain via a malformed SSL/TLS
signature for DSA and ECDSA keys, a similar vulnerability to
CVE-2008-5077.
http://www.linuxsecurity.com/content/view/147844
* Fedora 10 Update: ntp-4.2.4p6-1.fc10 (Jan 26)
---------------------------------------------
This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and
4.2.5 before 4.2.5p150 does not properly check the return value from
the OpenSSL EVP_VerifyFinal function, which allows remote attackers
to bypass validation of the certificate chain via a malformed SSL/TLS
signature for DSA and ECDSA keys, a similar vulnerability to
CVE-2008-5077.
http://www.linuxsecurity.com/content/view/147845
* Fedora 9 Update: tor-0.2.0.33-1.fc9 (Jan 26)
--------------------------------------------
New upstream release 0.2.0.33, with lots of bug fixes and one
security fix:
https://blog.torproject.org/blog/tor-0.2.0.33-stable-released
http://www.linuxsecurity.com/content/view/147846
* Fedora 10 Update: libnasl-2.2.11-3.fc10 (Jan 26)
------------------------------------------------
libnasl: OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://www.linuxsecurity.com/content/view/147847
* Fedora 10 Update: nessus-core-2.2.11-1.fc10 (Jan 26)
----------------------------------------------------
OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://www.linuxsecurity.com/content/view/147848
* Fedora 10 Update: nessus-libraries-2.2.11-1.fc10 (Jan 26)
---------------------------------------------------------
libnasl: OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://www.linuxsecurity.com/content/view/147849
* Fedora 10 Update: tor-0.2.0.33-1.fc10 (Jan 26)
----------------------------------------------
New upstream release 0.2.0.33, with lots of bug fixes and one
security fix:
https://blog.torproject.org/blog/tor-0.2.0.33-stable-released
http://www.linuxsecurity.com/content/view/147850
* Fedora 9 Update: libnasl-2.2.11-3.fc9 (Jan 26)
----------------------------------------------
libnasl: OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://www.linuxsecurity.com/content/view/147851
* Fedora 9 Update: nessus-core-2.2.11-1.fc9 (Jan 26)
--------------------------------------------------
libnasl: OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://www.linuxsecurity.com/content/view/147852
* Fedora 9 Update: nessus-libraries-2.2.11-1.fc9 (Jan 26)
-------------------------------------------------------
libnasl: OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479655
http://www.linuxsecurity.com/content/view/147853
* Fedora 10 Update: drupal-6.9-1.fc10 (Jan 22)
--------------------------------------------
SA-CORE-2009-001 ( http://drupal.org/node/358957 ) Remember to log
in to your site as the admin user before upgrading this package.
After upgrading the package, browse to http://host/drupal/update.php
to run the upgrade script.
http://www.linuxsecurity.com/content/view/147690
* Fedora 9 Update: drupal-6.9-1.fc9 (Jan 22)
------------------------------------------
SA-CORE-2009-001 ( http://drupal.org/node/358957 ) Remember to log
in to your site as the admin user before upgrading this package.
After upgrading the package, browse to http://host/drupal/update.php
to run the upgrade script.
http://www.linuxsecurity.com/content/view/147691
* Fedora 9 Update: amarok-1.4.10-2.fc9 (Jan 22)
---------------------------------------------
This build includes a security fix concerning the parsing of
malformed Audible digital audio files.
http://www.linuxsecurity.com/content/view/147692
* Fedora 10 Update: mumbles-0.4-9.fc10 (Jan 22)
---------------------------------------------
- Fixed path to make mumbles run on x86_64 bug #479158 - Security
fix for Firefox plugin bug #479171
http://www.linuxsecurity.com/content/view/147693
* Fedora 9 Update: moodle-1.9.3-5.fc9 (Jan 22)
--------------------------------------------
Fix for spellcheck security flaw, and some font correction.
http://www.linuxsecurity.com/content/view/147694
* Fedora 10 Update: moodle-1.9.3-5.fc10 (Jan 22)
----------------------------------------------
Fix for spellcheck security flaw, and some font correction.
http://www.linuxsecurity.com/content/view/147695
* Fedora 10 Update: uw-imap-2007e-1.fc10 (Jan 22)
-----------------------------------------------
Update to new upstream version - 2007e. Contains fix for a
security issue - buffer overflow in rfc822_output_char /
rfc822_output_data (CVE-2008-5514).
http://www.linuxsecurity.com/content/view/147696
* Fedora 9 Update: DevIL-1.7.5-2.fc9 (Jan 22)
-------------------------------------------
- Fix missing symbols (rh 480269) - Fix off by one error in
CVE-2008-5262 check (rh 479864)
http://www.linuxsecurity.com/content/view/147697
* Fedora 9 Update: uw-imap-2007e-1.fc9 (Jan 22)
---------------------------------------------
Update to new upstream version - 2007e. Contains fix for a
security issue - buffer overflow in rfc822_output_char /
rfc822_output_data (CVE-2008-5514).
http://www.linuxsecurity.com/content/view/147698
* Fedora 10 Update: DevIL-1.7.5-2.fc10 (Jan 22)
---------------------------------------------
- Fix missing symbols (rh 480269) - Fix off by one error in
CVE-2008-5262 check (rh 479864)
http://www.linuxsecurity.com/content/view/147699
------------------------------------------------------------------------
* Mandriva: [ MDVSA-2009:030 ] amarok (Jan 27)
--------------------------------------------
Data length values in metadata Audible Audio media file (.aa) can
lead to an integer overflow enabling remote attackers use it to
trigger an heap overflow and enabling the possibility to execute
arbitrary code (CVE-2009-0135). Failure on checking heap allocation
on Audible Audio media files (.aa) allows remote attackers either to
cause denial of service or execute arbitrary code via a crafted media
file (CVE-2009-0136). This update provide the fix for these security
issues.
http://www.linuxsecurity.com/content/view/147865
* Mandriva: [ MDVSA-2009:029 ] cups (Jan 24)
------------------------------------------
Security vulnerabilities have been discovered and corrected in CUPS.
CUPS 1.1.17 through 1.3.9 allows remote attackers to execute
arbitrary code via a PNG image with a large height value, which
bypasses a validation check and triggers a buffer overflow
(CVE-2008-5286). CUPS shipped with Mandriva Linux allows local users
to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log
temporary file (CVE-2009-0032). The updated packages have been
patched to prevent this.
http://www.linuxsecurity.com/content/view/147841
* Mandriva: [ MDVSA-2009:028 ] cups (Jan 24)
------------------------------------------
Security vulnerabilities have been discovered and corrected in CUPS.
CUPS before 1.3.8 allows local users, and possibly remote attackers,
to cause a denial of service (daemon crash) by adding a large number
of RSS Subscriptions, which triggers a NULL pointer dereference
(CVE-2008-5183). The web interface (cgi-bin/admin.c) in CUPS before
1.3.8 uses the guest username when a user is not logged on to the web
server, which makes it easier for remote attackers to bypass intended
policy and conduct CSRF attacks via the (1) add and (2) cancel RSS
subscription functions (CVE-2008-5184). CUPS 1.1.17 through 1.3.9
allows remote attackers to execute arbitrary code via a PNG image
with a large height value, which bypasses a validation check and
triggers a buffer overflow (CVE-2008-5286). CUPS shipped with
Mandriva Linux allows local users to overwrite arbitrary files via a
symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032).
The updated packages have been patched to prevent this.
http://www.linuxsecurity.com/content/view/147840
* Mandriva: [ MDVSA-2009:027 ] cups (Jan 24)
------------------------------------------
A vulnerability has been discovered in CUPS shipped with Mandriva
Linux which allows local users to overwrite arbitrary files via a
symlink attack on the /tmp/pdf.log temporary file (CVE-2009-0032).
The updated packages have been patched to prevent this.
http://www.linuxsecurity.com/content/view/147839
* Mandriva: [ MDVSA-2009:026 ] phpMyAdmin (Jan 23)
------------------------------------------------
Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote
attackers to inject arbitrary web script or HTML by using db script
parameter when register_global php parameter is
enabled (CVE-2008-4775). Cross-site request forgery (CSRF)
vulnerability in tbl_structure.php allows remote attackers perform
SQL injection and execute arbitrary code by using table script
parameter (CVE-2008-5621). Multiple cross-site request forgery (CSRF)
vulnerabilities in allows remote attackers perform SQL injection by
using unknown vectors related to table script parameter
(CVE-2008-5622). This update provide the fix for these security
issues.
http://www.linuxsecurity.com/content/view/147710
* Mandriva: [ MDVSA-2009:025 ] pidgin (Jan 22)
--------------------------------------------
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick a
user into accepting an invalid server certificate for a spoofed
service... The updated packages have been patched to fix these
issues.
http://www.linuxsecurity.com/content/view/147700
------------------------------------------------------------------------
* RedHat: Moderate: ntp security update (Jan 29)
----------------------------------------------
Updated ntp packages to correct a security issue are now available
for Red Hat Enterprise Linux 4 and 5. This update has been rated as
having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/147875
* RedHat: Important: kernel security and bug fix update (Jan 22)
--------------------------------------------------------------
Updated kernel packages that fix several security issues and several
bugs are now available for Red Hat Enterprise MRG 1.0. This update
has been rated as having important security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/147689
------------------------------------------------------------------------
* SuSE: Linux kernel (SUSE-SA:2009:008) (Jan 29)
----------------------------------------------
The SUSE Linux Enterprise 10 Service Pack 2 kernel was updated to
version 2.6.16.60-0.34 to fix some security issues and various bugs.
The following security problems have been fixed...
http://www.linuxsecurity.com/content/view/147877
* SuSE: IBM Java 5 (SUSE-SA:2009:007) (Jan 29)
--------------------------------------------
The IBM Java JRE 5 was brought to Service Release 9 fixing quite a
number of security issues and bugs. The update fixes the following
security problems...
http://www.linuxsecurity.com/content/view/147876
* SuSE: OpenSSL certificate verification (Jan 23)
-----------------------------------------------
The OpenSSL certificate checking routines EVP_VerifyFinal can return
negative values and 0 on failure. In some places negative values
were not checked and considered successful verification. Prior to
this update it was possible to bypass the certification chain
checks of openssl. This advisory is for the updates that improve
the verification of return values inside the OpenSSL library
itself.
http://www.linuxsecurity.com/content/view/147709
* SuSE: bind (SUSE-SA:2009:005) (Jan 22)
--------------------------------------
The DNS daemon bind is used to resolve and lookup addresses on the
inter- net. Some month ago a vulnerability in the DNS protocol
and its numbers was published that allowed easy spoofing of DNS
entries. The only way to pro- tect against spoofing is to use
DNSSEC. Unfortunately the bind code that verifys the certification
chain of a DNS- SEC zone transfer does not properly check the
return value of function DSA_do_verify(). This allows the spoofing
of records signed with DSA or NSEC3DSA.
