+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 17th, 2004 Volume 5, Number 50a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for zgv, atari800, MyODBC, mikmod,
gstreamer, grep, flim, kdelibs, kdebase, selinux-policy-targeted,
xcdroast, udev, PHProjekt, nfs-utils, ncpfs, vim, evolution, mkdonline,
iproute, libpng, postgresql, IPSec, imlib, ruby, ncompress, and mod_ssl.
The distributors include Debian, Fedora, Gentoo, Mandrake, OpenBSD,
Red Hat, and TurboLinux.
----
Internet Productivity Suite: Open Source Security
Trust Internet Productivity Suite's open source architecture to give
you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and
methods into their design.
http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml
---
Detecting Physical Security Compromises
The first thing to always note is when your machine was rebooted.
Since Linux is a robust and stable OS, the only times your machine
should reboot is when you take it down for OS upgrades, hardware
swapping, or the like. If your machine has rebooted without you
doing it, that may be a sign that an intruder has compromised it.
Many of the ways that your machine can be compromised require the
intruder to reboot or power off your machine.
Check for signs of tampering on the case and computer area. Although
many intruders clean traces of their presence out of logs, it's a
good idea to check through them all and note any discrepancy.
It is also a good idea to store log data at a secure location, such
as a dedicated log server within your well-protected network. Once
a machine has been compromised, log data becomes of little use as
it most likely has also been modified by the intruder.
The syslog daemon can be configured to automatically send log data
to a central syslog server, but this is typically sent unencrypted,
allowing an intruder to view data as it is being transferred. This
may reveal information about your network that is not intended to be
public. There are syslog daemons available that encrypt the data as
it is being sent.
Also be aware that faking syslog messages is easy -- with an exploit
program having been published. Syslog even accepts net log entries
claiming to come from the local host without indicating their true
origin.
Excerpt from LinuxSecurity HowTO:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
By: Dave Wreski (dave@xxxxxxxxxxxxxxxxx) & Kevin Fenzi
-----
Vincenzo Ciaglia Speaks Security 2004
Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux
Security. A full immersion in the world of Linux Security from many
sides and points of view.
http://www.linuxsecurity.com/content/view/117515/49/
---------------------------------------------------------------------
Mass deploying Osiris
Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system. A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people. The communication is all done over an encrypted
communication channel.
http://www.linuxsecurity.com/feature_stories/feature_story-175.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: zgv arbitrary code execution fix
14th, December, 2004
Several vulnerabilities have been discovered in zgv, an SVGAlib
graphics viewer for the i386 architecture.
http://www.linuxsecurity.com/content/view/117475
* Debian: atari800 local root exploit fix
14th, December, 2004
Adam Zabrocki discovered multiple buffer overflows in atari800, an
Atari emulator. In order to directly access graphics hardware, one
of the affected programs is installed setuid root. A local attacker
could exploit this vulnerability to gain root privileges.
http://www.linuxsecurity.com/content/view/117492
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora: MyODBC-2.50.39-18.2 update
10th, December, 2004
This update fixes a problem that occurs when the user's locale
setting selects a decimal point other than ".".
http://www.linuxsecurity.com/content/view/117469
* Fedora: MyODBC-2.50.39-19.1 update
10th, December, 2004
This update fixes a problem that occurs when the user's locale
setting selects a decimal point other than ".".
http://www.linuxsecurity.com/content/view/117470
* Fedora: mikmod-3.1.6-30.2 update
13th, December, 2004
This moves 'mikmod' back to the main package. It was incorrectly in
the mikmod-devel package.
http://www.linuxsecurity.com/content/view/117476
* Fedora: gstreamer-0.8.7-4.FC3.0 update
14th, December, 2004
This update adds multilib support to GStreamer; this fixes several
issues people had on multilib architectures such as x86_64. It's
been fairly well tested but please do not hesitate to report
any issues.
