+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 21st, 2002 Volume 4, Number 12a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for kde, openssl, tcpdump, samba,
netpbm-free, lxr, kernel, libc, qpopper, man, mysql, rxvt, zlib,
gnome-lokkit, and libc. The distributors include, Caldera, Debian,
Guardian Digital's EnGarde Secure Linux, Gentoo, Mandrake, Red Hat,
Slackware, SuSE, and Trustix.
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=mail2
-----------------------
LINUX SECURITY ARTICLES:
------------------------
Get out of a BIND - install DJBDNS - DJBDNS eases DNS management and
improves security over BIND alternatives by taking a different approach to
serving and caching DNS answers.
http://www.linuxsecurity.com/articles/documentation_article-6857.html
Remote Syslog with MySQL and PHP
Msyslog has the ability to log syslog messages to a database. This
allows for easier monitoring of multiple servers and the ability to
be display and search for syslog messages using PHP or any other
programming language that can communicate with the database.by
that, too.
http://www.linuxsecurity.com/feature_stories/feature_story-138.html
+---------------------------------+
| Package: kde | ----------------------------//
| Date: 03-17-2003 |
+---------------------------------+
Description:
The implementation of the rlogin protocol in all of the affected
systems, and the implementation of the telnet protocol in affected
KDE 2 systems.
Vendor Alerts:
Caldera:
kdelibs2-2.2.1-6.3.i386.rpm
8129d823e229783c726199a844318eee
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-012.0/RPMS
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2964.html
+---------------------------------+
| Package: openssl | ----------------------------//
| Date: 03-19-2003 |
+---------------------------------+
Description:
The xdrmem_getbytes() function in the XDR library provided by Sun
Microsystems contains an integer overflow that can lead to improperly
sized dynamic memory allocation.
Vendor Alerts:
Caldera:
glibc-2.2.4-26.i386.rpm
22c6bf3a5dc5423c57eea99f7fef610d
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-012.0/RPMS
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-3012.html
EnGarde:
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-3009.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3013.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2991.html
+---------------------------------+
| Package: tcpdump | ----------------------------//
| Date: 03-19-2003 |
+---------------------------------+
Description:
An attacker is able to send a specially crafted RADIUS network packet
which causes tcpdump to enter an infinite loop.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/t/
tcpdump/tcpdump_3.6.2-2.4_i386.deb
Size/MD5 checksum: 169580 ff9e64004901cb5b00bf0cb213451e76
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2960.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2972.html
+---------------------------------+
| Package: samba | ----------------------------//
| Date: 03-19-2003 |
+---------------------------------+
Description:
A buffer overflow and race condition vulnerabilities have been fixed.
These vulnerabilities may lead to remote root compromise.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2961.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2965.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2963.html
Slackware:
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2962.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3000.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3001.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2992.html
+---------------------------------+
| Package: netpbm-free | ----------------------------//
| Date: 03-17-2003 |
+---------------------------------+
Description:
These vulnerabilities may allow remote attackers to cause a denial of
service or execute arbitrary code.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2968.html
+---------------------------------+
| Package: lxr | ----------------------------//
| Date: 03-19-2003 |
+---------------------------------+
Description:
There is a vulnerability that allows a remote attacker to read
arbitrary files on the host system as user www-data.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_i386.deb
Size/MD5 checksum: 25922 b0e19c5aaf6930b9e88d1a2dd0e4828e
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3003.html
+---------------------------------+
| Package: kernel | ----------------------------//
| Date: 03-19-2003 |
+---------------------------------+
Description:
This update fixes several vulnerabilities in the Linux kernel
Vendor Alerts:
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/kernel-2.2.19-1.0.30.i386.rpm
MD5 Sum: 9a16886321cc19365ea1a7d27d927b83
i386/kernel-lids-mods-2.2.19-1.0.30.i386.rpm
MD5 Sum: 784e3abd25e27db6036bd7638ac22ef6
i386/kernel-smp-lids-mods-2.2.19-1.0.30.i386.rpm
MD5 Sum: 42a9c7d7b5879e061d59d1008011dab7
i386/kernel-smp-mods-2.2.19-1.0.30.i386.rpm
MD5 Sum: 64b89dcd411abdd455bbb55539a29df6
i686/kernel-2.2.19-1.0.30.i686.rpm
MD5 Sum: af21a043fcde3004ad645ca4bb26117e
i686/kernel-lids-mods-2.2.19-1.0.30.i686.rpm
MD5 Sum: 8f90859a9313f731c710247e27915a42
i686/kernel-smp-lids-mods-2.2.19-1.0.30.i686.rpm
MD5 Sum: 74ff5e04d89e9a5b60d79f3fc0491034
i686/kernel-smp-mods-2.2.19-1.0.30.i686.rpm
MD5 Sum: 1fa7cffecc2fd417713f67c4bb19da90
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3016.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2973.html
+---------------------------------+
| Package: libc | ----------------------------//
| Date: 03-20-2003 |
+---------------------------------+
Description:
The xdrmem XDR stream object does incorrect bounds-checking.
Vendor Alerts:
FreeBSD:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-3022.html
+---------------------------------+
| Package: qpopper | ----------------------------//
| Date: 03-20-2003 |
+---------------------------------+
Description:
Under certain conditions it is possible to execute arbitrary code
using a buffer overflow in the recent qpopper.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2966.html
+---------------------------------+
| Package: man | ----------------------------//
| Date: 03-20-2003 |
+---------------------------------+
Description:
man 1.5l fixes a bug which results in arbitrary code execution upon
reading a specially formatted man file.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2995.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2989.html
+---------------------------------+
| Package: mysql | ----------------------------//
| Date: 03-20-2003 |
+---------------------------------+
Description:
MySQL will no longer read config files that are world-writeable.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2996.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2990.html
+---------------------------------+
| Package: rxvt | ----------------------------//
| Date: 03-20-2003 |
+---------------------------------+
Description:
Many of the features supported by popular terminal emulator software
can be abused when un-trusted data is displayed on the screen. The
impact of this abuse can range from annoying screen garbage to a
complete system compromise. All of the issues below are actually
documented features, anyone who takes the time to read over the man
pages or source code could use them to carry out an attack.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3014.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2969.html
+---------------------------------+
| Package: zlib | ----------------------------//
| Date: 03-18-2003 |
+---------------------------------+
Description:
Richard Kettlewell discovered a buffer overflow vulnerability in the
zlib library's gzprintf() function.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3002.html
+---------------------------------+
| Package: gnome-lokkit | ----------------------------//
| Date: 03-18-2003 |
+---------------------------------+
Description:
Updated Gnome-lokkit packages fix missing FORWARD ruleset in Red Hat
Linux 8.0.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/
gnome-lokkit-0.50-21.8.0.i386.rpm
01f42937db89e8afb3f30a704e52ca7f
ftp://updates.redhat.com/8.0/en/os/i386/
lokkit-0.50-21.8.0.i386.rpm
0f80d90d4766f04eef08928b33b6a25e
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2967.html
+---------------------------------+
| Package: glibc | ----------------------------//
| Date: 03-17-2003 |
+---------------------------------+
Description:
Updated glibc packages are available to fix an integer overflow in
the XDR decoder.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3015.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
