Linux Advisory Watch - February 27th 2009
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| February 27th, 2009 Volume 10, Number 9 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for proftpd, python-crypto, mingw,
libpng, optipng, perl-crypt-openssl, trickle, emacs, ktorrent,
valgrind, net-snmp, epiphany, magios, php-smarty, vim, pycrypto, php,
libzip, dia, firefox,kernel, gnumeric, samba, cups, imap, git, libpng,
and flash-player. The distributors include Debian, Fedora, Gentoo,
Mandriva, Red Hat, Slackware, and Pardus.
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond. But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?" The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.
http://www.linuxsecurity.com/content/view/145939
---
A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.
http://www.linuxsecurity.com/content/view/144088
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: New proftpd-dfsg packages fix SQL injection vulnerabilites (Feb 26)
---------------------------------------------------------------------------
Two SQL injection vulnerabilities have been found in proftpd, a
virtual-hosting FTP daemon.
http://www.linuxsecurity.com/content/view/148072
* Debian: New python-crypto packages fix denial of service (Feb 25)
-----------------------------------------------------------------
Mike Wiacek discovered that a buffer overflow in the ARC2
implementation of Python Crypto, a collection of cryptographic
algorithms and protocols for Python allows denial of service and
potentially the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/148067
------------------------------------------------------------------------
* Fedora 10 Update: mingw32-libpng-1.2.35-1.fc10 (Feb 26)
-------------------------------------------------------
Update to libpng 1.2.35, to fix CVE-2009-0040.
http://www.linuxsecurity.com/content/view/148079
* Fedora 10 Update: mldonkey-2.9.7-3.fc10 (Feb 26)
------------------------------------------------
Fix remote arbitrary file disclosure via a GET request with more than
one leading / (slash) character in the filename. Ver. 2.9.7
http://www.linuxsecurity.com/content/view/148077
* Fedora 9 Update: libpng-1.2.35-1.fc9 (Feb 26)
---------------------------------------------
Fixes CVE-2009-0040
http://www.linuxsecurity.com/content/view/148078
* Fedora 9 Update: mldonkey-2.9.7-3.fc9 (Feb 26)
----------------------------------------------
Fix remote arbitrary file disclosure via a GET request with more than
one leading / (slash) character in the filename.
http://www.linuxsecurity.com/content/view/148075
* Fedora 10 Update: libpng-1.2.35-1.fc10 (Feb 26)
-----------------------------------------------
Fixes CVE-2009-0040
http://www.linuxsecurity.com/content/view/148076
* Fedora 9 Update: optipng-0.6.2.1-1.fc9 (Feb 26)
-----------------------------------------------
This update fixes an array overflow vulnerability.
http://www.linuxsecurity.com/content/view/148073
* Fedora 10 Update: optipng-0.6.2.1-1.fc10 (Feb 26)
-------------------------------------------------
This update fixes an array overflow vulnerability.
http://www.linuxsecurity.com/content/view/148074
* Fedora 10 Update: perl-Crypt-OpenSSL-DSA-0.13-12.fc10 (Feb 25)
--------------------------------------------------------------
Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon
error rather than returning a -1 to ensure programmers are not caught
by surprise which only checking for non-zero results.
http://www.linuxsecurity.com/content/view/148065
* Fedora 10 Update: trickle-1.07-7.fc10 (Feb 24)
----------------------------------------------
New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle:
Possibility to load arbitrary code from current working directory
http://www.linuxsecurity.com/content/view/148060
* Fedora 10 Update: gstreamer-plugins-good-0.10.13-1.fc10 (Feb 24)
----------------------------------------------------------------
Update to 0.10.13
http://www.linuxsecurity.com/content/view/148058
* Fedora 9 Update: trickle-1.07-7.fc9 (Feb 24)
--------------------------------------------
New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle:
Possibility to load arbitrary code from current working directory
http://www.linuxsecurity.com/content/view/148057
* Fedora 9 Update: gstreamer-plugins-good-0.10.8-10.fc9 (Feb 24)
--------------------------------------------------------------
Patch for overflows in the QT demuxer (#481267)
http://www.linuxsecurity.com/content/view/148056
* Fedora 9 Update: perl-Crypt-OpenSSL-DSA-0.13-9.fc9 (Feb 19)
-----------------------------------------------------------
Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon
error rather than returning a -1 to ensure programmers are not caught
by surprise which only checking for non-zero results.