http://www.linuxsecurity.com/content/view/117494
* Fedora: grep-2.5.1-31.2 update
14th, December, 2004
This update improves performance when processing UTF-8 input.
http://www.linuxsecurity.com/content/view/117495
* Fedora: flim-1.14.7-0.FC2 update
15th, December, 2004
Update to 1.14.7 release, which also fixes CAN-2004-0422.
http://www.linuxsecurity.com/content/view/117518
* Fedora: kdelibs-3.2.2-10.FC2 update
15th, December, 2004
apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team
http://www.linuxsecurity.com/content/view/117519
* Fedora: kdebase-3.2.2-8.FC2 update
15th, December, 2004
apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team
http://www.linuxsecurity.com/content/view/117520
* Fedora: kdelibs-3.3.1-2.4.FC3 update
15th, December, 2004
apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team
http://www.linuxsecurity.com/content/view/117521
* Fedora: kdebase-3.3.1-4.3.FC3 update
15th, December, 2004
apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team
http://www.linuxsecurity.com/content/view/117522
* Fedora: selinux-policy-targeted-1.17.30-2.51 update
16th, December, 2004
Fix problems with winbind, nscd, apache and others.
http://www.linuxsecurity.com/content/view/117525
* Fedora: xcdroast-0.98a15-8 update
16th, December, 2004
fixed frozen progress bars with patch from Didier Heyden (bug
#134334)
http://www.linuxsecurity.com/content/view/117529
* Fedora: udev-039-10.FC3.6 update
16th, December, 2004
fixed a case where reading /proc/ide/hd?/media returns EIO (bug
rh#142713) and added simple dvb rules
http://www.linuxsecurity.com/content/view/117530
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: PHProjekt setup.php vulnerability
10th, December, 2004
PHProjekt contains a vulnerability in the setup procedure allowing
remote users without admin rights to change the configuration.
http://www.linuxsecurity.com/content/view/117468
* Gentoo: nfs-utils Multiple remote vulnerabilities
13th, December, 2004
Multiple vulnerabilities have been discovered in nfs-utils that could
lead to a Denial of Service, or the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117478
* Gentoo: ncpfs Buffer overflow in ncplogin and ncpmap
15th, December, 2004
ncpfs is vulnerable to a buffer overflow that could lead to local
execution of arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/117505
* Gentoo: vim, gVim Vulnerable options in modelines
15th, December, 2004
Several vulnerabilities related to the use of options in modelines
have been found and fixed in Vim. They could potentially result in a
local user escalating privileges.
http://www.linuxsecurity.com/content/view/117508
* Gentoo: file Arbitrary code execution
13th, December, 2004
The code for parsing ELF headers in file contains a flaw which may
allow an attacker to execute arbitrary code.
http://www.linuxsecurity.com/content/view/117477
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
* Mandrake: evolution various bugs fix
14th, December, 2004
This update provides Evolution 2.0.3 which fixes a number of bugs
found in the previous version of Evolution, including the possibility
to lose mail when Evolution sends an email message, that fails to
send, but Evolution doesn't realize it has failed.
http://www.linuxsecurity.com/content/view/117484
* Mandrake: mdkonline provide new features
14th, December, 2004
This is a major update of mandrakeonline which fixes several issues
and adds more features such as a text wizard for servers without
Xwindow capabilities, support for server products, corporate and MNF
for instance, errors displaying and md5sum file checks.
http://www.linuxsecurity.com/content/view/117485
* Mandrake: iproute2 temporary file vulnerability
14th, December, 2004
Herbert Xu discovered that iproute can accept spoofed messages sent
via the kernel netlink interface by other users on the local machine.
