+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | August 24th, 2002 Volume 3, Number 34a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for krb5, fam, konqueror, libpng, phpmail, mantis, bugzilla, Red Hat kernel, kdelibs, and unixware. The vendors include Caldera, Debian, and Red Hat. * Developing with open standards? * Demanding High Performance? Catch the Oracle9i JDeveloper wave now and check out how built-in profilers and CodeCoach make your Java code tighter and faster than ever before. --> Download your FREE copy of Oracle9i JDeveloper Today. --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle4 FEATURE: PHP Secure Installation As we know that the vulnerabilities in PHP are increasing day by day there comes the need to secure the PHP installation to the highest level. Due to its popularity and its wide usage most of the developers and the administrators will be in trouble if they don't take appropriate steps on security issues during the installation. http://www.linuxsecurity.com/feature_stories/feature_story-117.html Find technical and managerial positions available worldwide. Visit the LinuxSecurity.com Career Center: http://careers.linuxsecurity.com +---------------------------------+ | Package: krb5 | ----------------------------// | Date: 08-14-2002 | +---------------------------------+ Description: Sun RPC is a remote procedure call framework which allows clients to invoke procedures in a server process over a network. XDR is a mechanism for encoding data structures for use with RPC. The Kerberos 5 network authentication system contains an RPC library which includes an XDR decoder derived from Sun's RPC implementation. The Sun implementation was recently demonstrated to be vulnerable to a heap overflow. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to currently exist. Vendor Alerts: Red Hat: i386: ftp://updates.redhat.com/7.3/en/os/i386/ krb5-devel-1.2.4-2.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/ krb5-libs-1.2.4-2.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/ krb5-server-1.2.4-2.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/ krb5-workstation-1.2.4-2.i386.rpm Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2293.html +---------------------------------+ | Package: fam | ----------------------------// | Date: 08-15-2002 | +---------------------------------+ Description: A flaw was discovered in FAM's group handling. In the effect users are unable to FAM directories they have group read and execute permissions on. However, also unprivileged users can potentially learn names of files that only users in root's group should be able to view. Vendor Alerts: Debian: Intel IA-32 architecture: http://security.debian.org/pool/updates/ main/f/fam/fam_2.6.6.1-5.2_i386.deb Size/MD5 checksum: 59410 ad9b2cb638c5a8c6516ca7762543c418 http://security.debian.org/pool/updates/ main/f/fam/libfam-dev_2.6.6.1-5.2_i386.deb Size/MD5 checksum: 29398 e38857597943d466c5e897dc780a4755 http://security.debian.org/pool/updates/ main/f/fam/libfam0_2.6.6.1-5.2_i386.deb Size/MD5 checksum: 32352 caa455f94ae2762987ae7787fc5dde46 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2293.html +---------------------------------+ | Package: konqueror | ----------------------------// | Date: 08-18-2002 | +---------------------------------+ Description: Users of Konqueror and other SSL enabled KDE software may fall victim to a malicious man-in-the-middle attack without noticing. In such case the user will be under the impression that there is a secure connection with a trusted site while in fact a different site has been connected to. Vendor Alerts: KDE: PLEASE SEE VENDOR ADVISORY FOR UPDATE KDE Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2295.html +---------------------------------+ | Package: libpng | ----------------------------// | Date: 08-14-2002 | +---------------------------------+ Description: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. Vendor Alerts: Red Hat Linux 7.3: i386: ftp://updates.redhat.com/7.3/en/os/i386/ libpng-1.0.14-0.7x.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/ libpng-devel-1.0.14-0.7x.3.i386.rpm Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2296.html +---------------------------------+ | Package: phpmail | ----------------------------// | Date: 08-15-2002 | +---------------------------------+ Description: PHP is an HTML-embedded scripting language commonly used with Apache. PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th parameter to the mail() function. This vulnerability allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. Vendor Alerts: Red Hat Linux 7.3: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2298.html +---------------------------------+ | Package: mantis | ----------------------------// | Date: 08-20-2002 | +---------------------------------+ Description: Jeroen Latour pointed out that we missed one uninitialized variable in DSA 153-1, which was insecurely used with file inclusions in the Mantis package, a php based bug tracking system. When such occasions are exploited, a remote user is able to execute arbitrary code under the webserver user id on the web server hosting the mantis system. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/m/mantis/ mantis_0.17.1- 2.2_all.deb Size/MD5 checksum: 249206 3891cfe394de49d7e57a4b4ed8f7db6f Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2300.html +---------------------------------+ | Package: bugzilla | ----------------------------// | Date: 08-20-2002 | +---------------------------------+ Description: Bugzilla creates new directories with world-writable permissions and creates the params file with world-writable permissions, which allows local users to modify the files and execute code. Vendor Alerts: Red Hat: noarch: ftp://updates.redhat.com/7.1/en/powertools/ noarch/bugzilla-2.14.3-1.noarch.rpm PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2301.html +---------------------------------+ | Package: kernel | ----------------------------// | Date: 08-20-2002 | +---------------------------------+ Description: Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits. Vendor Alerts: Red Hat: i386: ftp://updates.redhat.com/7.3/en/os/i386/ kernel-2.4.18-10.i386.rpm b2bacd0954832353ecddb507f087b338 ftp://updates.redhat.com/7.3/en/os/i386/ kernel-source-2.4.18-10.i386.rpm 51bc76e8c016e00aa26d798a85f53759 ftp://updates.redhat.com/7.3/en/os/i386/ kernel-doc-2.4.18-10.i386.rpm 91a1978068ee80c53a7500d4486b66e4 ftp://updates.redhat.com/7.3/en/os/i386/ kernel-BOOT-2.4.18-10.i386.rpm d105a7cc4d3e21bc9c5ace02f0b0152e Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2301.html +---------------------------------+ | Package: kdelibs | ----------------------------// | Date: 08-17-2002 | +---------------------------------+ Description: Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse Konqueror users. Vendor Alerts: Debian: Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kdelibs/ kdelibs3_2.2.2-13.woody.2_i386.deb Size/MD5 checksum: 6617430 93a871489d1a1f32383b0c0514545a1a http://security.debian.org/pool/updates/main/k/kdelibs/ kdelibs3-bin_2.2.2-13.woody.2_i386.deb Size/MD5 checksum: 104714 b289a9eb6b4533ae251c774e608fad7a http://security.debian.org/pool/updates/main/k/kdelibs/ libarts_2.2.2-13.woody.2_i386.deb Size/MD5 checksum: 622918 dd63dcfcf246d68dd7290203ec728bb9 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2303.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------