http://www.linuxsecurity.com/content/view/148027
------------------------------------------------------------------------
* Gentoo: GNU Emacs, XEmacs Multiple vulnerabilities (Feb 23)
-----------------------------------------------------------
Two vulnerabilities were found in GNU Emacs, possibly leading to
user-assisted execution of arbitrary code. One also affects
edit-utils in XEmacs.
http://www.linuxsecurity.com/content/view/148050
* Gentoo: KTorrent Multiple vulnerabilitites (Feb 23)
---------------------------------------------------
Two vulnerabilities in the web interface plugin in KTorrent allow for
remote execution of code and arbitrary torrent uploads.
http://www.linuxsecurity.com/content/view/148049
------------------------------------------------------------------------
* Mandriva: [ MDVSA-2009:057 ] valgrind (Feb 26)
----------------------------------------------
A vulnerability has been identified and corrected in valgrind:
Untrusted search path vulnerability in valgrind before 3.4.0 allows
local users to execute arbitrary programs via a Trojan horse
.valgrindrc file in the current working directory, as demonstrated
using a malicious --db-command options. NOTE: the severity of this
issue has been disputed, but CVE is including this issue because
execution of a program from an untrusted directory is a common
scenario. (CVE-2008-4865) The updated packages have been patched to
prevent this.
http://www.linuxsecurity.com/content/view/148080
* Mandriva: [ MDVSA-2009:056 ] net-snmp (Feb 25)
----------------------------------------------
A vulnerability has been identified and corrected in net-snmp: The
netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp
5.0.9 through 5.4.2, when using TCP wrappers for client
authorization, does not properly parse hosts.allow rules, which
allows remote attackers to bypass intended access restrictions and
execute SNMP queries, related to source/destination IP address
confusion. (CVE-2008-6123)
http://www.linuxsecurity.com/content/view/148071
* Mandriva: [ MDVSA-2009:048-2 ] epiphany (Feb 25)
------------------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current Epiphany working
directory (CVE-2008-5985).
http://www.linuxsecurity.com/content/view/148068
* Mandriva: [ MDVSA-2009:055 ] audacity (Feb 25)
----------------------------------------------
A vulnerability has been identified and corrected in audacity:
Stack-based buffer overflow in the String_parse::get_nonspace_quoted
function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other
versions before 1.3.6 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a .gro file
containing a long string (CVE-2009-0490). The updated packages have
been patched to prevent this.
http://www.linuxsecurity.com/content/view/148066
* Mandriva: [ MDVA-2009:030 ] wxGTK2.5 (Feb 25)
---------------------------------------------
A required development package was missing when trying to build
audacity updates. New wxGTK2.5 packages has been built to correct
this.
http://www.linuxsecurity.com/content/view/148064
* Mandriva: [ MDVA-2009:029 ] nagios-plugins (Feb 24)
---------------------------------------------------
This update provides the latest bugfixes in the nagios-plugins suite.
http://www.linuxsecurity.com/content/view/148062
* Mandriva: [ MDVSA-2009:054 ] nagios (Feb 24)
--------------------------------------------
A vulnerability has been identified and corrected in nagios:
Cross-site scripting (XSS) vulnerability in Nagios allows remote
attackers to inject arbitrary web script or HTML via unknown vectors,
a different vulnerability than CVE-2007-5624 and CVE-2008-1360
(CVE-2007-5803).
http://www.linuxsecurity.com/content/view/148061
* Mandriva: [ MDVSA-2009:053 ] squirrelmail (Feb 24)
--------------------------------------------------
A vulnerability has been identified and corrected in squirrelmail:
Squirrelmail 1.4.15 does not set the secure flag for the session
cookie in an https session, which can cause the cookie to be sent in
http requests and make it easier for remote attackers to capture this
cookie (CVE-2008-3663).
http://www.linuxsecurity.com/content/view/148059
* Mandriva: [ MDVSA-2009:052 ] php-smarty (Feb 24)
------------------------------------------------
A vulnerability has been identified and corrected in php-smarty: The
_expand_quoted_text function in libs/Smarty_Compiler.class.php in
Smarty 2.6.20 before r2797 allows remote attackers to execute
arbitrary PHP code via vectors related to templates and (1) a
dollar-sign character, aka php executed in templates
http://www.linuxsecurity.com/content/view/148055
* Mandriva: [ MDVSA-2009:047-1 ] vim (Feb 24)
-------------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current Vim working
directory (CVE-2009-0316). This update provides fix for that
vulnerability.
