+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| January 24th, 2002 Volume 4, Number 4a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for cups, canna, cvs, dhcp, libpng,
kde, fnord, vim, printer-drivers, python, and susehelp. The distributors
include Caldera, Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware,
and SuSE.
ENCRYPTION + AUTHENTICATION = TRUST
You may think people will regard your business as trustworthy because
you.ve got a 128-bit encryption certificate, but encryption does not
guarantee trust. Thawte believes in rigorous authentication - Download
our FREE Authentication Guide
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte5
Patching It Up - Patching and upgrading software requires more than
running a few commands. Having a patch recovery plan, communicating with
developers on that server, and knowing who to contact in case of a botched
patch job is critical.
http://www.linuxsecurity.com/feature_stories/feature_story-135.html
---------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
---------------------------------------------------------------------
LINUXSECURITY.COM FEATURE: Newest Members of the Team Just to give
everyone an idea about who writes these articles and feature stories that
we spend so much of our time reading each day, I have decided to ask Brian
Hatch and Duane Dunston, the newest members of the LinuxSecurity.com team,
a few questions.
http://www.linuxsecurity.com/feature_stories/feature_story-134.html
+---------------------------------+
| Package: cups | ----------------------------//
| Date: 01-20-2003 |
+---------------------------------+
Description:
Allows remote attackers to add printers without authentication via a
certain UDP packet, that can then be used to perform unauthorized
activities such as stealing the local root certificate for the
administration server via a "need authorization" page.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-004.0/RPMS
cups-1.1.10-6.i386.rpm
c27cfc1dc18d8c4769c0f8247f9c9bf0
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2781.html
Debian:
http://security.debian.org/pool/updates/main/c/
cupsys/cupsys_1.0.4-12.1_i386.deb
3e977f66990a5d169d24088c22ffba34
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2776.html
+---------------------------------+
| Package: canna | ----------------------------//
| Date: 01-20-2003 |
+---------------------------------+
Description:
Buffer overflow in canna allows local users to execute arbitrary code as
the bin user. Canna does not properly validate requests, which allows
remote attackers to cause a denial of service or information leak.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-005.0/RPMS
canna-3.5b2-8.i386.rpm
91acd89bd9041e06c0a22e4d73b5bb1f
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2790.html
+---------------------------------+
| Package: cvs | ----------------------------//
| Date: 01-21-2003 |
+---------------------------------+
Description:
Besides fixing the double free vulnerability, the new packages provided
with this update now have the Checkin-prog and Update-prog commands
disabled.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
cvs-1.11-9U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
cvs-doc-1.11-9U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2788.html
Debian:
http://security.debian.org/pool/updates/main/c/
cvs/cvs_1.10.7-9.2_i386.deb
Size/MD5 checksum: 455974 32924918a5a027f287c1fff64139aa98
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2782.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2783.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2786.html
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/cvs-1.11.2-8.i386.rpm
612a4814740dc8544619a22487b4652f
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2780.html
Slackware:
ftp://ftp.slackware.com/pub/slackware/
slackware-8.1/patches/packages/cvs-1.11.5-i386-1.tgz
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2799.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2797.html
+---------------------------------+
| Package: dhcp | ----------------------------//
| Date: 01-23-2003 |
+---------------------------------+
Description:
During an internal source code audit, the ISC developers found several
stack-based buffer overflow vulnerabilities[2,3] in the error handling
routines of the minires library. This library is used by the NSUPDATE
feature, which is present in dhcp versions newer than 3.0 and allows the
DHCP server to dynamically update DNS server records.
Vendor Alerts:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2805.html
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2773.html
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2772.html
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2791.html
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2779.html
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2777.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 01-23-2003 |
+---------------------------------+
Description:
Programs such as web browsers and various others common applications make
use of libpng. An attacker could exploit this vulnerability to remotely
run arbitrary code or crash such applications by using a specially crafted
png image.
Vendor Alerts:
Conectiva:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2806.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2787.html
+---------------------------------+
| Package: kde | ----------------------------//
| Date: 01-22-2003 |
+---------------------------------+
Description:
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters of
instructions passed to a command shell for execution. These parameters may
incorporate data such as URLs, filenames and e-mail addresses, and this
data may be provided remotely to a victim in an e-mail, a webpage or files
on a network filesystem or other untrusted source.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
kdeadmin - Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2793.html
kdegraphics - Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2794.html
kdelibs - Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2795.html
kdenetwork - DebianVendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2801.html
kdepim - Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2802.html
kdesdk - Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2803.html
kdegamers - Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2807.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2774.html
+---------------------------------+
| Package: fnord | ----------------------------//
| Date: 01-17-2003 |
+---------------------------------+
Description:
"fnord 1.6 contained a buffer overrun in the CGI code. However, since the
function does not return, this does not appear to be exploitable."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2771.html
+---------------------------------+
| Package: vim | ----------------------------//
| Date: 01-22-2003 |
+---------------------------------+
Description:
"Opening a specially crafted text file with vim can execute arbitrary
shell commands and pass parameters to them."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2796.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2767.html
+---------------------------------+
| Package: printer-drivers | ----------------------------//
| Date: 01-21-2003 |
+---------------------------------+
Description:
Karol Wiesek and iDefense disovered three vulnerabilities in the
printer-drivers package and tools it installs. These vulnerabilities allow
a local attacker to empty or create any file on the filesystem.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2798.html
+---------------------------------+
| Package: python | ----------------------------//
| Date: 01-21-2003 |
+---------------------------------+
Description:
Zack Weinberg discovered that os._execvpe from os.py in Python 2.2.1 and
earlier creates temporary files with predictable names. This could allow
local users to execute arbitrary code via a symlink attack.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2789.html
+---------------------------------+
| Package: susehelp | ----------------------------//
| Date: 01-20-2003 |
+---------------------------------+
Description:
Remote attackers can insert certain characters in CGI queries to the
susehelp system tricking it into executing arbitrary code as the "wwwrun"
user. Please note that this is only a vulnerability if you have a web
server running and configured to allow access to the susehelp system by
remote sites.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/
noarch/susehelp-2002.09.05-51.noarch.rpm
6dde3d487385fd6a935643b1a0d92b86
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2775.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