http://www.linuxsecurity.com/content/view/147688
------------------------------------------------------------------------
* Ubuntu: Vim vulnerabilities (Jan 27)
-------------------------------------
Jan Minar discovered that Vim did not properly sanitize inputs before
invoking the execute or system functions inside Vim scripts. If a
user were tricked into running Vim scripts with a specially crafted
input, an attacker could execute arbitrary code with the privileges
of the user invoking the program. (CVE-2008-2712) Ben Schmidt
discovered that Vim did not properly escape characters when
performing keyword or tag lookups. If a user were tricked into
running specially crafted commands, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-4101)
http://www.linuxsecurity.com/content/view/147863
* Ubuntu: KTorrent vulnerabilities (Jan 26)
------------------------------------------
It was discovered that KTorrent did not properly restrict access when
using the web interface plugin. A remote attacker could use a crafted
http request and upload arbitrary torrent files to trigger the start
of downloads and seeding. (CVE-2008-5905) It was discovered that
KTorrent did not properly handle certain parameters when using the
web interface plugin. A remote attacker could use crafted http
requests to execute arbitrary PHP code. (CVE-2008-5906)
http://www.linuxsecurity.com/content/view/147854
* Ubuntu: xine-lib vulnerabilities (Jan 26)
------------------------------------------
It was discovered that xine-lib did not correctly handle certain
malformed Ogg and Windows Media files. If a user or automated system
were tricked into opening a specially crafted Ogg or Windows Media
file, an attacker could cause xine-lib to crash, creating a denial of
service. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04
LTS. (CVE-2008-3231)...
http://www.linuxsecurity.com/content/view/147855
------------------------------------------------------------------------
* Pardus: gst-plugins-good: Denial of Service (Jan 29)
----------------------------------------------------
Tobias Klein has reported some vulnerabilities in GStreamer
Good Plug-ins, which can potentially be exploited by malicious
people to compromise a vulnerable system.
http://www.linuxsecurity.com/content/view/147874
* Pardus: nsf-utils: Security Bypass (Jan 29)
-------------------------------------------
There is a weakness in nfs-utils, which can be exploited by
malicious people to bypass certain security restrictions.
http://www.linuxsecurity.com/content/view/147873
* Pardus: xine-lib: Multiple Overflows (Jan 29)
---------------------------------------------
There are multiple overflows in xine-lib.
http://www.linuxsecurity.com/content/view/147872
* Pardus: Kernel: Multiple Denial of Service (Jan 23)
---------------------------------------------------
There are multiple Denial of Service and buffer overflow
vulnerabilities in Linux kernel.
http://www.linuxsecurity.com/content/view/147706
* Pardus: Libmikmod: Denial of Service (Jan 23)
---------------------------------------------
Some vulnerabilities have been reported in libmikmod, which can
be exploited by malicious people to cause a DoS (Denial of Service).
http://www.linuxsecurity.com/content/view/147705
* Pardus: DevIL: Multiple Buffer Overflows (Jan 23)
-------------------------------------------------
The vulnerabilities are caused due to boundary errors within
the "iGetHdrHeader()" function in src-IL/src/il_hdr.c. These
can be exploited to cause a stack-based buffer overflow
when processing specially crafted Radiance RGBE files.
http://www.linuxsecurity.com/content/view/147704
* Pardus: Libpng: Memory Overwrite (Jan 23)
-----------------------------------------
The png_check_keyword function in pngwutil.c in libpng before
1.0.42, and 1.2.x before 1.2.34, might allow context-dependent
attackers to set the value of an arbitrary memory location to zero
via vectors involving creation of crafted PNG files with keywords,
related to an implicit cast of the '\0' character constant to a NULL
pointer.
http://www.linuxsecurity.com/content/view/147703
* Pardus: Python: Multiple Integer Overflows (Jan 23)
---------------------------------------------------
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,
allow context-dependent attackers to have an unknown impact via
a large integer value in the tabsize argument to the expandtabs
method, as implemented by (1) the string_expandtabs
function in Objects/stringobject.c and (2) the
unicode_expandtabs function in Objects/unicodeobject.c.
http://www.linuxsecurity.com/content/view/147702
* Pardus: Dbus: Security Bypass (Jan 23)
--------------------------------------
The default configuration of system.conf in D-Bus (aka DBus)
before 1.2.6 omits the send_type attribute in certain rules.
http://www.linuxsecurity.com/content/view/147701
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
