+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 7th, 2006 Volume 7, Number 15n | | | | Editorial Team: Dave Wreski dave@xxxxxxxxxxxxxxxxx | | Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week advisories were released for apache, storebackup, kaffeine, clamav, dia, sash, mailman, rpm, scim-hangul, scim, mrtg, wpa_supplicant, samba, policycoreutils, selinux-policy, mc, k3b, open office, pcmciautils, gnome-applets, binutils, sendmail, newt, dovecot, dia, sane-backends, iptraf, tix, xscreensaver, liboil, alsa-utils, system-config-printer, horde, freeradius, mysql, and openmotif. The distributors include Debian, Fedora, Gentoo, Mandriva, and Red Hat. --- EnGarde Secure Linux: Why not give it a try? EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration. http://www.engardelinux.org/modules/index/register.cgi --- Review: The TCP/IP Guide By: Eric Lubow To be a comprehensive source of information is something that any and every author attempts to be in their works. While writing The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference, Charles Kozierok nothing short of comprehensive. In this 1616 page, 88 chapter reference of the TCP/IP protocol set, all the important topics are covered. Normally, when I review books, I give a little bit of information on each chapter. In this case, that would be a little drastic and cause an extremely long review. Whatever little I write as a summary here just will not do this guide the justice it deserves for the effort of the author. Although the book covers such a wide variety of topics, each one is covered very thoroughly. Beginning with basic networking concepts and moving into the OSI (Open Systems Interconnection) model, the bases are fully covered. He even goes so far in depth as to discuss the standards organizations that contribute to, support, and govern networking and the Internet. Once the OSI model is covered, he goes on to talk about how TCP, UDP, and IP protocols integrate themselves into the OSI model. The first topic that is covered within the TCP/IP protocol suite are the interface protocols: SLIP and PPP. Every major PPP and SLIP sub item is covered within the chapters. These include: LCP, PAP, CHAP, ECP, PPP MP, just to name a few. The next set of chapters is covering ARP, RARP, IPv4, IPv6, IP NAT and IP Sec. This basically covers how to move from level 2 to level 3 in the OSI model. Following the OSI model up, he then covers ICMPv4 and ICMPv6 prior to proceeding into routing. The routing protocols covered are: RIP, RIP-2, RIPng OSPF, BGP3, BGP4, GGP, EGP, EGRP, EIGRP, and HELLO. After thoroughly covering how data moves from place to place on the lower levels of the OSI model, he begins by covering TCP and UDP by session establishment and handshaking. Since the book is about TCP protocols, there is a lot of discussion and diagrams of message headers and the theory behind TCP and UDP being designed the way they are. Since all these protocols are merely transport mechanisms for higher level applications, a great deal of time in this book is dedicated to how those higher level applications function. Some of these applications and systems are: DNS, NFS, BOOTP, DHCP, SNMP, RMON, URI and URL structure, FTP, TFP, Email systems including SMTP and MIME structures, HTTP (transfers, encoding, messages, entities, etc), NNTP, and Gopher (again to name just a few). All of these applications that now have counterparts that support IPv6 are also examined and broken down. Each one of the topics listed above have associated diagrams and message layouts to allow as deep a comprehension as is desired by the reader. He finishes up the book talking about remote application protocols and troubleshooting tools. This is especially handy information to have at your fingertips if you are constantly troubleshooting network or application level issues. He even goes so far as to break down common UNIX and Windows commands into their command lines and what the output is actually saying about the state of the packet, interface, application, or network. Read More: http://www.linuxsecurity.com/content/view/122263/49/ ---------------------- EnGarde Secure Community 3.0.4 Released Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation. http://www.linuxsecurity.com/content/view/121560/65/ --- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New Apache2::Request packages fix denial of service 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122186 * Debian: New storebackup packages fix several vulnerabilities 