+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 22nd, 2004 Volume 5, Number 42a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for libtiff, libpng, ecartis, cupsys, BNC, phpMyAdmin, Squid, PostgreSQL, Ghostscript, glibc, mod_ssl, mozilla, cvs, gaim, wxGTK2, squid, wxGTK2, xpdf, gpdf, kdegraphics, ImageMagick, and mysql. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and Trustix. ----- >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 ----- xlock and vlock If you wander away from your machine from time to time, it is nice to be able to "lock" your console so that no one tampers with or looks at your work. Two programs that do this are: xlock and vlock. Xlock is a X display locker. It should be included in any Linux distributions that support X. Check out the man page for it for more options, but in general you can run xlock from any xterm on your console and it will lock the display and require your password to unlock. vlock is a simple little program that allows you to lock some or all of the virtual consoles on your Linux box. You can lock just the one you are working in or all of them. If you just lock one, others can come in and use the console, they will just not be able to use your virtual TTY until you unlock it. vlock ships with Red Hat Linux, but your mileage may vary. Of course locking your console will prevent someone from tampering with your work, but does not prevent them from rebooting your machine or otherwise disrupting your work. It also does not prevent them from accessing your machine from another machine on the network and causing problems. More importantly, it does not prevent someone from switching out of the X Window System entirely, and going to a normal virtual console login prompt, or to the VC that X11 was started from, and suspending it, thus obtaining your privileges. For this reason, you might consider only using it while under control of xdm. At the very least, start X in the background, and log out of the console Excerpt from the LinuxSecurity Administrator's Guide: http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html Written by: Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx) ----- Mass deploying Osiris Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel. http://www.linuxsecurity.com/feature_stories/feature_story-175.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 10/18/2004 - gtk+ image loading vulnerabilities fix A vulnerability found in the gdk-pixbuf bmp loader could allow a specially crafted BMP image to hang applications in an infinite loop (CAN-2004-0753[2]). http://www.linuxsecurity.com/advisories/conectiva_advisory-4965.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 10/15/2004 - libtiff remote code execution fix Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash. http://www.linuxsecurity.com/advisories/debian_advisory-4960.html 10/16/2004 - cyrus-sasl-mit arbitrary code execution fix remote code execution fix A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. http://www.linuxsecurity.com/advisories/debian_advisory-4961.html 10/18/2004 - netkit-telnet-ssl denial of service fix remote code execution fix Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer. http://www.linuxsecurity.com/advisories/debian_advisory-4963.html 10/18/2004 - netkit-telnet denial of service real fix remote code execution fix Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer. http://www.linuxsecurity.com/advisories/debian_advisory-4964.html 10/20/2004 - libpng several vulnerabilities fix Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed. http://www.linuxsecurity.com/advisories/debian_advisory-4974.html 10/20/2004 - libpng3 several vulnerabilities fix Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed. http://www.linuxsecurity.com/advisories/debian_advisory-4975.html 10/21/2004 - ecartis unauthorised access to admin interface fix A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings. http://www.linuxsecurity.com/advisories/debian_advisory-4986.html 10/21/2004 - cupsys arbitrary code execution fix Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document. http://www.linuxsecurity.com/advisories/debian_advisory-4988.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 10/15/2004 - gimp-2.0.5-0.fc2.3 update arbitrary code execution fix A brown paper bag release -- I missed that 1bpp and 24bpp are also valid for BMP. http://www.linuxsecurity.com/advisories/fedora_advisory-4958.html 10/18/2004 - glib2-2.4.7-1.1 update arbitrary code execution fix Glib 2.4.7 contains many bug fixes, notably a fix for bug 126666. http://www.linuxsecurity.com/advisories/fedora_advisory-4966.html 10/18/2004 - gtk2-2.4.13-2.1 update arbitrary code execution fix GTK+ 2.4.13 contains many bug fixes, with an emphasis on making the new file chooser work better. http://www.linuxsecurity.com/advisories/fedora_advisory-4967.html 10/21/2004 - tzdata-2004e-1.fc2 update arbitrary code execution fix Previous tzdata-2004e-1.fc2 announcement from 2004-10-12 had wrong md5sums (before signing). http://www.linuxsecurity.com/advisories/fedora_advisory-4991.html 10/21/2004 - xpdf-3.00-3.4 update arbitrary code execution fix Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. http://www.linuxsecurity.com/advisories/fedora_advisory-4992.html 10/21/2004 - openoffice.org-1.1.2-10.fc2 update arbitrary code execution fix This update is equivalent to the Fedora Core 3 version of OpenOffice.org. The changes since the previous version of OpenOffice.org in Fedora Core 2 are too numerous to list here, but there are quite a few notable improvements. http://www.linuxsecurity.com/advisories/fedora_advisory-4996.