Linux Advisory Watch - June 26th 2009
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| June 26th, 2009 Volume 10, Number 26 |
| |
| Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
| Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for mahara, amule, xulrunner, vlc,
apr-util, kernel, rt3, git, openssl, pcsc-lite, libpng, moin, libpng,
gain, libtorrent, kde4, tomcat, java, ruby, logcheck, rpm, kdegraphics,
thunderbird, icu, gstreamer, cyrus, seamonkey, and php. The
distributors include Debian, Fedora, Mandriva, Red Hat, Slackware,
Ubuntu, and Pardus.
---
>> Linux+DVD Magazine <<
In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
Review: Googling Security: How Much Does Google Know About You
--------------------------------------------------------------
If I ask "How much do you know about Google?" You may not take even a
second to respond. But if I may ask "How much does Google know about
you"? You may instantly reply "Wait... what!? Do they!?" The book
"Googling Security: How Much Does Google Know About You" by Greg Conti
(Computer Science Professor at West Point) is the first book to reveal
how Google's vast information stockpiles could be used against you or
your business and what you can do to protect yourself.
http://www.linuxsecurity.com/content/view/145939
---
A Secure Nagios Server
----------------------
Nagios is a monitoring software designed to let you know about problems
on your hosts and networks quickly. You can configure it to be used on
any network. Setting up a Nagios server on any Linux distribution is a
very quick process however to make it a secure setup it takes some
work. This article will not show you how to install Nagios since there
are tons of them out there but it will show you in detail ways to
improve your Nagios security.
http://www.linuxsecurity.com/content/view/144088
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
------------------------------------------------------------------------
* EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.22 (Version 3.0, Release 22). This release includes
many updated packages and bug fixes and some feature enhancements to
the EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/145668
------------------------------------------------------------------------
* Debian: New mahara packages fix cross-site scripting (Jun 23)
-------------------------------------------------------------
http://www.linuxsecurity.com/content/view/149203
* Debian: New amule packages fix insufficient input sanitising (Jun 22)
---------------------------------------------------------------------
http://www.linuxsecurity.com/content/view/149197
* Debian: New xulrunner packages fix several vulnerabilities (Jun 18)
-------------------------------------------------------------------
http://www.linuxsecurity.com/content/view/149177
* Debian: New vlc packages fix several vulnerabilities (Jun 18)
-------------------------------------------------------------
http://www.linuxsecurity.com/content/view/149176
------------------------------------------------------------------------
* Fedora 10 Update: apr-util-1.3.7-1.fc10 (Jun 24)
------------------------------------------------
Update to upstream version 1.3.7, see:
http://svn.apache.org/repos/asf/apr /apr-util/tags/1.3.7/CHANGES
Security fixes: - CVE-2009-0023 Fix underflow in
apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service
attack against the apr_xml_* interface using the "billion laughs"
entity expansion technique. - CVE-2009-1956 Fix off by one overflow
in apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on
big-endian architectures.
http://www.linuxsecurity.com/content/view/149223
* Fedora 11 Update: apr-util-1.3.7-1.fc11 (Jun 24)
------------------------------------------------
Update to upstream version 1.3.7, see:
http://svn.apache.org/repos/asf/apr /apr-util/tags/1.3.7/CHANGES
Security fixes: - CVE-2009-0023 Fix underflow in
apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service
attack against the apr_xml_* interface using the "billion laughs"
entity expansion technique. - CVE-2009-1956 Fix off by one overflow
in apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on
big-endian architectures.
http://www.linuxsecurity.com/content/view/149222
* Fedora 9 Update: kernel-2.6.27.25-78.2.56.fc9 (Jun 24)
------------------------------------------------------
Update to linux kernel 2.6.27.25:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25
http://www.linuxsecurity.com/content/view/149221
* Fedora 11 Update: rt3-3.8.2-8.fc11 (Jun 24)
-------------------------------------------
http://www.linuxsecurity.com/content/view/149219
* Fedora 9 Update: apr-util-1.2.12-7.fc9 (Jun 24)
-----------------------------------------------
Backport security fixes from upstream version 1.3.7: - CVE-2009-0023
Fix underflow in apr_strmatch_precompile. - CVE-2009-1955 Fix a
denial of service attack against the apr_xml_* interface using the
"billion laughs" entity expansion technique. - CVE-2009-1956 Fix off
by one overflow in apr_brigade_vprintf. Note: CVE-2009-1956 is
only an issue on big-endian architectures.
