+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 13th 2006 Volume 7, Number 42a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for Thunderbird, XFree86, libwmf, openssl, mono, gzip, flash, ncompress, php, cups, glibc, python, and the Linux kernel. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- What is EnGarde Secure Linux? EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet. EnGarde Secure Linux is the creation of Guardian Digital, Inc. a pioneer in open source security since 1999, and has been developed since then in collaboration with the worldwide community of open source security enthusiasts and professionals. Guardian Digital provides a secure and consistent environment for EnGarde Secure Linux through the Guardian Digital WebTool and the Guardian Digital Secure Network. A server-only system, EnGarde Secure Linux is administered securely and remotely using the WebTool, a custom interface that both simplifies server administration and guides the system user in maintaining a secure configurations for all of the services that comprise EnGarde. The Guardian Digital Secure Network maintains the consistency and security of EnGarde by providing system upgrades and security patches that have been constructed by Guardian Digital's engineering team to relieve the user of the burden of maintaining the system in a consistent and secure state. Defense In Depth In EnGarde Secure Linux Security is the primary consideration in designing every element of EnGarde Secure Linux. Guardian Digital applies basic security principles like "least privilege", "no unnecessary services" and "default-deny" rules to every level of EnGarde from access to kernel itself to defense of the network perimeter. Security begins with the selection of the best available open source packages, chosen and tailored for maximum security and following software security best-practices. The next level of protection comes from a complete re-engineering of the standard Linux security model using Security Enhanced Linux (SELinux). SELinux implements the principle of "Mandatory Access Control" which places each program and process under the control of its own SELinux policy, limiting its access to files and resources and effectively containing any intrusions or compromises. EnGarde Secure Linux builds on this secure foundation by placing all administration of EnGarde and its services under the control of the Guardian Digital WebTool. The Guardian Digital WebTool is a secure, remote graphical administration interface that is carefully tailored, not just to simplify administration, but to help maintain secure practices and configurations. For example, EnGarde, through the WebTool, limits user and IP access by default for most services like FTP file transfers and POP/IMAP mail retrieval. For services that must be publicly accessible like Web service and mail transport, the WebTool offers simple setup of SSL-enabled encrypted services. The WebTool also mandates secure practices like encrypted passwords and prevents hazardous configurations like open mail relays. EnGarde Secure Linux extends its secure environment through the use of a carefully integrated selection of the best open source security tools for detecting compromises and intrusions at all levels. EnGarde generates special security-focused system logs to help the administrator identify potential compromises, and adds to this host-based intrusion detection tools. EnGarde monitors the system for potential network compromises and intrusions using the open source Snort intrusion detection system, adding its own NetDiff port status monitoring software. http://www.linuxsecurity.com/content/view/125195/171/ --- EnGarde Secure Linux v3.0.9 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.9 (Version 3.0, Release 9). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation. http://www.linuxsecurity.com/content/view/125147/169/ --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New Mozilla Thunderbird packages fix several vulnerabilities 5th, October, 2006 Updated package. http://www.linuxsecurity.com/content/view/125166 * Debian: New Mozilla packages fix several vulnerabilities 6th, October, 2006 Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571 http://www.linuxsecurity.com/content/view/125177 * Debian: New XFree86 packages fix several vulnerabilities 9th, October, 2006 Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3467 CVE-2006-3739 CVE-2006-3740 CVE-2006-4447 http://www.linuxsecurity.com/content/view/125197 * Debian: New libwmf packages fix arbitrary code execution 9th, October, 2006 Updated package. http://www.linuxsecurity.com/content/view/125199 * