+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| January 10th, 2002 Volume 4, Number 2a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for fetchmail, mhonarc, geneweb, xpdf,
canna, tomecat4, FreeBSD kernel, dhcpd, libmcrypt, monopd, http-fetcher,
lcdproc, libpng, pine, cyrus-sasl, ethereal, and mozilla. The
distributors include Caldera, Debian, Gentoo, FreeBSD, Red Hat, and
YellowDog Linux.
LINUXSECURITY.COM FEATURE: Newest Members of the Team Just to give
everyone an idea about who writes these articles and feature stories that
we spend so much of our time reading each day, I have decided to ask Brian
Hatch and Duane Dunston, the newest members of the LinuxSecurity.com team,
a few questions.
http://www.linuxsecurity.com/feature_stories/feature_story-134.html
---------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
---------------------------------------------------------------------
LINUXSECURITY.COM FEATURE: Secure Passwordless Logins with SSH Part 3
Setting up your accounts to allow identity-based authentication gives you
several new options to allow passwordless access to those accounts. This
week we'll see how well we can restrict the access granted to these
identities.
http://www.linuxsecurity.com/articles/documentation_article-6517.html
+---------------------------------+
| Package: fetchmail | ----------------------------//
| Date: 01-09-2003 |
+---------------------------------+
Description:
Heap-based buffer overflow in fetchmail does not account for the "@"
character when determining buffer lengths for local addresses, which
allows remote attackers to execute arbitrary code via a header with a
large number of local addresses.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-001.0/RPMS
fetchmail-6.1.0-4.src.rpm
8324bf38216402b13657e3a137c04f52
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2742.html
+---------------------------------+
| Package: mhonarc | ----------------------------//
| Date: 01-03-2003 |
+---------------------------------+
Description:
Earl Hood, author of mhonarc, a mail to HTML converter, discovered a cross
site scripting vulnerability in this package. A specially crafted HTML
mail message can introduce foreign scripting content in archives,
by-passing MHonArc's HTML script filtering.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/m/
mhonarc/mhonarc_2.4.4-1.3_all.deb
Size/MD5 checksum: 453522 4d0b4ed0497569652dfce1544826d959
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2714.html
+---------------------------------+
| Package: geneweb | ----------------------------//
| Date: 01-07-2003 |
+---------------------------------+
Description:
A security issue has been discovered by Daniel de Rauglaudre, upstream
author of geneweb, a genealogical software with web interface. It runs as
a daemon on port 2317 by default. Paths are not properly sanitized, so a
carefully crafted URL lead geneweb to read and display arbitrary files of
the system it runs on.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/g/
geneweb/geneweb_4.06-2_i386.deb
Size/MD5 checksum: 1684746 5057e9e6b03bb4d0d6878952b501e219
http://security.debian.org/pool/updates/main/g/
geneweb/gwtp_4.06-2_i386.deb
Size/MD5 checksum: 144480 9c0734678de3b35399d98b421bf6943e
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2734.html
+---------------------------------+
| Package: xpdf | ----------------------------//
| Date: 01-06-2003 |
+---------------------------------+
Description:
iDEFENSE discovered an integer overflow in the pdftops filter from the
xpdf package that can be exploited to gain the privileges of the target
user. This can lead to gaining privileged access to the 'lp' user if thee
pdftops program is part of the print filter.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/x/xpdf/
xpdf_0.90-8.1_i386.deb
Size/MD5 checksum: 970292 903b558758cecb9010d49bc011feba9c
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2735.html
+---------------------------------+
| Package: canna | ----------------------------//
| Date: 01-08-2003 |
+---------------------------------+
Description:
Several vulnerabilities have been discovered in canna, a Japanese input
system.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2738.html
+---------------------------------+
| Package: tomcat4 | ----------------------------//
| Date: 01-08-2003 |
+---------------------------------+
Description:
A security vulnerability has been confirmed to exist in Apache Tomcat
4.0.x releases, which allows to use a specially crafted URL to return the
unprocessed source of a JSP page, or, under special circumstances, a
static resource which would otherwise have been protected by a security
constraint, without the need for being properly authenticated.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/contrib/t/tomcat4/
libtomcat4-java_4.0.3-3woody2_all.deb
Size/MD5 checksum: 1134258 680c67daebdd36eb879ce593e6362f3b
http://security.debian.org/pool/updates/contrib/t/tomcat4/
tomcat4-webapps_4.0.3-3woody2_all.deb
Size/MD5 checksum: 1167502 34f71826d8441f967e3da0ee4ab9a1be
http://security.debian.org/pool/updates/contrib/t/tomcat4/
tomcat4_4.0.3-3woody2_all.deb
Size/MD5 checksum: 126444 e7dbc07086a7e349474bff877342cb6d
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2740.html
+---------------------------------+
| Package: FreeBSD kernel | ----------------------------//
| Date: 01-08-2003 |
+---------------------------------+
Description:
A local attacker may cause the operating system to crash by repeatedly
calling fpathconf on a file descriptor until the reference count wraps to
a negative value, and then calling close on that file descriptor.