http://www.linuxsecurity.com/content/view/149220
* Fedora 10 Update: rt3-3.8.2-8.fc10 (Jun 24)
-------------------------------------------
http://www.linuxsecurity.com/content/view/149218
* Fedora 10 Update: git-1.6.0.6-4.fc10 (Jun 24)
---------------------------------------------
This update fixes a Denial of Service vulnerability in git-daemon.
It also fixes minor issues when using git-cvsimport and the
formatting of the git-daemon xinetd service description.
http://www.linuxsecurity.com/content/view/149217
* Fedora 11 Update: kernel-2.6.29.5-191.fc11 (Jun 24)
---------------------------------------------------
Update to kernel 2.6.29.5:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.5
Includes DRM modesetting bug fixes. Adds driver for VIA SD/MMC
controllers and full support for the Nano processor in 64-bit mode.
http://www.linuxsecurity.com/content/view/149216
* Fedora 11 Update: git-1.6.2.5-1.fc11 (Jun 24)
---------------------------------------------
This update fixes a Denial of Service vulnerability in git-daemon.
http://www.linuxsecurity.com/content/view/149215
* Fedora 9 Update: git-1.6.0.6-4.fc9 (Jun 24)
-------------------------------------------
This update fixes a Denial of Service vulnerability in git-daemon.
It also fixes minor issues when using git-cvsimport and the
formatting of the git-daemon xinetd service description.
http://www.linuxsecurity.com/content/view/149213
* Fedora 10 Update: kernel-2.6.27.25-170.2.72.fc10 (Jun 24)
---------------------------------------------------------
Update to linux kernel 2.6.27.25:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25
http://www.linuxsecurity.com/content/view/149214
* Fedora 11 Update: openssl-0.9.8k-5.fc11 (Jun 19)
------------------------------------------------
Security update fixing DoS bugs in DTLS code. CVE-2009-1377
CVE-2009-1378 CVE-2009-1379
http://www.linuxsecurity.com/content/view/149186
* Fedora 9 Update: openssl-0.9.8g-9.14.fc9 (Jun 19)
-------------------------------------------------
Security update fixing DoS bugs in DTLS code. CVE-2009-1377
CVE-2009-1378 CVE-2009-1379
http://www.linuxsecurity.com/content/view/149185
* Fedora 10 Update: openssl-0.9.8g-14.fc10 (Jun 19)
-------------------------------------------------
Security update fixing DoS bugs in DTLS code. CVE-2009-1377
CVE-2009-1378 CVE-2009-1379
http://www.linuxsecurity.com/content/view/149184
* Fedora 11 Update: pcsc-lite-1.5.2-2.fc11 (Jun 19)
-------------------------------------------------
Correct directory with world writeable permissions but no sticky bit
set.
http://www.linuxsecurity.com/content/view/149183
* Fedora 9 Update: libpng-1.2.37-1.fc9 (Jun 18)
---------------------------------------------
Update to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty
low-risk issue, but it's been classified as a security issue...
http://www.linuxsecurity.com/content/view/149172
* Fedora 11 Update: moin-1.8.4-1.fc11 (Jun 18)
--------------------------------------------
This package updates Moin to 1.8.4,
http://moinmo.in/MoinMoinRelease1.8 has a list of changes. This
package includes a security fix for a hierarchical ACL vulnerability
(hierarchical is not the default ACL mode),
http://moinmo.in/SecurityFixes has the details of the fix.