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 10/15/2004 - BNC Input validation flaw BNC contains an input validation flaw which might allow a remote attacker to issue arbitrary IRC related commands. http://www.linuxsecurity.com/advisories/gentoo_advisory-4957.html 10/18/2004 - phpMyAdmin Vulnerability in MIME-based transformation system A vulnerability has been found in the MIME-based transformation system of phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's "safe mode" is disabled. http://www.linuxsecurity.com/advisories/gentoo_advisory-4962.html 10/18/2004 - Squid Remote DoS vulnerability Squid contains a vulnerability in the SNMP module which may lead to a denial of service. http://www.linuxsecurity.com/advisories/gentoo_advisory-4968.html 10/18/2004 - PostgreSQL Insecure temporary file use in make_oidjoins_check The make_oidjoins_check script, part of the PostgreSQL package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. http://www.linuxsecurity.com/advisories/gentoo_advisory-4969.html 10/20/2004 - OpenOffice.org Temporary files disclosure Insecure temporary file use in make_oidjoins_check OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents. http://www.linuxsecurity.com/advisories/gentoo_advisory-4982.html 10/20/2004 - Ghostscript Insecure temporary file use in multiple scripts Multiple scripts in the Ghostscript package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script. http://www.linuxsecurity.com/advisories/gentoo_advisory-4983.html 10/21/2004 - glibc Insecure tempfile handling in catchsegv script The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script. http://www.linuxsecurity.com/advisories/gentoo_advisory-4989.html 10/21/2004 - CUPS Multiple integer overflows Multiple integer overflows were discovered in Xpdf, potentially resulting in execution of arbitrary code upon viewing a malicious PDF file. CUPS includes Xpdf code and therefore is vulnerable to the same issues. http://www.linuxsecurity.com/advisories/gentoo_advisory-4990.html 10/21/2004 - mod_ssl Bypass of SSLCipherSuite directive In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl. http://www.linuxsecurity.com/advisories/gentoo_advisory-4995.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 10/20/2004 - mozilla update fix A number of vulnerabilities were fixed in mozilla 1.7.3. http://www.linuxsecurity.com/advisories/mandrake_advisory-4971.html 10/20/2004 - libtiff update fix Several vulnerabilities have been discovered in the libtiff package. http://www.linuxsecurity.com/advisories/mandrake_advisory-4972.html 10/20/2004 - cvs update fix iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them. http://www.linuxsecurity.com/advisories/mandrake_advisory-4973.html 10/20/2004 - libtiff multiple vulnerabilities fix Several vulnerabilities have been discovered in the libtiff package. http://www.linuxsecurity.com/advisories/mandrake_advisory-4976.html 10/21/2004 - cvs vulnerability fix iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them. http://www.linuxsecurity.com/advisories/mandrake_advisory-4984.html 10/21/2004 - mozilla vulnerabilities fix A number of vulnerabilities were fixed in mozilla 1.7.3. http://www.linuxsecurity.com/advisories/mandrake_advisory-4985.html 10/21/2004 - gaim vulnerabilities fix More vulnerabilities in gaim include nstalling smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. There is also a buffer overflow in the way gaim handles receiving very long URLs. http://www.linuxsecurity.com/advisories/mandrake_advisory-4993.html 10/21/2004 - wxGTK2 vulnerabilities fix Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities. http://www.linuxsecurity.com/advisories/mandrake_advisory-4994.html 10/21/2004 - squid SNMP processing vulnerability fix iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting. http://www.linuxsecurity.com/advisories/mandrake_advisory-4997.html 10/21/2004 - wxGTK2 vulnerabilities fix Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities. http://www.linuxsecurity.com/advisories/mandrake_advisory-4998.html 10/21/2004 - gaim vulnerabilities fix More vulnerabilities have been discovered in the gaim instant messenger client. http://www.linuxsecurity.com/advisories/mandrake_advisory-4999.html 10/22/2004 - xpdf vulnerabilities fix Chris Evans discovered numerous vulnerabilities in the xpdf package which can result in DOS or possibly arbitrary code execution. http://www.linuxsecurity.com/advisories/mandrake_advisory-5000.html 10/22/2004 - gpdf DoS vulnerability fix Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as gpdf. http://www.linuxsecurity.com/advisories/mandrake_advisory-5001.html 10/22/2004 - cups DoS vulnerabilities fix Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code. http://www.linuxsecurity.com/advisories/mandrake_advisory-5002.html 10/22/2004 - kdegraphics DoS vulnerability fix Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf. http://www.linuxsecurity.com/advisories/mandrake_advisory-5003.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 10/20/2004 - ImageMagick security vulnerabilities fix Updated ImageMagick packages that fix various security vulnerabilities are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4977.html 10/20/2004 - mysql minor security issues and bugs fix Updated mysql packages that fix various temporary file security issues, as well as a number of bugs, are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4978.html 10/20/2004 - squid vulnerability fix An updated squid package that fixes a remote denial of service vulnerability is now avaliable. http://www.linuxsecurity.com/advisories/redhat_advisory-4979.html 10/20/2004 - mysql security issues and bugs fixes Updated mysql packages that fix various security issues, as well as a number of bugs, are now available for Red Hat Enterprise Linux 2.1. http://www.linuxsecurity.com/advisories/redhat_advisory-4980.html 10/20/2004 - gaim security issues and bugs fixes An updated gaim package that fixes security issues, fixes various bugs, and includes various enhancements for Red Hat Enterprise Linux 3 is now avaliable. http://www.linuxsecurity.com/advisories/redhat_advisory-4981.html +---------------------------------+ | Distribution: Suse | ----------------------------// +---------------------------------+ 10/21/2004 - kernel remote denial of service An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled. http://www.linuxsecurity.com/advisories/suse_advisory-4987.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 10/15/2004 - libtiff, mysql, squid, cyrus-sasl Multiple security vulnerabilities remote denial of service Multiple security vulnerabilities in mysql, squid, cyrus-sasl and libtiff. http://www.linuxsecurity.com/advisories/trustix_advisory-4959.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------