Linux Advisory Watch - July 19th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  July  19th, 2002                         Volume 3, Number 29a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were relased for tcpdump, ktrace, bind, squid,
modssl, openssh, and libpng.  The vendors include Caldera, Conectiva,
FreeBSD, Mandrake, Red Hat, and Trustix.

 NEW HTML VERSION OF NEWSLETTER AVAILABLE:
 http://www.linuxsecurity.com/vuln-newsletter.html


- Guardian Digital Combats Proprietary Software Licensing Deadline -

Guardian Digital, Inc., the first full-service open source Internet server
security company, has announced a special incentive program designed to
provide companies with an alternative to Windows-based servers and
applications as the July 31st deadline for Microsoft's new licensing
program approaches.

 Press Release:
 http://www.guardiandigital.com/company/press/
 EnGarde-Licensing-Promotion.pdf

 Save Now:
 http://store.guardiandigital.com/html/eng/493-AA.shtml
 

Threat Becomes Vulnerability Becomes Exploit - The recent situation
regarding the Apache Chunk Encoding Vulnerability has caused plenty of
controversy in the security industry. It initially began with the
community dislike of the release of information.

http://www.linuxsecurity.com/feature_stories/feature_story-113.html 
 
+---------------------------------+
|  Package: tcpdump               | ----------------------------//
|  Date: 07-12-2002               |
+---------------------------------+

Description: 

It is not currently known whether this buffer overflow is exploitable. If
it were, an attacker could inject specially crafted packets into the
network which, when processed by tcpdump, could lead to arbitrary code
execution with the privileges of the user running tcpdump (typically
`root').

Vendor Alerts: 
  FreeBSD Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/freebsd_advisory-2195.html 


  
+---------------------------------+
|  Package: ktrace                | ----------------------------//
|  Date: 07-12-2002               |
+---------------------------------+

Description:
In theory, local users on systems where ktrace is enabled through the
KTRACE kernel option might obtain sensitive information, such as password
files or authentication keys. No specific utility is currently known to be
vulnerable to this particular problem.

Vendor Alerts: 
  FreeBSD Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/freebsd_advisory-2196.html 


  
+---------------------------------+
|  Package: bind                  | ----------------------------//
|  Date: 07-15-2002               |
+---------------------------------+

Description: 
"A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Operating systems and applications that utilize
vulnerable DNS resolver libraries may be affected. A remote attacker who
is able to send malicious DNS responses could potentially exploit this
vulnerability to execute arbitrary code or cause a denial of service on a
vulnerable system."

Vendor Alerts: 
  Trustix: 
  http://www.trustix.net/pub/Trustix/updates/ 

  ./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm  
  d00de9cc58d179d1aea5a2a76f1f3369 

  ./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm  
  646eabafe4c77ed3b60ebb1d2e3e0292  

  ./1.5/RPMS/bind-8.2.6-1tr.i586.rpm 
  25ab9b38033cdff4b4236340dd9dbb8e  

  Trustix Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2197.html 
 

  Mandrake 7.2: 
  http://www.mandrakesecure.net/en/ftp.php  

  7.2/RPMS/bind-8.3.3-1.1mdk.i586.rpm 
  85334842b02275f9ebea86821a9f4300  
  7.2/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm 
  47e4c8afba3147f8035d8579d98764a1  

  7.2/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm  
  9f0803a609e9a734182850f966085ba3  

  Mandrake Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/mandrake_advisory-2200.html


  
+---------------------------------+
|  Package: squid                 | ----------------------------//
|  Date: 07-15-2002               |
+---------------------------------+

Description: 
Numerous security problems were fixed in squid-2.4.STABLE7.  This releases
has several bugfixes to the Gopher client to correct some security issues.  
Security fixes to how squid parses FTP directory listings into HTML have
been implemented.  A security fix to how squid forwards proxy
authentication credentials has been applied, as well as the MSNT auth
helper has been updated to fix buffer overflows in the helper. Finally,
FTP data channels are now sanity checked to match the address of the
requested FTP server, which prevents injection of data or theft.

Vendor Alerts: 
  Mandrake Linux 8.2: 
  http://www.mandrakesecure.net/en/ftp.php  

  8.2/RPMS/squid-2.4.STABLE7-1.1mdk.i586.rpm 
  56c4827d13017f984833825912ebe937  

  Mandrake Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/mandrake_advisory-2204.html

  Trustix: 
  http://www.trustix.net/pub/Trustix/updates/ 
  ./1.5/RPMS/squid-2.4.STABLE7-1tr.i586.rpm 
  a0c9828ccb33c5a41b39a21174eaa02b  

  Trustix Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2198.html
 

  
  
+---------------------------------+
|  Package: modssl                | ----------------------------//
|  Date: 07-16-2002               |
+---------------------------------+

Description: 
The mod_ssl module provides strong cryptography for the Apache Web server
via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols.  Versions of mod_ssl prior to 2.8.10 are subject to a single
NULL overflow that can cause arbitrary code execution.

In order to exploit this vulnerability, the Apache Web server has to be
configured to allow overriding of configuration settings on a
per-directory basis, and untrusted local users must be able to modify a
directory in which the server is configured to allow overriding.  The
local attacker maythen become the user that Apache is running as (usually
'www' or 'nobody').
 
Vendor Alerts: 
  Red Hat Linux 7.3: i386:  
  ftp://updates.redhat.com/7.3/en/os/i386/
  mod_ssl-2.8.7-6.i386.rpm 
  8c9e4f55866bd16df07bc945766bc680 

  Red Hat Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/redhat_advisory-2201.html

  Caldera: 
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Caldera Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/caldera_advisory-2202.html 


  
+---------------------------------+
|  Package: openssh               | ----------------------------//
|  Date: 07-15-2002               |
+---------------------------------+

Description: 
An remote attacker using an SSH client modified to send carefully crafted
SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain superuser
privileges on the server.

Vendor Alerts: 
  FreeBSD Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/freebsd_advisory-2199.html 


  
+---------------------------------+
|  Package: libpng                | ----------------------------//
|  Date: 07-17-2002               |
+---------------------------------+

Description: 
The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer overflow
vulnerability[1] in some functions related to progressive image loading.
Programs such as mozilla and various others use these functions. An
attacker could exploit this to remotely run arbitrary code or crash an
application by using a specially crafted png image.


Vendor Alerts: 
  Conectiva: 
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
  libpng-1.0.14-1U8_1cl.i386.rpm 

  ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
  libpng3-1.2.4-1U8_1cl.i386.rpm 

  ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
  libpng-devel-1.2.4-1U8_1cl.i386.rpm 

  ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
  libpng-devel-static-1.2.4-1U8_1cl.i386.rpm 

  ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
  libpng-doc-1.2.4-1U8_1cl.i386.rpm 

  Conectiva Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2203.html
 

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux