+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| November 23rd, 2001 Volume 2, Number 47a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for imp, gnupg, procmail, tetex, lpd,
and susehelp. The vendors include Conectiva, Mandrake, NetBSD, and Red
Hat. Also this week, Guardian Digital released its online store. It
provides access to a suite of secure server products including EnGarde
Secure Professional and EnGarde Workgroup Suite, pre-configured server
appliances, and the ability for customers to manage their account
information. It can be found at:
http://store.guardiandigital.com
# Guardian Digital Delivers Enterprise Internet Server Solution #
Guardian Digital, Inc., the open source security company, has released the
enterprise edition of its highly successfuly EnGarde Secure Linux server
operating system. EnGarde Secure Professional is a comprehensive software
solution that provides all the tools necessary to build a complete online
presence.
http://www.guardiandigital.com/press2.html
** FREE Apache SSL Guide from Thawte **
Planning Web Server Security? Find out how to implement SSL! Get
the free Thawte Apache SSL Guide and find the answers to all your
Apache SSL security issues and more at:
http://www.gothawte.com/rd92.html
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
+---------------------------------+
| imp | ----------------------------//
+---------------------------------+
It is possible to include a script in an URL via html tags. Since these
tags are not treated appropriately in previous versions of Imp, such
scripts can be executed by an unsuspecting user if clicked on when viewing
an email. By emailing such a crafted URL to an user and having this user
click on it, the attacker is able to retrieve the authentication cookies
used in the webmail session, thus gaining access to the user's webmail
account.
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
horde-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
horde-mysql-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS
/horde-pgsql-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS
/horde-shm-1.2.7-1U70_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
imp-2.2.7-1U70_1cl.noarch.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1697.html
+---------------------------------+
| gnupg | ----------------------------//
+---------------------------------+
A format string vulnerability exists in gnupg 1.0.5 and previous versions
which is fixed in 1.0.6. This vulnerability can be used to invoke shell
commands with privileges of the currently logged-in user.
Mandrake Linux 8.1:
8.1/RPMS/gnupg-1.0.6-3.1mdk.i586.rpm
94ce027aa75451a1b465e8f573e5b1e0
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1699.html
+---------------------------------+
| procmail | ----------------------------//
+---------------------------------+
In older versions of procmail, it is possible to crash procmail by sending
it certain signals. If procmail is installed setuid, this could be
exploited to gain unauthorized privilege. This problem is fixed in
unstable version 3.20 and stable version 3.15.2.
Mandrake Linux 8.1:
8.1/RPMS/procmail-3.22-1.1mdk.i586.rpm
fec9a3bc584959dcdbafb4e73fca9336
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1698.html
+---------------------------------+
| teTeX | ----------------------------//
+---------------------------------+
A problem was discovered in the temporary file handling capabilities of
some teTeX filters by zen-parse. These filters are used as print filters
automatically when printing .dvi files using lpr. This can lead to
elevated privileges. This update relies on the updated mktemp packages
for 7.x in MDKA-2001:021, which gives mktemp the ability to create
temporary directories. 8.x users already have a mktemp that works in this
fashion.
PLEASE SEE VENDOR ADVISORY
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1700.html
+---------------------------------+
| lpd | ----------------------------//
+---------------------------------+
NetBSD 1.3 and later install with lpd disabled by default. A system is
vulnerable to this security hole only if it is running /usr/sbin/lpd, and
access to lpd is allowed by entries in /etc/hosts.lpd. Updating the
binary for safety is recommended.
NetBSD 1.4, 1.4.x
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/
SA2001-018-lpd.patch
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-1701.html
+---------------------------------+
| susehelp | ----------------------------//
+---------------------------------+
The susehelp package contains several CGI-scripts to provide a flexible
help-system to the user. Some of these scripts open files in an insecure
manner, thus allowing remote attackers to execute arbitrary commands as
wwwrun-user on the server running susehelp package. These bugs have been
fixed in the newly available packages. Please update your susehelp package
immediately if present on your system.
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/doc1/
susehelp-2001.09.06-110.noarch.rpm
8b441a44bda65f5e162d326d1e6ed1df
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1702.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
