+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 12th, 2002 Volume 3, Number 15a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for logwatch, ucdsnmp, IMP/HORDE, tcpdump, mail, and rshd. The vendors include OpenBSD, Red Hat, and SuSE. --> Performance and Stability meet Security EnGarde has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end. EnGarde Secure Professional provides those features and more! http://store.guardiandigital.com/html/eng/promo1.shtml Linux Security Quick-Start Guide - This document, written by Hal Burgiss, is an introductory level document that provides the information necessary for inexperienced Linux users to secure their machine. http://www.linuxsecurity.com/docs/LDP/Security-Quickstart-HOWTO/index.html +---------------------------------+ | logwatch | ----------------------------// +---------------------------------+ Updated LogWatch packages are available that fix tmp file race conditions which can cause a local user to gain root privileges. Red Hat: noarch: ftp://updates.redhat.com/7.2/en/os/ noarch/logwatch-2.6-1.noarch.rpm ac8ea7498a2d6b14bb325a511cf8ba6b Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2011.html Red Hat Powertools Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2012.html +---------------------------------+ | ucdsnmp | ----------------------------// +---------------------------------+ Several bugs could be triggered in the ucd-snmpd code by using this testing suite. These bugs lead to remote denial-of-service attacks and may possibly exploited to break system security remotely. PLEASE SEE VENDOR ADVISORY SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2013.html +---------------------------------+ | IMP/HORDE | ----------------------------// +---------------------------------+ The Horde team announces the availability of IMP 2.2.8, which prevents some potential cross-site scripting (CSS) attacks. Site administrators should consider upgrading to IMP 3 (our first recommendation), but if this is not possible, IMP 2.2.8 should be used to prevent these potential attacks. ftp://ftp.horde.org/pub/imp/ horde-1.2.8.tar.gz 96ae6dcf03cab2637c14c13d556049e0 imp-2.2.8.tar.gz 9f0e442f61ce542b945016bee2736d2f patch-horde-1.2.7-1.2.8.gz daa3f4f3821036d7ef47205dc2c7922c patch-imp-2.2.7-2.2.8.gz f3ee21b6b5e40516d46cef955f29e034 Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2014.html +---------------------------------+ | tcpdump | ----------------------------// +---------------------------------+ Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat Linux 6.2 and 7.x. These updates close vulnerabilities present in versions of tcpdump up to 3.5.1 and various other bugs. Red Hat 7.2 i386: ftp://updates.redhat.com/7.2/en/os/i386/ tcpdump-3.6.2-10.7x.i386.rpm 064982643eaa2f6a19a318e0c50f2b84 ftp://updates.redhat.com/7.2/en/os/i386/ libpcap-0.6.2-10.7x.i386.rpm a00187999381db2a22dadc1a1f1ebca9 ftp://updates.redhat.com/7.2/en/os/i386/ arpwatch-2.1a11-10.7x.i386.rpm b456a14d95d7fdf36f00ef0f41ebc1f4 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2015.html +---------------------------------+ | mail (OpenBSD) | ----------------------------// +---------------------------------+ OpenBSD 3.0 and 2.9 contain a potential localhost root compromise, found by Milos Urbanek. Earlier versions of OpenBSD are not affected. The mail(1) program will process tilde escapes even when it is not in interactive mode. Since mail(1) is called by the default cron(8) jobs, this can lead to a localhost root compromise. Patch for OpenBSD 3.0: ftp://ftp.openbsd.org/pub/OpenBSD/ patches/3.0/common/018_mail.patch Patch for OpenBSD 2.9: ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch OpenBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/openbsd_advisory-2017.html +---------------------------------+ | rshd (OpenBSD) | ----------------------------// +---------------------------------+ Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the rshd(8) and rexecd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, atrun(8) may change to the wrong home directory when running at(1) jobs. This only affects OpenBSD 3.0. Prior versions of OpenBSD are not affected. The following patch has been in the 3.0-stable branch for some time: OpenBSD ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch OpenBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/openbsd_advisory-2016.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------