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122206 * Debian: New Linux kernel 2.4.27 packages fix several vulnerabilities 5th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122222 * Debian: New kaffeine packages fix arbitrary code execution 5th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122223 * Debian: New clamav packages fix several vulnerabilities 5th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122237 * Debian: New dia packages fix arbitrary code execution 6th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122244 * Debian: New sash packages fix potential arbitrary code execution 6th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122245 * Debian: New mailman packages fix denial of service 6th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122246 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 4 Update: kernel-2.6.16-1.2069_FC4 30th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122170 * Fedora Core 4 Update: rpm-4.4.1-23 30th, March, 2006 This update fixes an issue with a double free experienced in verification with matchpathcon. http://www.linuxsecurity.com/content/view/122171 * Fedora Core 5 Update: scim-hangul-0.2.2-1.fc5 30th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122172 * Fedora Core 5 Update: scim-anthy-1.0.0-1.fc5 30th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122173 * Fedora Core 5 Update: mrtg-2.13.2-0.fc5.1 30th, March, 2006 Fixes the RouterUptime option. http://www.linuxsecurity.com/content/view/122174 * Fedora Core 5 Update: wpa_supplicant-0.4.8-6.fc5 30th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122175 * Fedora Core 5 Update: samba-3.0.22-1.fc5 30th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122176 * Fedora Core 5 Update: policycoreutils-1.30.1-3.fc5 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122189 * Fedora Core 5 Update: selinux-policy-2.2.25-3.fc5 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122190 * Fedora Core 5 Update: mc-4.6.1a-12.FC5 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122191 * Fedora Core 5 Update: k3b-0.12.14-0.FC5.2 3rd, April, 2006 update to version 0.12.14 http://www.linuxsecurity.com/content/view/122192 * Fedora Core 4 Update: k3b-0.12.14-0.FC4.1 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122193 * Fedora Core 5 Update: openoffice.org-2.0.2-5.7.2 3rd, April, 2006 Fixes for a11y and font handling. http://www.linuxsecurity.com/content/view/122194 * Fedora Core 5 Update: pcmciautils-012-0.FC5.2 3rd, April, 2006 User with pcmcia, namely Laptop users, who experience a hangup at "Starting udev" should update to this package. http://www.linuxsecurity.com/content/view/122195 * Fedora Core 5 Update: gnome-applets-2.14.0-1.fc5 3rd, April, 2006 This update allows the gswitchit applet's plugins to work. http://www.linuxsecurity.com/content/view/122196 * Fedora Core 5 Update: perl-HTML-Parser-3.51-1.FC5 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122197 * Fedora Core 5 Update: perl-DBD-Pg-1.47-0.1.FC5 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122198 * Fedora Core 5 Update: perl-Net-DNS-0.57-1 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122199 * Fedora Core 5 Update: binutils-2.16.91.0.6-5 3rd, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122200 * Fedora Core 5 Update: wpa_supplicant-0.4.8-7.fc5 3rd, April, 2006 This update works around older and 3rd-party drivers that report wireless network names incorrectly, causing wpa_supplicant to prematurely terminate a wireless connection. http://www.linuxsecurity.com/content/view/122201 * Fedora Core 5 Update: gthumb-2.7.5.1-1.fc5.1 4th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122221 * Fedora Core 4 Update: sendmail-8.13.6-0.FC4.1 5th, April, 2006 A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. http://www.linuxsecurity.com/content/view/122232 * Fedora Core 5 Update: sendmail-8.13.6-0.FC5.1 5th, April, 2006 A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. http://www.linuxsecurity.com/content/view/122233 * Fedora Core 5 Update: newt-0.52.2-6 5th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122234 * Fedora Core 4 Update: dovecot-0.99.14-8.fc4 5th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122235 * Fedora Core 4 Update: dia-0.94-13.fc4 5th, April, 2006 Fixes CVE-2006-1550 Dia multiple buffer overflows http://www.linuxsecurity.com/content/view/122236 * Fedora Core 5 Update: sane-backends-1.0.17-5.fc5.8 5th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122238 * Fedora Core 5 Update: iptraf-3.0.0-1.3.FC5 