http://www.linuxsecurity.com/content/view/148054
* Mandriva: [ MDVSA-2009:047-1 ] vim (Feb 24)
-------------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current Vim working
directory (CVE-2009-0316). This update provides fix for that
vulnerability.
http://www.linuxsecurity.com/content/view/148053
* Mandriva: [ MDVSA-2009:048-1 ] epiphany (Feb 24)
------------------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current Epiphany working
directory (CVE-2008-5985). This update provides fix for that
vulnerability.
http://www.linuxsecurity.com/content/view/148052
* Mandriva: [ MDVSA-2009:049-1 ] pycrypto (Feb 23)
------------------------------------------------
A vulnerability have been discovered and corrected in PyCrypto ARC2
module 2.0.1, which allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544).
http://www.linuxsecurity.com/content/view/148051
* Mandriva: [ MDVSA-2009:051 ] libpng (Feb 23)
--------------------------------------------
A number of vulnerabilities have been found and corrected in libpng:
Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was
allready fixed in Mandriva Linux 2009.0. Fix the function
png_check_keyword() that allowed setting arbitrary bytes in the
process memory to 0 (CVE-2008-5907). Fix a potential DoS (Denial of
Service) or to potentially compromise an application using the
library (CVE-2009-0040). The updated packages have been patched to
prevent this.
http://www.linuxsecurity.com/content/view/148048
* Mandriva: [ MDVSA-2009:050-1 ] python-pycrypto (Feb 23)
-------------------------------------------------------
A vulnerability have been discovered and corrected in PyCrypto ARC2
module 2.0.1, which allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544)
http://www.linuxsecurity.com/content/view/148047
* Mandriva: [ MDVSA-2009:050 ] python-pycrypto (Feb 20)
-----------------------------------------------------
A vulnerability have been discovered and corrected in PyCrypto ARC2
module 2.0.1, which allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544). The updated packages have been patched to
prevent this.
http://www.linuxsecurity.com/content/view/148042
* Mandriva: [ MDVSA-2009:049 ] pycrypto (Feb 20)
----------------------------------------------
A vulnerability have been discovered and corrected in PyCrypto ARC2
module 2.0.1, which allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a large ARC2 key
length (CVE-2009-0544). The updated packages have been patched to
prevent this.
http://www.linuxsecurity.com/content/view/148041
* Mandriva: [ MDVSA-2009:048 ] epiphany (Feb 20)
----------------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current Epiphany working
directory (CVE-2008-5985). This update provides fix for that
vulnerability.
http://www.linuxsecurity.com/content/view/148040
* Mandriva: MDVSA-2009:047 ] vim (Feb 20)
----------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current Vim working
directory (CVE-2009-0316). This update provides fix for that
vulnerability.
http://www.linuxsecurity.com/content/view/148039
* Mandriva: [ MDVSA-2009:045 ] php (Feb 20)
-----------------------------------------
A number of vulnerabilities have been found and corrected in PHP.
http://www.linuxsecurity.com/content/view/148038
* Mandriva: [ MDVA-2009:028 ] libzip (Feb 20)
-------------------------------------------
Some problems were discovered and corrected with php-zip in CS4: PHP
complains about a missing zip_add_dir symbol that is present in
libzip-0.8+. New packages has been built to correct this problem.
http://www.linuxsecurity.com/content/view/148037
* Mandriva: [ MDVSA-2009:046 ] dia (Feb 20)
-----------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current dia working
directory (CVE-2008-5984). This update provides fix for that
vulnerability.
http://www.linuxsecurity.com/content/view/148036
* Mandriva:[ MDVSA-2009:044 ] firefox (Feb 20)
--------------------------------------------
Security vulnerabilities have been discovered and corrected in the
latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2009-0352,
CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356,
CVE-2009-0357, CVE-2009-0358). This update provides the latest
Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x
has been phased out, version 3.x is also being provided for Mandriva
Linux 2008 Spring.