http://www.linuxsecurity.com/content/view/149171
* Fedora 9 Update: moin-1.6.4-2.fc9 (Jun 18)
------------------------------------------
This update includes a security fix for a hierarchical ACL
vulnerability (hierarchical is not the default ACL mode),
http://moinmo.in/SecurityFixes has the details of the fix.
http://www.linuxsecurity.com/content/view/149170
* Fedora 10 Update: moin-1.6.4-2.fc10 (Jun 18)
--------------------------------------------
This update includes a security fix for a hierarchical ACL
vulnerability (hierarchical is not the default ACL mode),
http://moinmo.in/SecurityFixes has the details of the fix.
http://www.linuxsecurity.com/content/view/149169
* Fedora 10 Update: libpng-1.2.37-1.fc10 (Jun 18)
-----------------------------------------------
Update to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty
low-risk issue, but it's been classified as a security issue...
http://www.linuxsecurity.com/content/view/149168
* Fedora 10 Update: giflib-4.1.6-2.fc10 (Jun 18)
----------------------------------------------
- Update to 4.1.6 containing several upstream fixes etc. - Solved
multilib problems with documentation (#465208, #474538) - Removed
static library from giflib-devel package (#225796 #c1)
http://www.linuxsecurity.com/content/view/149167
* Fedora 11 Update: libpng-1.2.37-1.fc11 (Jun 18)
-----------------------------------------------
Update to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty
low-risk issue, but it's been classified as a security issue...
http://www.linuxsecurity.com/content/view/149166
------------------------------------------------------------------------
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:140 ] gaim (Jun 25)
-----------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
gaim: Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
before 2.5.6 allows remote authenticated users to execute arbitrary
code via vectors involving an outbound XMPP file transfer. NOTE:
some of these details are obtained from third party information
(CVE-2009-1373). Multiple integer overflows in the
msn_slplink_process_msg functions in the MSN protocol handler in (1)
libpurple/protocols/msn/slplink.c and (2)
libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit
platforms allow remote attackers to execute arbitrary code via a
malformed SLP message with a crafted offset value, leading to buffer
overflows. NOTE: this issue exists because of an incomplete fix for
CVE-2008-2927 (CVE-2009-1376). The updated packages have been patched
to prevent this.
http://www.linuxsecurity.com/content/view/149234
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:140 ] gaim (Jun 25)
-----------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
gaim: Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
before 2.5.6 allows remote authenticated users to execute arbitrary
code via vectors involving an outbound XMPP file transfer. NOTE:
some of these details are obtained from third party information
(CVE-2009-1373). Multiple integer overflows in the
msn_slplink_process_msg functions in the MSN protocol handler in (1)
libpurple/protocols/msn/slplink.c and (2)
libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit
platforms allow remote attackers to execute arbitrary code via a
malformed SLP message with a crafted offset value, leading to buffer
overflows. NOTE: this issue exists because of an incomplete fix for
CVE-2008-2927 (CVE-2009-1376). The updated packages have been patched
to prevent this.
http://www.linuxsecurity.com/content/view/149235
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:140 ] gaim (Jun 25)
-----------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
gaim: Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
before 2.5.6 allows remote authenticated users to execute arbitrary
code via vectors involving an outbound XMPP file transfer. NOTE:
some of these details are obtained from third party information
(CVE-2009-1373). Multiple integer overflows in the
msn_slplink_process_msg functions in the MSN protocol handler in (1)
libpurple/protocols/msn/slplink.c and (2)
libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit
platforms allow remote attackers to execute arbitrary code via a
malformed SLP message with a crafted offset value, leading to buffer
overflows. NOTE: this issue exists because of an incomplete fix for
CVE-2008-2927 (CVE-2009-1376). The updated packages have been patched
to prevent this.
http://www.linuxsecurity.com/content/view/149233
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:139 ] libtorrent-rasterbar (Jun 24)
---------------------------------------------------------------------------------------
A security vulnerability has been identified and corrected in
libtorrent-rasterbar: Directory traversal vulnerability in
src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used
in firetorrent, qBittorrent, deluge Torrent, and other applications,
allows remote attackers to create or overwrite arbitrary files via a
.. (dot dot) and partial relative pathname in a Multiple File Mode
list element in a .torrent file (CVE-2009-1760). The updated packages
have been patched to prevent this.