5th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122239 * Fedora Core 5 Update: tix-8.4.0-6 5th, April, 2006 The tix package was assembled incorrectly which ended up breaking wish and tkinter/ipython. The libraries are now in the right place. http://www.linuxsecurity.com/content/view/122240 * Fedora Core 5 Update: xscreensaver-4.24-2 6th, April, 2006 Don't leak zombie processes with the GL SlideShow ScreenSaver http://www.linuxsecurity.com/content/view/122254 * Fedora Core 5 Update: GConf2-2.14.0-1 6th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122255 * Fedora Core 5 Update: liboil-0.3.8-1.fc5 6th, April, 2006 This update rebases liboil to 0.3.8 to help resolve issues required by packages in Fedora Extras. http://www.linuxsecurity.com/content/view/122256 * Fedora Core 5 Update: gnome-screensaver-2.14.0-1.fc5 6th, April, 2006 This update corrects a problem where kerberos credentials weren't being properly refreshed when a user successfully authenticates in the unlock dialog. http://www.linuxsecurity.com/content/view/122257 * Fedora Core 5 Update: alsa-utils-1.0.11-4.rc2 6th, April, 2006 Updated package. http://www.linuxsecurity.com/content/view/122258 * Fedora Core 5 Update: system-config-printer-0.6.151.2-1 6th, April, 2006 With no configured printers, it was not possible to disable automatic browsing for shared printers. http://www.linuxsecurity.com/content/view/122259 * Fedora Core 5 Update: gnome-screensaver-2.14.0-1.fc5.1 6th, April, 2006 This update fixes problems detecting idle activity. http://www.linuxsecurity.com/content/view/122260 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: MediaWiki Cross-site scripting vulnerability 4th, April, 2006 MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution. http://www.linuxsecurity.com/content/view/122217 * Gentoo: Horde Application Framework Remote code execution 4th, April, 2006 The help viewer of the Horde Framework allows attackers to execute arbitrary remote code. http://www.linuxsecurity.com/content/view/122219 * Gentoo: FreeRADIUS Authentication bypass in EAP-MSCHAPv2 4th, April, 2006 The EAP-MSCHAPv2 module of FreeRADIUS is affected by a validation issue which causes some authentication checks to be bypassed. http://www.linuxsecurity.com/content/view/122220 * Gentoo: Kaffeine Buffer overflow 5th, April, 2006 Kaffeine is vulnerable to a buffer overflow that could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122241 * Gentoo: Doomsday Format string vulnerability 5th, April, 2006 Format string vulnerabilities in Doomsday may lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122243 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated dia packages fix buffer overflow vulnerabilities 3rd, April, 2006 Three buffer overflows were discovered by infamous41md in dia's xfig import code. This could allow for user-complicit attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid color index, number of points, or depth. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/122207 * Mandriva: Updated php packages fix information disclosure vulnerability 3rd, April, 2006 A vulnerability was discovered where the html_entity_decode() function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magic_quotes_gpc on which seems to protect against this vulnerability "out of the box" but users are encourages to upgrade regardless. http://www.linuxsecurity.com/content/view/122208 * Mandriva: Updated MySQL packages fix logging bypass vulnerability 3rd, April, 2006 MySQL allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/122209 * Mandriva: Updated kaffeine packages fix remote buffer overflow vulnerability 5th, April, 2006 Marcus Meissner discovered Kaffeine contains an unchecked buffer while creating HTTP request headers for fetching remote RAM playlists, which allows overflowing a heap allocated buffer. As a result, remotely supplied RAM playlists can be used to execute arbitrary code on the client machine. http://www.linuxsecurity.com/content/view/122231 * Mandriva: Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty 5th, April, 2006 Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/122242 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: freeradius security update 4th, April, 2006 Updated freeradius packages that fix an authentication weakness are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/122210 * RedHat: Moderate: openmotif security update 4th, April, 2006 Updated openmotif packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/122211 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------