+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | March 3rd 2006 Volume 7, Number 10a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for gpdf, pdftohtml, tutos, bmv, xpdf, module-init-tools, udev, gnupg, gawk, dhcp, system-config-netboot, xterm, GraphicsMagick, noweb, metamail, mplayer, squirrelmail, unzip, gettext, tar, heimdal, and liby2util. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE. ---- EnGarde Secure Linux: Why not give it a try? EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration. http://www.engardelinux.org/modules/index/register.cgi ---- ARC: A Synchronous Stream Cipher from Hash Functions By: Angelo P. E. Rosiello and Roberto Carrozzo Abstract We consider a simple and secure way to realize a synchronous stream cipher from iterated hash functions. It is similar to the OFB mode where the underlying block cipher algorithm is replaced with the keyed hash function, adopting the secret suffixx method[20]. We analyzed the key, the keystream and the necessary properties to assume from the underlying hash function for the stream cipher to be considered secure. Motivated by our analysis we conjecture that the most effcient way to break the proposed stream cipher is to break the hash function or through exhaustive search for the keyspace K of k bits, that requires O(2k) operations. Keywords : stream cipher, key, keystream, one-time pad cryptosystem, hash function, keyed hash function. 1.1 Algorithm Requirements The algorithm should have a flat keyspace allowing any random bit string to be a possible key. The algorithm should make easier the key-management for software implementations. The typed password should not become directly the key, else the actual keyspace is limited to keys constructed with the 95 characters of printable ASCII1. The algorithm should be easily modifiable satisfying minimum or maximum requirements. Moreover, according to basic engineering software theories, the algorithm does not have to bind developers with static u se of pre-defined logical block functions, but it is important to let wide alternatives during the implementation of the software[13, 17]. The algorithm should be simple to code, otherwise programmers could make implementation mistakes if the structure is too complicated[13]. 1.2 Areas of Application Nowadays encrypting information has become a 'must', which means that a good crypto algorithm must give to the community the possibility to manage safe data. Practical applications pertain to: * Bulk Encryption: data files or a continuous data stream (e.g. important information saved on hardisks such as databases or any kind of secret document); * Data Transmission: a lot of communication mediums need a secure way to crypt exchanged information (e.g. Internet packets, wireless connections, radio signals, etc.); * Small Encryption: banks and commercial companies need secure encryption methodologies to interact with customers by small encryption technologies. Definitely, a good algorithm should be suitable for lots of disparate situations. Read Full Paper http://www.linuxsecurity.com/images/stories/arc-hash.pdf ---------------------- EnGarde Secure Community 3.0.4 Released Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation. http://www.linuxsecurity.com/content/view/121560/65/ --- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New gpdf packages fix several vulnerabilities 27th, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121760 * Debian: New pdftohtml packages fix several vulnerabilities 28th, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121765 * Debian: New tutos package fixes several vulnerabilities 2nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121790 * Debian: new bmv packages fix arbitrary code execution 2nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121791 * Debian: New xpdf packages fix several problems 2nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121792 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 4 Update: module-init-tools-3.2-0.pre9.0.FC4.4 23rd, February, 2006 This module-init-tools adds a stub /etc/modprobe.conf.dist which is included by older /etc/modprobe.conf config files. This avoids the printing of a warning Matrox framebuffer modules are also not autoloaded with this version. http://www.linuxsecurity.com/content/view/121727 * Fedora Core 4 Update: udev-071-0.FC4.3 23rd, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121728 * Fedora Core 4 Update: gnupg-1.4.2.1-3 24th, February, 2006 The previous update, to version 1.4.2.1, could produce errors when gpg attempted to read certain keyrings produced by earlier versions of GnuPG. This update includes a fix for that bug. http://www.linuxsecurity.com/content/view/121740 * Fedora Core 4 Update: gawk-3.1.4-5.4 24th, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121741 * Fedora Core 4 Update: util-linux-2.12p-9.14 27th, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121759 * Fedora Core 4 Update: dhcp-3.0.2-34.FC4 1st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121787 * Fedora Core 4 Update: system-config-netboot-0.1.38-2_FC4 1st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121788 * Fedora Core 4 Update: xterm-208-2.FC4 1st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121789 * Gentoo: GraphicsMagick Format string vulnerability 26th, February, 2006 A vulnerability in GraphicsMagick allows attackers to crash the application and potentially execute arbitrary code. http://www.linuxsecurity.com/content/view/121750 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: noweb Insecure temporary file creation 26th, February, 2006 noweb is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/121751 * Mandriva: Updated metamail packages fix vulnerability 23rd, February, 2006 Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail. http://www.linuxsecurity.com/content/view/121722 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated mplayer packages fix integer overflow vulnerabilities 24th, February, 2006 Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. The updated packages have been patched to prevent this problem. http://www.linuxsecurity.com/content/view/121749 * Mandriva: Updated squirrelmail packages fix vulnerabilities 27th, February, 2006 Webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. (CVE-2006-0188) http://www.linuxsecurity.com/content/view/121763 * Mandriva: Updated unzip packages fix vulnerabilities 28th, February, 2006 A buffer overflow was foiund in how unzip handles file name arguments. If a user could tricked into processing a specially crafted, excessively long file name with unzip, an attacker could execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/121764 * Mandriva: Updated gettext packages fix temporary file vulnerabilities 28th, February, 2006 The Trustix developers discovered temporary file vulnerabilities in the autopoint and gettextize scripts, part of GNU gettext. These scripts insecurely created temporary files which could allow a malicious user to overwrite another user's files via a symlink attack. The updated packages have been patched to address this issue.<P> http://www.linuxsecurity.com/content/view/121776 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: tar security update 1st, March, 2006 An updated tar package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having Moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/121781 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: Subject: [suse-security-announce] SuSE Security Announcement: heimdal (SUSE-SA:2006:010) 24th, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121738 * SuSE: Subject: [suse-security-announce] SuSE Security Announcement: heimdal (SUSE-SA:2006:011) 24th, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121739 * SuSE: kernel various security problems 27th, February, 2006 Updated package. http://www.linuxsecurity.com/content/view/121756 * SuSE: gpg,liby2util signature checking 1st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121777 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------