http://www.linuxsecurity.com/content/view/149210
* Mandriva: Subject: [Security Announce] [ MDVA-2009:118 ] kde4 (Jun 23)
----------------------------------------------------------------------
Mandriva Linux 2009 was released with KDE4 version 4.1. This update
upgrades KDE4 in Mandriva Linux 2009 to version 4.2, which brings
many bugfixes and overall improvements.
http://www.linuxsecurity.com/content/view/149202
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:138 ] tomcat5 (Jun 22)
--------------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27,
6.0.0 through 6.0.18, and possibly earlier versions normalizes the
target pathname before filtering the query string when using the
RequestDispatcher method, which allows remote attackers to bypass
intended access restrictions and conduct directory traversal attacks
via .. (dot dot) sequences and the WEB-INF directory in a Request
(CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through
5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and
mod_jk load balancing are used, allows remote attackers to cause a
denial of service (application outage) via a crafted request with
invalid headers, related to temporary blocking of connectors that
have encountered errors, as demonstrated by an error involving a
malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0
through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when
FORM authentication is used, allows remote attackers to enumerate
valid usernames via requests to /j_security_check with malformed URL
encoding of passwords, related to improper error checking in the (1)
MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication
realms, as demonstrated by a % (percent) value for the j_password
parameter (CVE-2009-0580). The calendar application in the examples
web application contains an XSS flaw due to invalid HTML which
renders the XSS filtering protection ineffective (CVE-2009-0781).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18 permits web applications to replace an XML parser used
for other web applications, which allows local users to read or
modify the (1) web.xml, (2) context.xml, or (3) tld files of
arbitrary web applications via a crafted application that is loaded
earlier than the target application (CVE-2009-0783). The updated
packages have been patched to prevent this. Additionally Apache
Tomcat has been upgraded to the latest 5.5.27 version for 2009.0.
http://www.linuxsecurity.com/content/view/149201
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:138 ] tomcat5 (Jun 22)
--------------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27,
6.0.0 through 6.0.18, and possibly earlier versions normalizes the
target pathname before filtering the query string when using the
RequestDispatcher method, which allows remote attackers to bypass
intended access restrictions and conduct directory traversal attacks
via .. (dot dot) sequences and the WEB-INF directory in a Request
(CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through
5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and
mod_jk load balancing are used, allows remote attackers to cause a
denial of service (application outage) via a crafted request with
invalid headers, related to temporary blocking of connectors that
have encountered errors, as demonstrated by an error involving a
malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0
through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when
FORM authentication is used, allows remote attackers to enumerate
valid usernames via requests to /j_security_check with malformed URL
encoding of passwords, related to improper error checking in the (1)
MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication
realms, as demonstrated by a % (percent) value for the j_password
parameter (CVE-2009-0580). The calendar application in the examples
web application contains an XSS flaw due to invalid HTML which
renders the XSS filtering protection ineffective (CVE-2009-0781).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18 permits web applications to replace an XML parser used
for other web applications, which allows local users to read or
modify the (1) web.xml, (2) context.xml, or (3) tld files of
arbitrary web applications via a crafted application that is loaded
earlier than the target application (CVE-2009-0783). The updated
packages have been patched to prevent this. Additionally Apache
Tomcat has been upgraded to the latest 5.5.27 version for 2009.0.