Vendor Alerts:
FreeBSD:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2736.html
+---------------------------------+
| Package: dhcpd | ----------------------------//
| Date: 01-08-2003 |
+---------------------------------+
Description:
When assigning an IP address to a network interface, dhcpcd may execute an
external script, '/sbin/dhcpd-.exe'. This is an optional configuration
that must be setup manually on Gentoo Linux systems by copying the script
into /sbin/.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2729.html
+---------------------------------+
| Package: libmcrypt | ----------------------------//
| Date: 01-05-2003 |
+---------------------------------+
Description:
limbcrypt versions prior to 2.5.5 contain a number of buffer overflow
vulnerabilities that stem from imporper or lacking input validation. By
passing a longer then expected input to a number of functions (multiple
functions are affected) the user can successful make libmcrypt crash.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2730.html
+---------------------------------+
| Package: monopd | ----------------------------//
| Date: 01-06-2003 |
+---------------------------------+
Description:
A buffer overflow exist in the messaging framework which would allow a
remote user to execute commands as the user running the game server.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2731.html
+---------------------------------+
| Package: http-fetcher | ----------------------------//
| Date: 01-06-2003 |
+---------------------------------+
Description:
"HTTP Fetcher library is exposed to very fatal buffer overflow. And, It
influences in other several programs."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2732.html
+---------------------------------+
| Package: lcdproc | ----------------------------//
| Date: 01-06-2003 |
+---------------------------------+
Description:
"The vulnerabilities in LCDproc allow an attacker to remotely execute
arbitrary code or cause the LCDproc server to crash."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2737.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 01-08-2003 |
+---------------------------------+
Description:
"Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG (Portable
Network Graphics) format files. The starting offsets for the loops are
calculated incorrectly which causes a buffer overrun beyond the beginning
of the row buffer."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2739.html
+---------------------------------+
| Package: pine | ----------------------------//
| Date: 01-03-2003 |
+---------------------------------+
Description:
A vulnerability in Pine version 4.44 and earlier releases can causePine to
crash when sent a carefully crafted email.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/pine-4.44-14.80.0.i386.rpm
318ce94f802f8a03fb6c9e66991d52f0
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2715.html
YellowDog Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2716.html
+---------------------------------+
| Package: cyrus-sasl | ----------------------------//
| Date: 01-03-2003 |
+---------------------------------+
Description:
Updated cyrus-sasl packages are now available for Red Hat Linux 8.0. These
packages close buffer overflows present in Cyrus SASL 2.1 and later.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2733.html
+---------------------------------+
| Package: ethereal | ----------------------------//
| Date: 01-09-2003 |
+---------------------------------+
Description:
Updated Ethereal packages are available which fix various security issues.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/
ethereal-0.9.8-0.80.0.i386.rpm
cc5e2bd268c457add3c0514619873c25
ftp://updates.redhat.com/8.0/en/os/i386/
ethereal-gnome-0.9.8-0.80.0.i386.rpm
b7ab974fa760948f98698252aef212d7
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2741.html
+---------------------------------+
| Package: mozilla | ----------------------------//
| Date: 01-05-2003 |
+---------------------------------+
Description:
"Mozilla is an open source web browser. Versions of Mozilla previous to
version 1.0.1 contain various security vulnerabilities. These
vulnerabilities could be used by an attacker to read data off of the local
hard drive, to gain information that should normally be kept private, and
in some cases to execute arbitrary code. For more information on the
specific vulnerabilities fixed please see the references below.
Vendor Alerts:
YellowDog:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
YellowDog Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2717.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
