+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| December 7th, 2001 Volume 2, Number 49a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for postfix, openssh, wuftpd, apache,
fml, icecast-server, xtel, ssh, and xmtv. The vendors include Conectiva,
Debian, FreeBSD, Mandrake, Red Hat, and SuSE.
* Rainbow and Guardian Digital Team Up on Linux Security Acceleration
Rainbow Technologies, the leading solutions provider of digital
content and transaction security, and Guardian Digital, the open
source security company, announced a strategic and technology
partnership aimed at securing Linux-based transactions. This
integrated solution consists of Rainbow's CryptoSwift eCommerce
accelerator and Guardian Digital's EnGarde Secure Linux software
suite.
Press Release: http://www.guardiandigital.com/press5.html
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
+---------------------------------+
| postfix | ----------------------------//
+---------------------------------+
Wietse Venema, the author of postfix, reported a vulnerability in the SMTP
server where a remote attacker could execute a Denial of Service attack on
it. The SMTP session log could grow to an unreasonable size and could
possibly exhause the server's memory if no other limits were enforced.
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Linux 8.1:
8.1/RPMS/postfix-20010228-15.1mdk.i586.rpm
e5a8b7703cb3340522bc232a03a64716
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1724.html
+---------------------------------+
| openssh | ----------------------------//
+---------------------------------+
Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and
7.2. These updates fix a bug in handling of restricted keys which may
allow users to bypass command restrictions by using subsystems and a
subtle bug which might aid a passive analysis attack.
PLEASE SEE VENDOR ADVISORY
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1725.html
Updated:
http://www.linuxsecurity.com/advisories/redhat_advisory-1731.html
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/
openssh-2.9.9p2-38.i386.rpm
6ba603f1115b0125abf0b62f28ba6666
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1728.html
Update:
http://www.linuxsecurity.com/advisories/suse_advisory-1738.html
FreeBSD:
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/
SA-01:63/security-patch-sshd- 01.63.tgz
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1729.html
+---------------------------------+
| wu-ftpd | ----------------------------//
+---------------------------------+
The wu-ftpd developers now released[1] an official fix for that problem,
but with two additional corrections: format string fixes: some new format
string bugs have been patched; additional checks: null-pointer checks have
been added to some parts of the code.
Conectiva:
ftp://atualizacoes.conectiva.com.br/7.0/
RPMS/wu-ftpd-2.6.1-6U70_2cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1726.html
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/
updates/main/binary-i386/wu-ftpd_2.6.0-6_i386.deb
MD5 checksum: c3fc484e08210d7a1363c93c9d29d6eb
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1727.html
FreeBSD:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/
packages-5-current/ftp/wu-ftpd-2.6.1_7.tgz
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1730.html
+---------------------------------+
| apache | ----------------------------//
+---------------------------------+
Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1,
and 7.2. These packages upgrade the Apache Web server to version 1.3.22,
which closes a potential security bug which would present clients with a
listing of the contents of a directory instead of the contents of an index
file, or in case of an error, the error message.
PLEASE SEE VENDOR ADVISORY
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1732.html
+---------------------------------+
| fml | ----------------------------//
+---------------------------------+
When generating index pages for list archives the `<' and `>' characters
were not properly escaped for subjects.
Debian:
http://security.debian.org/dists/stable/
updates/main/binary-all/fml_3.0+beta.20000106-5_all.deb
MD5 checksum: 022401cdfa939b628a10b6d8109a6c72
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1733.html
+---------------------------------+
| icecast-server | ----------------------------//
+---------------------------------+
The icecast-server (a streaming music server) package as distributed in
Debian GNU/Linux 2.2 has several security problems: if a client added a /
after the filename of a file to be downloaded the server would crash, by
escaping dots as %2E it was possible to circumvent security measures and
download arbitrary files, there were several buffer overflows that could
be exploited to gain root access
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/
updates/main/binary-i386/icecast-server_1.3.10-1_i386.deb
MD5 checksum: eb3869696168f5fad229166490061d4b
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1734.html
+---------------------------------+
| xtel | ----------------------------//
+---------------------------------+
The xtel (a X emulator for minitel) package as distributed with Debian
GNU/Linux 2.2 has two possible symlink attacks: xteld creates a temporary
file /tmp/.xtel- without checking for symlinks, when printing a hardcope
xtel would create a temporary file without protecting itself against
symlink attacks.
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/
main/binary-i386/xtel_3.2.1-4.potato.1_i386.deb
MD5 checksum: 325874239da03f93d0ff9039336d1231
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1735.html
+---------------------------------+
| ssh | ----------------------------//
+---------------------------------+
If the UseLogin feature is enabled in for ssh local users could pass
environment variables (including variables like LD_PRELOAD) to the login
process. This has been fixed by not copying the environment of UseLogin is
enabled.
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/
updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.4_i386.deb
MD5 checksum: 174cc64dbb0996cd09d58f2691817dbf
http://security.debian.org/dists/stable/updates/
main/binary-i386/ssh_1.2.3-9.4_i386.deb
MD5 checksum: 1426d1c8d424b8af6e94a1eec87075aa
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1736.html
+---------------------------------+
| wmtv | ----------------------------//
+---------------------------------+
wmtv can optionally run a command if you double-click on the tv window.
This command can be specified using the -e command-line option. However
since wmtv is installed suid root this command was also run as root, which
gives local users a very simple way to get root access.
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/
main/binary-i386/wmtv_0.6.5-2potato1_i386.deb
MD5 checksum: fd3ce69d983ae4b316114628c7c5fc74
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1737.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
