+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 24th, 2002 Volume 3, Number 34a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for krb5, fam, konqueror, libpng,
phpmail, mantis, bugzilla, Red Hat kernel, kdelibs, and unixware. The
vendors include Caldera, Debian, and Red Hat.
* Developing with open standards?
* Demanding High Performance?
Catch the Oracle9i JDeveloper wave now and check out how built-in
profilers and CodeCoach make your Java code tighter and faster than ever
before.
--> Download your FREE copy of Oracle9i JDeveloper Today.
--> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=oracle4
FEATURE: PHP Secure Installation
As we know that the vulnerabilities in PHP are increasing day by day there
comes the need to secure the PHP installation to the highest level. Due to
its popularity and its wide usage most of the developers and the
administrators will be in trouble if they don't take appropriate steps on
security issues during the installation.
http://www.linuxsecurity.com/feature_stories/feature_story-117.html
Find technical and managerial positions available worldwide. Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
+---------------------------------+
| Package: krb5 | ----------------------------//
| Date: 08-14-2002 |
+---------------------------------+
Description:
Sun RPC is a remote procedure call framework which allows clients to
invoke procedures in a server process over a network. XDR is a mechanism
for encoding data structures for use with RPC. The Kerberos 5 network
authentication system contains an RPC library which includes an XDR
decoder derived from Sun's RPC implementation. The Sun implementation was
recently demonstrated to be vulnerable to a heap overflow. It is believed
that the attacker needs to be able to authenticate to the kadmin daemon
for this attack to be successful. No exploits are known to currently
exist.
Vendor Alerts:
Red Hat:
i386:
ftp://updates.redhat.com/7.3/en/os/i386/
krb5-devel-1.2.4-2.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
krb5-libs-1.2.4-2.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
krb5-server-1.2.4-2.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
krb5-workstation-1.2.4-2.i386.rpm
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2293.html
+---------------------------------+
| Package: fam | ----------------------------//
| Date: 08-15-2002 |
+---------------------------------+
Description:
A flaw was discovered in FAM's group handling. In the effect users are
unable to FAM directories they have group read and execute permissions on.
However, also unprivileged users can potentially learn names of files that
only users in root's group should be able to view.
Vendor Alerts:
Debian: Intel IA-32 architecture:
http://security.debian.org/pool/updates/
main/f/fam/fam_2.6.6.1-5.2_i386.deb
Size/MD5 checksum: 59410 ad9b2cb638c5a8c6516ca7762543c418
http://security.debian.org/pool/updates/
main/f/fam/libfam-dev_2.6.6.1-5.2_i386.deb
Size/MD5 checksum: 29398 e38857597943d466c5e897dc780a4755
http://security.debian.org/pool/updates/
main/f/fam/libfam0_2.6.6.1-5.2_i386.deb
Size/MD5 checksum: 32352 caa455f94ae2762987ae7787fc5dde46
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2293.html
+---------------------------------+
| Package: konqueror | ----------------------------//
| Date: 08-18-2002 |
+---------------------------------+
Description:
Users of Konqueror and other SSL enabled KDE software may fall victim
to a malicious man-in-the-middle attack without noticing. In such
case the user will be under the impression that there is a secure
connection with a trusted site while in fact a different site has
been connected to.
Vendor Alerts:
KDE:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
KDE Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2295.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 08-14-2002 |
+---------------------------------+
Description:
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format.
Vendor Alerts:
Red Hat Linux 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
libpng-1.0.14-0.7x.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
libpng-devel-1.0.14-0.7x.3.i386.rpm
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2296.html
+---------------------------------+
| Package: phpmail | ----------------------------//
| Date: 08-15-2002 |
+---------------------------------+
Description:
PHP is an HTML-embedded scripting language commonly used with Apache.
PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows
local users and possibly remote attackers to execute arbitrary
commands via shell metacharacters.
Vendor Alerts:
Red Hat Linux 7.3:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2298.html
+---------------------------------+
| Package: mantis | ----------------------------//
| Date: 08-20-2002 |
+---------------------------------+
Description:
Jeroen Latour pointed out that we missed one uninitialized variable
in DSA 153-1, which was insecurely used with file inclusions in the
Mantis package, a php based bug tracking system. When such occasions
are exploited, a remote user is able to execute arbitrary code under
the webserver user id on the web server hosting the mantis system.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/m/mantis/
mantis_0.17.1- 2.2_all.deb
Size/MD5 checksum: 249206 3891cfe394de49d7e57a4b4ed8f7db6f
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2300.html
+---------------------------------+
| Package: bugzilla | ----------------------------//
| Date: 08-20-2002 |
+---------------------------------+
Description:
Bugzilla creates new directories with world-writable permissions and
creates the params file with world-writable permissions, which allows
local users to modify the files and execute code.
Vendor Alerts:
Red Hat:
noarch:
ftp://updates.redhat.com/7.1/en/powertools/
noarch/bugzilla-2.14.3-1.noarch.rpm
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2301.html
+---------------------------------+
| Package: kernel | ----------------------------//
| Date: 08-20-2002 |
+---------------------------------+
Description:
Updated kernel packages are now available which fix an oops in the
i810 3D kernel code. This kernel update also fixes a difficult to
trigger race in the dcache (filesystem cache) code, as well as some
potential security holes, although we are not currently aware of any
exploits.
Vendor Alerts:
Red Hat: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
kernel-2.4.18-10.i386.rpm
b2bacd0954832353ecddb507f087b338
ftp://updates.redhat.com/7.3/en/os/i386/
kernel-source-2.4.18-10.i386.rpm
51bc76e8c016e00aa26d798a85f53759
ftp://updates.redhat.com/7.3/en/os/i386/
kernel-doc-2.4.18-10.i386.rpm
91a1978068ee80c53a7500d4486b66e4
ftp://updates.redhat.com/7.3/en/os/i386/
kernel-BOOT-2.4.18-10.i386.rpm
d105a7cc4d3e21bc9c5ace02f0b0152e
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2301.html
+---------------------------------+
| Package: kdelibs | ----------------------------//
| Date: 08-17-2002 |
+---------------------------------+
Description:
Due to a security engineering oversight, the SSL library from KDE,
which Konqueror uses, doesn't check whether an intermediate
certificate for a connection is signed by the certificate authority
as safe for the purpose, but accepts it when it is signed. This
makes it possible for anyone with a valid VeriSign SSL site
certificate to forge any other VeriSign SSL site certificate, and
abuse Konqueror users.
Vendor Alerts:
Debian: Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/kdelibs/
kdelibs3_2.2.2-13.woody.2_i386.deb
Size/MD5 checksum: 6617430 93a871489d1a1f32383b0c0514545a1a
http://security.debian.org/pool/updates/main/k/kdelibs/
kdelibs3-bin_2.2.2-13.woody.2_i386.deb
Size/MD5 checksum: 104714 b289a9eb6b4533ae251c774e608fad7a
http://security.debian.org/pool/updates/main/k/kdelibs/
libarts_2.2.2-13.woody.2_i386.deb
Size/MD5 checksum: 622918 dd63dcfcf246d68dd7290203ec728bb9
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2303.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