http://www.linuxsecurity.com/content/view/149200
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:138 ] tomcat5 (Jun 22)
--------------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27,
6.0.0 through 6.0.18, and possibly earlier versions normalizes the
target pathname before filtering the query string when using the
RequestDispatcher method, which allows remote attackers to bypass
intended access restrictions and conduct directory traversal attacks
via .. (dot dot) sequences and the WEB-INF directory in a Request
(CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through
5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and
mod_jk load balancing are used, allows remote attackers to cause a
denial of service (application outage) via a crafted request with
invalid headers, related to temporary blocking of connectors that
have encountered errors, as demonstrated by an error involving a
malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0
through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when
FORM authentication is used, allows remote attackers to enumerate
valid usernames via requests to /j_security_check with malformed URL
encoding of passwords, related to improper error checking in the (1)
MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication
realms, as demonstrated by a % (percent) value for the j_password
parameter (CVE-2009-0580). The calendar application in the examples
web application contains an XSS flaw due to invalid HTML which
renders the XSS filtering protection ineffective (CVE-2009-0781).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18 permits web applications to replace an XML parser used
for other web applications, which allows local users to read or
modify the (1) web.xml, (2) context.xml, or (3) tld files of
arbitrary web applications via a crafted application that is loaded
earlier than the target application (CVE-2009-0783). The updated
packages have been patched to prevent this. Additionally Apache
Tomcat has been upgraded to the latest 5.5.27 version for 2009.0.
http://www.linuxsecurity.com/content/view/149199
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:136 ] tomcat5 (Jun 22)
--------------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27,
6.0.0 through 6.0.18, and possibly earlier versions normalizes the
target pathname before filtering the query string when using the
RequestDispatcher method, which allows remote attackers to bypass
intended access restrictions and conduct directory traversal attacks
via .. (dot dot) sequences and the WEB-INF directory in a Request
(CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through
5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and
mod_jk load balancing are used, allows remote attackers to cause a
denial of service (application outage) via a crafted request with
invalid headers, related to temporary blocking of connectors that
have encountered errors, as demonstrated by an error involving a
malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0
through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when
FORM authentication is used, allows remote attackers to enumerate
valid usernames via requests to /j_security_check with malformed URL
encoding of passwords, related to improper error checking in the (1)
MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication
realms, as demonstrated by a % (percent) value for the j_password
parameter (CVE-2009-0580). The calendar application in the examples
web application contains an XSS flaw due to invalid HTML which
renders the XSS filtering protection ineffective (CVE-2009-0781).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18 permits web applications to replace an XML parser used
for other web applications, which allows local users to read or
modify the (1) web.xml, (2) context.xml, or (3) tld files of
arbitrary web applications via a crafted application that is loaded
earlier than the target application (CVE-2009-0783). The updated
packages have been patched to prevent this. Additionally Apache
Tomcat has been upgraded to the latest 5.5.27 version for 2009.0.
http://www.linuxsecurity.com/content/view/149198
* Mandriva: Subject: [Security Announce] [ MDVSA-2009:137 ] java-1.6.0-openjdk (Jun 19)
-------------------------------------------------------------------------------------
Multiple security vulnerabilities has been identified and fixed in
Little cms library embedded in OpenJDK: A memory leak flaw allows
remote attackers to cause a denial of service (memory consumption and
application crash) via a crafted image file (CVE-2009-0581). Multiple
integer overflows allow remote attackers to execute arbitrary code
via a crafted image file that triggers a heap-based buffer overflow
(CVE-2009-0723). Multiple stack-based buffer overflows allow remote
attackers to execute arbitrary code via a crafted image file
associated with a large integer value for the (1) input or (2) output
channel (CVE-2009-0733). A flaw in the transformations of monochrome
profiles allows remote attackers to cause denial of service triggered
by a NULL pointer dereference via a crafted image file
(CVE-2009-0793). Further security fixes in the JRE and in the Java
API of OpenJDK: A flaw in handling temporary font files by the Java
Virtual Machine (JVM) allows remote attackers to cause denial of
service (CVE-2006-2426). An integer overflow flaw was found in
Pulse-Java when handling Pulse audio source data lines. An attacker
could use this flaw to cause an applet to crash, leading to a denial
of service (CVE-2009-0794). A flaw in Java Runtime Environment
initialized LDAP connections allows authenticated remote users to
cause denial of service on the LDAP service (CVE-2009-1093). A flaw
in the Java Runtime Environment LDAP client in handling server LDAP
responses allows remote attackers to execute arbitrary code on the
client side via malicious server response (CVE-2009-1094). Buffer
overflows in the the Java Runtime Environment unpack200 utility allow
remote attackers to execute arbitrary code via an crafted applet
(CVE-2009-1095, CVE-2009-1096). A buffer overflow in the splash
screen processing allows a attackers to execute arbitrary code
(CVE-2009-1097). A buffer overflow in GIF images handling allows
remote attackers to execute arbitrary code via an crafted GIF image
(CVE-2009-1098). A flaw in the Java API for XML Web Services (JAX-WS)
service endpoint handling allows remote attackers to cause a denial
of service on the service endpoint's server side (CVE-2009-1101). A
flaw in the Java Runtime Environment Virtual Machine code generation
allows remote attackers to execute arbitrary code via a crafted
applet (CVE-2009-1102). This update provides fixes for these issues.
