+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | December 21st, 2001 Volume 2, Number 51a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for mailman, htdig, xsane, OpenSSH, kerberos, libgtop, glibc, and the Trustix kernel. The vendors include EnGarde, Debian, Immunix, FreeBSD, Mandrake, Red Hat, and Trustix. 8wire.com Review: EnGarde Secure Linux 1.0.1 - EnGarde Secure Linux is a Linux distribution that allows anyone - including those with no Linux experience - to easily set up their own secure Web and email servers. We tested this software on a bare-bones PC and found it very simple to set up and use. It's a great value for those looking for a fully functional Internet server that can run on old or inexpensive hardware. http://www.8wire.com/articles/?aid=2350 Why be vulnerable? Its your choice. - Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! Be Secure with EnGarde Secure Professional: http://store.guardiandigital.com/html/eng/493-AA.shtml Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. +---------------------------------+ | mailman | ----------------------------// +---------------------------------+ Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to on-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been backported to version 1.1-10 in Debian. Debian Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/ binary-i386/mailman_1.1-10_i386.deb MD5 checksum: 27c9d400360a99b39954f563f5d0ed43 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1751.html +---------------------------------+ | htdig | ----------------------------// +---------------------------------+ A remote attacker may use htsearch as a kind of denial-of-service attack by causing it to read a never-ending special file such as `/dev/null'. FreeBSD [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ textproc/htdig-3.1.5_1.tgz FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1753.html +---------------------------------+ | xsane | ----------------------------// +---------------------------------+ A local user may be able to cause xsane (run by another user) to overwrite any file for which the latter user has sufficient privilege. While it is advisable to run XSane with a non-privileged user account, many users run it using the root account, increasing the risk. FreeBSD [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ graphics/xsane-0.82.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ graphics/xsane-0.82.tgz FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1754.html +---------------------------------+ | OpenSSH | ----------------------------// +---------------------------------+ A malicious local user can pass environment variables to the login process if the administrator enables the UseLogin option. This can be abused to bypass authentication and gain root access. Note that this option is not enabled by default on TSL. Mandrake: PLAESE SEE ADVISORY FOR UPDATE Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1749.html Trustix: PLEASE SEE ADVISORY FOR UPDATE Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1761.html +---------------------------------+ | kerberos | ----------------------------// +---------------------------------+ A buffer overflow exists in the telnet portion of Kerberos that could provide root access to local users. MDKSA-2001:068 provided a similar fix to the normal telnet packages, but the Kerberized equivalent was not updated previously. Mandrake: PLEASE SEE VENDOR ADVISORY Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1755.html +---------------------------------+ | libgtop | ----------------------------// +---------------------------------+ A remote format string vulnerability was found in the libgtop daemon by Laboratory intexxia. By sending a specially crafted format string to the server, a remote attacker could potentially execute arbitrary code on the remote system with the daemon's permissions. Mandrake Linux 8.0: 8.0/RPMS/libgtop1-1.0.12-4.1mdk.i586.rpm 2a063541aa9f9a100dd4c65b732224fd 8.0/RPMS/libgtop1-devel-1.0.12-4.1mdk.i586.rpm fb4cfb4b72e16121a6dab24e093b1de3 http://www.linux-mandrake.com/en/ftp.php3 Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1763.html +---------------------------------+ | glibc | ----------------------------// +---------------------------------+ While researching the recent globbing bugs in wu-ftpd, Flavio Veloso discovered (with the assistance of Jakub Jelinek ) a buffer overflow in glibc's glob(3) implementation. This vulnerability can only be triggered by programs that use glibc's globbing functions. EnGarde: http://ftp.engardelinux.org/pub/engarde/stable/updates/ i386/glibc-2.1.3-1.0.4.i386.rpm MD5 Sum: 6a59be712e55c3da6e027ba44599ab9e i686/glibc-2.1.3-1.0.4.i386.rpm MD5 Sum: 6a59be712e55c3da6e027ba44599ab9e EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1752.html Immunix: PLEASE SEE VENDOR ADVISORY Immunix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1757.html Trustix: PLEASE SEE VENDOR ADVISORY Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1760.html Red Hat: PLEASE SEE VENDOR ADVISORY Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1750.html +---------------------------------+ | Trustix kernel | ----------------------------// +---------------------------------+ The 2.2.20 release of the Linux kernel fixes a number of bugs. In addition there are some driver updates and SMP fixes in this package. PLEASE SEE ADVISORY FOR UPDATE Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1762.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------