+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 16th, 2006 Volume 7, Number 25n | | | | Editorial Team: Dave Wreski dave@xxxxxxxxxxxxxxxxx | | Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for freetype, webcalendar, kernel, horde3, horde2, wv2, subversion, ruby, squid, dovecot, gdm, autofs, shadow-utils, rsync, mysql, python, scim, freetype2, squirrelmail, libtiff, spamassassin, sendmail, mailman, kdebase, postgresql, and php. The distributors include Debian, Fedora, Mandriva, Red Hat, and SuSE. --- Security on your mind? Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data. The security experts at Guardian Digital fortify every download of EnGarde Secure Linux with eight essential types of open source packages. Then we configure those packages to provide maximum security for tasks such as serving dynamic websites, high availability mail, transport, network intrusion detection, and more. The result for you is high security, easy administration, and automatic updates. The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network. http://www.engardelinux.org/modules/index/register.cgi --- How To Break Web Software By: Eric Lubow With a tool so widely used by so many different types of people like the World Wide Web, it is necessary for everyone to understand as many aspects as possible about its functionality. >From web designers to web developers to web users, this is a must read. Security is a job for everyone and How To Break Web Software by Mike Andrews and James A. Whittaker is written for everyone to understand. Although this book may be geared more towards the developer, it is really a book for everyone. As I mentioned before, security is everyone's responsibility. The ideas, concepts, and procedures outlined in this book are things that even just the average user should be able to pick up on and alert the webmaster of in order to prevent potential disaster. It is necessary to keep in mind that this book, although seemingly full of information on how to attack web sites and bring down servers is for informational and educational purposes. It is to inform the developers of common programming and design mistakes. It is also to ensure that common users with no malicious intent can spot problems in design and nip them in the bud before the problems become catastrophic. The book begins by very basically showing the reader in no uncertain terms the basic concepts that are going to be outlined through the book. The first idea to geteveryone on the same page with client-server relationships and general information about the world wide web. One of the most important aspects of an attack is knowing your victim. The first informational chapter in this book discusses gathering information on a potential target. Just as with all forthcoming chapters, this one begins with the obvious information and progresses into the more obscure, less thought about topics. Once the information has been gathered, either via source code, URLs, or any other method that potentially puts information out in the open, the attacks can begin. There are many way in which these attacks can happen. The authors begin by discussing attacks on the user (client) input and how validation needs to occur or the input needs to be sanitized. They then move on to talk about state based attacks, either through CGI parameters or hidden fields within forms. These ideas were also extended to discuss cookie poisoning, URL jumping, and session hijacking (can also include man in the middle attacks). Without all this information consistently being checked and verified, it is possible to for those with malintent to inject information into a session. http://www.linuxsecurity.com/content/view/122713/49/ ---------------------- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New freetype packages fix several vulnerabilities 10th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123074 * Debian: New webcalendar packages fix arbitrary code execution 13th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123114 * Debian: New Kernel 2.4.27 packages fix several vulnerabilities 14th, June, 2006 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. http://www.linuxsecurity.com/content/view/123139 * Debian: New horde3 packages fix cross-site scripting 14th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123152 * Debian: New horde2 packages fix cross-site scripting 14th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123153 * Debian: New wv2 packages fix integer overflow 15th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123160 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 5 Update: subversion-1.3.2-2.1 9th, June, 2006 This update includes the latest upstream release of Subversion, which fixes a number of minor bugs. http://www.linuxsecurity.com/content/view/123068 * Fedora Core 4 Update: ruby-1.8.4-2.fc4 9th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123069 * Fedora Core 5 Update: squid-2.5.STABLE14-2.FC5 9th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123070 * Fedora Core 5 Update: ruby-1.8.4-5.fc5 9th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123071 * Fedora Core 5 Update: dovecot-1.0-0.beta8.2.fc5 9th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123072 * Fedora Core 5 Update: gdm-2.14.8-1 9th, June, 2006 This update also upgrades GDM to version 2.14.8. http://www.linuxsecurity.com/content/view/123073 * Fedora Core 5 Update: autofs-4.1.4-25 11th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123075 * Fedora Core 4 Update: autofs-4.1.4-24 11th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123076 * Fedora Core 4 Update: kernel-2.6.16-1.2115_FC4 11th, June, 2006 An update to the upstream 2.6.16.20 release, fixing up a few more security related problems. http://www.linuxsecurity.com/content/view/123077 * Fedora Core 5 Update: kernel-2.6.16-1.2133_FC5 11th, June, 2006 An update to the upstream 2.6.16.20 release, fixing up a few more security related problems. http://www.linuxsecurity.com/content/view/123078 * Fedora Core 5 Update: shadow-utils-4.0.14-9.FC5 12th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123107 * Fedora Core 5 Update: rsync-2.6.8-1.FC5.1 12th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123112 * Fedora Core 4 Update: rsync-2.6.8-1.FC4.1 12th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123113 * Fedora Core 5 Update: mysql-5.0.22-1.FC5.1 13th, June, 2006 Repairs vulnerability in multibyte string escaping. http://www.linuxsecurity.com/content/view/123123 * Fedora Core 4 Update: mysql-4.1.20-1.FC4.1 13th, June, 2006 Repairs multibyte string escaping vulnerability. http://www.linuxsecurity.com/content/view/123124 * Fedora Core 5 Update: python-2.4.3-4.FC5 13th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123125 * Fedora Core 5 Update: scim-1.4.4-9.4.fc5 13th, June, 2006 This update fixes broken libtool linking of libs to be against libstdc++so7. http://www.linuxsecurity.com/content/view/123126 * Fedora Core 5 Update: python-docs-2.4.3-0.9.FC5 14th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123158 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated freetype2 packages fixes multiple vulnerabilities. 12th, June, 2006 Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. http://www.linuxsecurity.com/content/view/123110 * Mandriva: Updated freetype2 packages fixes multiple vulnerabilities. 14th, June, 2006 The previous update introduced some issues with other applications and libraries linked to libfreetype, that were missed in testing for the vulnerabilty issues. The new packages correct these issues. http://www.linuxsecurity.com/content/view/123127 * Mandriva: Updated gdm packages fix vulnerability 14th, June, 2006 A vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list. The user could do so by choosing the setup option from the menu, clicking the user list, then entering his own password instead of root's. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/123128 * Mandriva: Updated squirrelmail packages fix vulnerabilities 14th, June, 2006 A PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and agic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. http://www.linuxsecurity.com/content/view/123155 * Mandriva: Updated libtiff packages fixes tiff2pdf vulnerability 14th, June, 2006 A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in a sprintf call. http://www.linuxsecurity.com/content/view/123156 * Mandriva: Updated spamassassin packages fix vulnerability 14th, June, 2006 A flaw was discovered in the way that spamd processes the virtual POP usernames passed to it. If running with the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running spamd. http://www.linuxsecurity.com/content/view/123157 * Mandriva: Updated sendmail packages fix remotely exploitable vulnerability 15th, June, 2006 A vulnerability in the way Sendmail handles multi-part MIME messages was discovered that could allow a remote attacker to create a carefully crafted message that could crash the sendmail process during delivery. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/123159 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: mailman security update 9th, June, 2006 An updated mailman package that fixes a denial of service flaw is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/123064 * RedHat: Important: mysql security update 9th, June, 2006 Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/123065 * RedHat: Important: sendmail security update 14th, June, 2006 Updated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/123150 * RedHat: Important: kdebase security update 14th, June, 2006 Updated kdebase packages that correct a security flaw in kdm are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/123151 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: PostgreSQL SQL injection attacks 9th, June, 2006 Two character set encoding related security problems were fixed in the PostgreSQL database server: CVE-2006-2313 and CVE-2006-2314. http://www.linuxsecurity.com/content/view/123061 * SuSE: php4,php5 problems (SUSE-SA:2006:031) 14th, June, 2006 This update fixes the following security issues in the PHP scripting language, both version 4 and 5: Invalid characters in session names were not blocked, CVE-2006-2657. http://www.linuxsecurity.com/content/view/123136 * SuSE: sendmail remote denial of service 14th, June, 2006 Updated package. http://www.linuxsecurity.com/content/view/123149 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