Update:
java-1.6.0-openjdk requires rhino packages and these has been further
updated.
http://www.linuxsecurity.com/content/view/149188
* Mandriva: Subject: [Security Announce] [ MDVA-2009:117 ] ruby-RubyGems (Jun 18)
-------------------------------------------------------------------------------
On x86_64, rubygems assumes that the gem installation path is in
/usr/lib64/ruby. This is problematic because all of the Mandriva
ruby-* packages install their rb files under /usr/lib/ruby regardless
of the machine architecture; rubygems consequently cannot find any of
the installed gems. This update fixes this issue.
http://www.linuxsecurity.com/content/view/149179
* Mandriva: Subject: [Security Announce] [ MDVA-2009:116 ] glibc (Jun 18)
-----------------------------------------------------------------------
New glibc release to fix some issues found in glibc 2.8 present in
Mandriva 2009.0: - ulimit(UL_SETFSIZE) does not return the integer
part of the new file size limit divided by 512
(http://linuxtesting.org/results/report?num=S0167, Mandriva bug
#51685) - When including pthread.h and using pthread_cleanup_pop or
pthread_cleanup_pop_restore_np macros, a compiler warning is issued
or build error happens if -Werror is used
(http://sourceware.org/bugzilla/show_bug.cgi?id=7056, Mandriva bug
#49142)
http://www.linuxsecurity.com/content/view/149178
* Mandriva: Subject: [Security Announce] [ MDVA-2009:115 ] webkit (Jun 18)
------------------------------------------------------------------------
Webkit shipped in 2009.1 has a bug that closes The Gimp help-browser
plugin, this update fixes this issue.
http://www.linuxsecurity.com/content/view/149175
* Mandriva: Subject: [Security Announce] [ MDVA-2009:114 ] logcheck (Jun 18)
--------------------------------------------------------------------------
The logcheck package shipped in mandriva 2009.1 had two issues,
preventing it to run properly: - its configuration directory
(/etc/logcheck) is not readable with the identity used for running
logcheck - it uses run-parts utility with unsupported --list option
http://www.linuxsecurity.com/content/view/149174
* Mandriva: Subject: [Security Announce] [ MDVA-2009:113 ] rpm (Jun 18)
---------------------------------------------------------------------
This update fixes a minor issue with rpm: - mdvsys mass-update can
segfault when parsing the %apply_patches macros through librpm (bug
#50579)
http://www.linuxsecurity.com/content/view/149173
------------------------------------------------------------------------
* RedHat: Critical: kdelibs security update (Jun 25)
--------------------------------------------------
Updated kdelibs packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having critical security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/149236
* RedHat: Important: kdelibs security update (Jun 25)
---------------------------------------------------
Updated kdelibs packages that fix one security issue are now
available for Red Hat Enterprise Linux 3. This update has been rated
as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/149237
* RedHat: Critical: kdegraphics security update (Jun 25)
------------------------------------------------------
Updated kdegraphics packages that fix two security issues are now
available for Red Hat Enterprise Linux 5. This update has been rated
as having critical security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/149238
* RedHat: Moderate: net-snmp security update (Jun 25)
---------------------------------------------------
Updated net-snmp packages that fix a security issue are now available
for Red Hat Enterprise Linux 3. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/149230
* RedHat: Moderate: thunderbird security update (Jun 25)
------------------------------------------------------
An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 4. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/149231
* RedHat: Moderate: thunderbird security update (Jun 25)
------------------------------------------------------
An updated thunderbird package that fixes several security issues is
now available for Red Hat Enterprise Linux 5. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/149232
* RedHat: Moderate: icu security update (Jun 25)
----------------------------------------------
Updated icu packages that fix a security issue are now available for
Red Hat Enterprise Linux 5. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/149228
* RedHat: Moderate: gstreamer-plugins-good security update (Jun 25)
-----------------------------------------------------------------
Updated gstreamer-plugins-good packages that fix multiple security
issues are now available for Red Hat Enterprise Linux 5. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/149229
* RedHat: Important: cyrus-imapd security update (Jun 18)
-------------------------------------------------------
Updated cyrus-imapd packages that fix a security issue are now
available for Red Hat Enterprise Linux 4 and 5. This update has been
rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/149181
------------------------------------------------------------------------
* Slackware: seamonkey (Jun 25)
-------------------------------
New seamonkey packages are available for Slackware 11.0, 12.0, 12.1,
12.2, and -current to fix security issues. More details about the
issues may be found on the Mozilla web site:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm
l
http://www.linuxsecurity.com/content/view/149225
* Slackware: libpng (Jun 19)
----------------------------
New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security
issue. Jeff Phillips discovered an uninitialized-memory-read bug
affecting interlaced images that may have security implications.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
http://www.linuxsecurity.com/content/view/149191
* Slackware: ruby (Jun 19)
--------------------------
New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2,
and -current to fix a security issue. More details about this issue
may be found in the Common Vulnerabilities and Exposures (CVE)
database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904
http://www.linuxsecurity.com/content/view/149190
------------------------------------------------------------------------
* Ubuntu: Moodle vulnerabilities (Jun 24)
----------------------------------------
Thor Larholm discovered that PHPMailer, as used by Moodle, did not
correctly escape email addresses. A local attacker with direct
access to the Moodle database could exploit this to execute arbitrary
commands as the web server user. (CVE-2007-3215) Nigel McNie
discovered that fetching https URLs did not correctly escape shell
meta-characters. An authenticated remote attacker could execute
arbitrary commands as the web server user, if curl was installed and
configured. (CVE-2008-4796, MSA-09-0003) It was discovered that
Smarty (also included in Moodle), did not correctly filter certain
inputs. An authenticated remote attacker could exploit this to
execute arbitrary PHP commands as the web server user.
(CVE-2008-4810, CVE-2008-4811, CVE-2009-1669) It was discovered that
the unused SpellChecker extension in Moodle did not correctly handle
temporary files. If the tool had been locally modified, it could be
made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)
Mike Churchward discovered that Moodle did not correctly filter Wiki
page titles in certain areas. An authenticated remote attacker could
exploit this to cause cross-site scripting (XSS), which could be used
to modify or steal confidential data of other users within the same
web domain. (CVE-2008-5432, MSA-08-0022) It was discovered that the
HTML sanitizer, "Login as" feature, and logging in Moodle did not
correctly handle certain inputs. An authenticated remote attacker
could exploit this to generate XSS, which could be used to modify or
steal confidential data of other users within the same web domain.
(CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026,
MSA-09-0004, MSA-09-0007) It was discovered that the HotPot module in
Moodle did not correctly filter SQL inputs. An authenticated remote
attacker could execute arbitrary SQL commands as the moodle database
user, leading to a loss of privacy or denial of service.
