+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 18th, 2003 Volume 4, Number 15a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for openssl, mutt, ethereal, xfsdump, kdegraphics, lprng, gs-common, epic, lpr, rinetd, glibc, evolution, gdkhtml, eyeofgnome, samba, and krb5. The distributors include Conectiva, Debian, Immunix, Mandrake, Red Hat, and Turbo Linux. SECURE YOUR APACHE SERVERS WITH 128-BIT SSL ENCRYPTION Guarantee transmitted data integrity; secure all communication sessions and more with SSL encryption from Thawte - a leading global certificate provider for the Open Source community. Learn more in our FREE GUIDE Click here to get it now! --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte14 -------------------------------------------------------------------- LinuxSecurity Feature Extras: Making It Big: Large Scale Network Forensics (Part 2 of 2) - Proper methodology for computer forensics would involve a laundry-list of actions and thought processes that an investigator needs to consider in order to have the basics covered. http://www.linuxsecurity.com/feature_stories/feature_story-140.html -------------------------------------------------------------------- * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 -------------------------------------------------------------------- Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer forensics have hit the big time. A previously superniche technology, forensics have moved into the collective consciousness of IT sys. admins. and Corporate CSOs. http://www.linuxsecurity.com/feature_stories/feature_story-139.html +---------------------------------+ | Package: openssl | ----------------------------// +---------------------------------+ Description: There are multiple vulnerabilities in OpenSSL. Vendor Alerts: Conectiva: Contectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-3155.html Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3183.html +---------------------------------+ | Package: mutt | ----------------------------// +---------------------------------+ Description: There is a buffer overflow vulnerability in the mutt code that handles IMAP folders. Vendor Alerts: Conectiva: Contectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-3168.html +---------------------------------+ | Package: ethereal | ----------------------------// +---------------------------------+ Description: There are multiple vulnerablilites in ethereal. Vendor Alerts: Conectiva: Contectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-3182.html +---------------------------------+ | Package: xfsdump | ----------------------------// +---------------------------------+ Description: Ethan Benson discovered a problem in xfsdump, that contains administrative utilities for the XFS filesystem. When filesystem quotas are enabled xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped. The manner in which this file is created is unsafe. Vendor Alerts: Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3156.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3185.html +---------------------------------+ | Package: kdegraphics | ----------------------------// +---------------------------------+ Description: The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewing the file or when the browser generates a directory listing with thumbnails. Vendor Alerts: Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3163.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3171.html http://www.linuxsecurity.com/advisories/gentoo_advisory-3165.html Turbo Linux: Turbo Linux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3160.html +---------------------------------+ | Package: lprng | ----------------------------// +---------------------------------+ Description: Karol Lewandowski discovered that psbanner, a printer filter that creates a PostScript format banner and is part of LPRng, insecurely creates a temporary file for debugging purpose when it is configured as filter. The program does not check whether this file already exists or is linked to another place writes its current environment and called arguments to the file unconditionally with the user id daemon. Vendor Alerts: Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3164.html +---------------------------------+ | Package: gs-common | ----------------------------// +---------------------------------+ Description: Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsiuses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi. Vendor Alerts: Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3169.html +---------------------------------+ | Package: epic | ----------------------------// +---------------------------------+ Description: Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user. Vendor Alerts: Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3170.html +---------------------------------+ | Package: lpr | ----------------------------// +---------------------------------+ Description: A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly. Vendor Alerts: Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3176.html +---------------------------------+ | Package: rinetd | ----------------------------// +---------------------------------+ Description: Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code. Vendor Alerts: Debian: Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3184.html +---------------------------------+ | Package: glibc | ----------------------------// +---------------------------------+ Description: Researchers at eEye Digital Security have found integer overflow flaws in the XDR library typically used with Sun RPC. While there are no known exploits for this problem circulating, we recommend upgrading as soon as possible, as it is unlikely StackGuard will prevent exploitation of this flaw. Upgrading is especially important for sites using RPC services. Vendor Alerts: Immunix: Immunix Vendor Advisory: http://www.linuxsecurity.com/advisories/immunix_advisory-3178.html Red Hat: Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3167.html +---------------------------------+ | Package: evolution | ----------------------------// +---------------------------------+ Description: Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources. Vendor Alerts: Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3179.html +---------------------------------+ | Package: gtkhtml | ----------------------------// +---------------------------------+ Description: A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug. Vendor Alerts: Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3180.html Red Hat: Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3172.html +---------------------------------+ | Package: eyeofgnome | ----------------------------// +---------------------------------+ Description: A vulnerability was discovered in the Eye of GNOME (EOG) program, version 2.2.0 and earlier, that is used for displaying graphics. A carefully crafted filename passed to eog could lead to the execution of arbitrary code as the user executing eog. Vendor Alerts: Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3186.html +---------------------------------+ | Package: samba | ----------------------------// +---------------------------------+ Description: A buffer overrun condition exists in the samba SMB protocol implementation. These vulnerabilities may allow remote attackers to gain the root privileges. Vendor Alerts: Turbo Linux: Turbo Linux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3159.html +---------------------------------+ | Package: krb5 | ----------------------------// +---------------------------------+ Description: These vulnerabilities may allow remote attackers to gain the realm and to cause a denial of krb5 service. Vendor Alerts: Turbo Linux: Turbo Linux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3181.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------