This could lead to a local Denial of Service attack.
http://www.linuxsecurity.com/content/view/117486
* Mandrake: evolution various bugs fix
14th, December, 2004
This update provides Evolution 2.0.3 which fixes a number of bugs
found in the previous version of Evolution, including the possibility
to lose mail when Evolution sends an email message, that fails to
send, but Evolution doesn't realize it has failed.
http://www.linuxsecurity.com/content/view/117487
* Mandrake: libpng invalid zlib header problem fix
14th, December, 2004
A problem in version 1.2.6 of the libpng library would cause libpng
to write an invalid zlib header within the PNG datastream. This can
cause some applications to display the images incorrectly.
http://www.linuxsecurity.com/content/view/117488
* Mandrake: postgresql temporary file vulnerability fix
14th, December, 2004
The Trustix development team found insecure temporary file creation
problems in a script included in the postgresql package. This could
allow an attacker to trick a user into overwriting arbitrary files he
has access to.
http://www.linuxsecurity.com/content/view/117489
* Mandrake: kde various bug fixes
15th, December, 2004
A number of KDE-related packages are being released to address a
number of bugs in these packages. Updated packages include
kdenetwork (which fixes problems in kget, kopete, and krfb), kdepim
(which fixes problems in kmail, knode, knotes, and kontact), kwallet
(which fixes problems in kwalleditor and kcmlirc), and kdesdk (which
fixes a problem in cervisia).
http://www.linuxsecurity.com/content/view/117516
* Mandrake: kdelibs & kdebase vulnerability fix
15th, December, 2004
Daniel Fabian discovered a potential privacy issue in KDE. When
creating a link to a remote file from various applications, including
Konqueror, the resulting URL may contain the authentication
credentials used to access that remote resource. This includes, but
is not limited to, browsing SMB (Samba) shares. Upon further
investigation, it was found that the SMB protocol handler also
unnecessarily exposed authentication credentials (CAN-2004-1171).
http://www.linuxsecurity.com/content/view/117517
+---------------------------------+
| Distribution: OpenBSD | ----------------------------//
+---------------------------------+
* OpenBSD: kernel heap overflow in IPsec
14th, December, 2004
On systems running isakmpd(8) it is possible for a local user to
cause kernel memory corruption and system panic by setting ipsec(4)
credentials on a socket. Stopping isakmpd(8) does not prevent the
memory corruption.
http://www.linuxsecurity.com/content/view/117493
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* Red Hat: imlib security vulnerabilities fix
10th, December, 2004
Updated imlib packages that fix several integer and buffer overflows
are now available.
http://www.linuxsecurity.com/content/view/117455
* Red Hat: ruby denial of service issue fix
13th, December, 2004
An updated ruby package that fixes a denial of service issue for the
CGI instance is now available.
http://www.linuxsecurity.com/content/view/117479
* Red Hat: ncompress security issue and bug fix
13th, December, 2004
An updated ncompress package that fixes a buffer overflow and problem
in the handling of files larger than 2 GB is now available.
http://www.linuxsecurity.com/content/view/117480
* Red Hat: apache and mod_ssl security vulnerabilities fix
13th, December, 2004
Updated apache and mod_ssl packages that fix various minor security
issues and bugs in the Apache Web server are now available for Red
Hat Enterprise
Linux 2.1.
http://www.linuxsecurity.com/content/view/117481
* Red Hat: kernel security vulnerability fix
13th, December, 2004
Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version 2.1. This is the
sixth regular update.
http://www.linuxsecurity.com/content/view/117482
* Red Hat: Itanium security issues fix
13th, December, 2004
Updated Itanium kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version 2.1. This
is the sixth regular update.
http://www.linuxsecurity.com/content/view/117483
+---------------------------------+
| Distribution: Turbo Linux | ----------------------------//
+---------------------------------+
* TurboLinux: Security & Bugfix
13th, December, 2004
Numerous issues in the Linux ELF binary loader. Issues relating to
IDE DMA transfers which prevent installation on machines with SiS
chipsets using the SiS 962/963 IDE controller. Null pointer
dereferencing in the SG driver.
http://www.linuxsecurity.com/content/view/117471
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