(CVE-2008-6124, MSA-08-0010) Kevin Madura discovered that the forum
actions and messaging settings in Moodle were not protected from
cross-site request forgery (CSRF). If an authenticated user were
tricked into visiting a malicious website while logged into Moodle, a
remote attacker could change the user's configurations or forum
content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023) Daniel Cabezas
discovered that Moodle would leak usernames from the Calendar Export
tool. A remote attacker could gather a list of users, leading to a
loss of privacy. (CVE-2009-0501, MSA-09-0006) Christian Eibl
discovered that the TeX filter in Moodle allowed any function to be
used. An authenticated remote attacker could post a specially
crafted TeX formula to execute arbitrary TeX functions, potentially
reading any file accessible to the web server user, leading to a loss
of privacy. (CVE-2009-1171, MSA-09-0009) Johannes Kuhn discovered
that Moodle did not correctly validate user permissions when
attempting to switch user accounts. An authenticated remote attacker
could switch to any other Moodle user, leading to a loss of privacy.
(MSA-08-0003) Hanno Boeck discovered that unconfigured Moodle
instances contained XSS vulnerabilities. An unauthenticated remote
attacker could exploit this to modify or steal confidential data of
other users within the same web domain. (MSA-08-0004) Debbie
McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra
Montesinos discovered that when users were deleted from Moodle, their
profiles and avatars were still visible. An authenticated remote
attacker could exploit this to store information in profiles even
after they were removed, leading to spam traffic. (MSA-08-0015,
MSA-09-0001, MSA-09-0002) Lars Vogdt discovered that Moodle did not
correctly filter certain inputs. An authenticated remote attacker
could exploit this to generate XSS from which they could modify or
steal confidential data of other users within the same web domain.
(MSA-08-0021) It was discovered that Moodle did not correctly filter
inputs for group creation, mnet, essay question, HOST param, wiki
param, and others. An authenticated remote attacker could exploit
this to generate XSS from which they could modify or steal
confidential data of other users within the same web domain.
(MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806) It was
discovered that Moodle did not correctly filter SQL inputs when
performing a restore. An attacker authenticated as a Moodle
administrator could execute arbitrary SQL commands as the moodle
database user, leading to a loss of privacy or denial of service.
(MDL-11857)
http://www.linuxsecurity.com/content/view/149224
* Ubuntu: GStreamer Good Plugins vulnerability (Jun 22)
------------------------------------------------------
Tielei Wang discovered that GStreamer Good Plugins did not correctly
handle malformed PNG image files. If a user were tricked into opening
a crafted PNG image file with a GStreamer application, an attacker
could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.
http://www.linuxsecurity.com/content/view/149193
------------------------------------------------------------------------
* Pardus: Php: Denial of Service (Jun 25)
---------------------------------------
exploited by malicious people to cause a DoS (Denial of Service).
http://www.linuxsecurity.com/content/view/149227
* Pardus: Compress::Raw::Zlib: Denial of (Jun 25)
-----------------------------------------------
Perl, which can be exploited by malicious people to cause a DoS
(Denial of Service) or to potentially compromise an application
using the module.
http://www.linuxsecurity.com/content/view/149226
* Pardus: Firefox: Multiple Vulnerabilities (Jun 24)
--------------------------------------------------
exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or to compromise a vulnerable
system.
http://www.linuxsecurity.com/content/view/149209
* Pardus: Git: Denial of Service (Jun 24)
---------------------------------------
malicious people to cause a DoS (Denial of Service).
http://www.linuxsecurity.com/content/view/149207
* Pardus: Ruby: Denial of Service (Jun 24)
----------------------------------------
malicious people to cause a DoS (Denial of Service).
http://www.linuxsecurity.com/content/view/149208
* Pardus: Imagemagick: Multiple (Jun 24)
--------------------------------------
exploited by malicious people to potentially compromise a user's
system.
http://www.linuxsecurity.com/content/view/149205
* Pardus: Gst-plugins-good: Multiple Integer (Jun 24)
---------------------------------------------------
can be exploited by malicious people to potentially compromise
an application using the library.
http://www.linuxsecurity.com/content/view/149206
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