http://www.linuxsecurity.com/content/view/148034
* Mandriva: [ MDVA-2009:027 ] kernel (Feb 20)
-------------------------------------------
Some problems were discovered and corrected in the Linux 2.6 kernel:
Support was added for Intel 82567LM-3/82567LF-3/82567LM-4 network
adapters, a bug in sunrpc causing oops when restarting nfsd was
fixed, a bug in Walkman devices was workarounded, the sound drivers
got some fixes, and a few more things were fixed. Check the package
changelog for details. To update your kernel, please follow the
directions located at:
http://www.mandriva.com/en/security/kernelupdate
http://www.linuxsecurity.com/content/view/148033
* Mandriva: [ MDVSA-2009:043 ] gnumeric (Feb 19)
----------------------------------------------
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute
arbitrary code via Python scripting in the current Gnumeric working
directory (CVE-2009-0318). This update provides fix for that
vulnerability.
http://www.linuxsecurity.com/content/view/148032
* Mandriva: [ MDVA-2009:026-1 ] samba (Feb 19)
--------------------------------------------
This update fixes two minor issues with samba. Package does not
install from update because of missing dependency (#47979). Fix
dependencies because /usr/include/tdb.h was moved from
libsmbclient0-devel to libtdb-devel and this led to a file conflict
and prevented a smooth upgrade. This update fixes both issues.
http://www.linuxsecurity.com/content/view/148029
* Mandriva: [ MDVA-2009:026-1 ] samba (Feb 19)
--------------------------------------------
This update fixes two minor issues with samba. Package does not
install from update because of missing dependency (#47979). Fix
dependencies because /usr/include/tdb.h was moved from
libsmbclient0-devel to libtdb-devel and this led to a file conflict
and prevented a smooth upgrade. This update fixes both issues.
http://www.linuxsecurity.com/content/view/148028
* Mandriva: [ MDVA-2009:026 ] samba (Feb 19)
------------------------------------------
This update fixes two minor issues with samba. Package does not
install from update because of missing dependency (#47979). Fix
dependencies because /usr/include/tdb.h was moved from
libsmbclient0-devel to libtdb-devel and this led to a file conflict
and prevented a smooth upgrade. This update fixes both issues.
http://www.linuxsecurity.com/content/view/148026
------------------------------------------------------------------------
* RedHat: Critical: flash-plugin security update (Feb 25)
-------------------------------------------------------
An updated Adobe Flash Player package that fixes several security
issues is now available for Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148069
* RedHat: Critical: flash-plugin security update (Feb 25)
-------------------------------------------------------
An updated Adobe Flash Player package that fixes several security
issues is now available for Red Hat Enterprise Linux 3 and 4 Extras.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148070
* RedHat: Important: kernel security update (Feb 24)
--------------------------------------------------
Updated kernel packages that resolve several security issues are now
available for Red Hat Enterprise Linux 5.2 Extended Update Support.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148063
* RedHat: Moderate: imap security update (Feb 19)
-----------------------------------------------
Updated imap packages to fix a security issue are now available for
Red Hat Enterprise Linux 3. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148030
* RedHat: Important: cups security update (Feb 19)
------------------------------------------------
Updated cups packages that fix a security issue are now available for
Red Hat Enterprise Linux 3. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/148031
------------------------------------------------------------------------
* Slackware: git (Feb 20)
-----------------------
New git packages are available for Slackware 12.0, 12.1, 12.2, and
-current to fix security issues. More details about this issue may be
found in the Common Vulnerabilities and Exposures (CVE) database.
http://www.linuxsecurity.com/content/view/148044
* Slackware: libpng (Feb 20)
--------------------------
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security
issue. More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database.
http://www.linuxsecurity.com/content/view/148043
------------------------------------------------------------------------
* SuSE: flash-player (SUSE-SA:2009:011) (Feb 26)
----------------------------------------------
Specially crafted swf files could cause a buffer overflow in
flash-player. Attackers could potentially exploit that to execute
code on the victim's machine (CVE-2009-0519, CVE-2009-0520,
CVE-2009-0521).
http://www.linuxsecurity.com/content/view/148082
* SuSE: Linux kernel (SUSE-SA:2009:010) (Feb 26)
----------------------------------------------
This update fixes several security issues and lots of bugs in the
openSUSE 11.1 kernel.
http://www.linuxsecurity.com/content/view/148081
------------------------------------------------------------------------
* Pardus: Libpng: Denial of Service (Feb 23)
------------------------------------------
A vulnerability has been reported in libpng, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to
potentially compromise an application using the library.
http://www.linuxsecurity.com/content/view/148046
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
