+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 29st, 2002 Volume 3, Number 13a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for zlib, php, mtr, squid, analog, and
imlib. The vendors include Conectiva, Debian, FreeBSD, and Red Hat. If
you have not had a chance to download the LinuxSecurity quick reference
card, it is available at the following URL:
http://www.linuxsecurity.com/docs/QuickRefCard.pdf
FEATURE: Dsniff 'n the Mirror - This is a practical step by step guide
showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep,
and others. It also provides a discussion of how and why we should monitor
network traffic.
http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html
Performance and Stability meet Security - EnGarde has everything necessary
to create thousands of virtual Web sites, manage e-mail, DNS, firewalling
database functions for an entire organization, and supports high-speed
broadband connections all using a Web-based front-end. EnGarde Secure
Professional provides those features and more!
--> http://store.guardiandigital.com/html/eng/promo.shtml
+---------------------------------+
| zlibs | ----------------------------//
+---------------------------------+
It is also possible that an attacker could manage a more significant
exploit, since the result of a double free is the corruption of the
malloc() implementation's data structures. This could include running
arbitrary code on local or remote systems.
Red Hat Update:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1989.html
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1994.html
+---------------------------------+
| php | ----------------------------//
+---------------------------------+
PHP is an HTML-embeddable scripting language. A number of flaws have been
found in the way PHP handles multipart/form-data POST requests. Each of
these flaws could allow an attacker to execute arbitrary code on the
remote system.
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1990.html
+---------------------------------+
| mtr | ----------------------------//
+---------------------------------+
The authors of mtr released a new upstream version, noting a
non-exploitable buffer overflow in their ChangeLog. Przemyslaw Frasunek,
however, found an easy way to exploit this bug, which allows an attacker
to gain access to the raw socket, which makes IP spoofing and other
malicious network activity possible.
Debian Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/
binary-i386/mtr_0.41-6_i386.deb
MD5 checksum: 4ba7815729e243669e8d825f5b8373a2
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1991.html
+---------------------------------+
| squid | ----------------------------//
+---------------------------------+
A security issue has recently been found and fixed in the Squid-2.X
releases up to and including 2.4.STABLE4. Error and boundary conditions
were not checked when handling compressed DNS answer messages in the
internal DNS code (lib/rfc1035.c). A malicous DNS server could craft a
DNS reply that causes Squid to exit with a SIGSEGV.
Squid:
http://www.squid-cache.org/Versions/v2/2.4/
Squid Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1992.html
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1995.html
+---------------------------------+
| analog | ----------------------------//
+---------------------------------+
It is easy for an attacker to insert arbitrary strings into any web server
logfile. If these strings are then analysed by analog, they can appear in
the report. By this means an attacker can introduce arbitrary Javascript
code, for example, into an analog report produced by someone else and read
by a third person. Analog already attempted to encode unsafe characters to
avoid this type of attack, but the conversion was incomplete.
Debian Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/
binary-i386/analog_5.22-0potato1_i386.deb
MD5 checksum: 6ffd39c59948d83d2a7fd890be846360
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1996.html
+---------------------------------+
| imlib | ----------------------------//
+---------------------------------+
Alan Cox discovered some situations where a heap corruption[1] may occur
when processing some malformed image. Al Viro found that imlib was falling
back to the NetPBM library[2] when processing some kind of images, but
NetPBM is not suitable to process untrusted image input. An attacker could
use a crafted image to exploit a program linked to imlib (like a mailer
program or an image viewer) and cause a DoS or even remote code execution.
Conectiva:
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
imlib-1.9.13-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
imlib-cfgeditor-1.9.13-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
imlib-devel-1.9.13-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS
/imlib-devel-static-1.9.13-1U70_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1997.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
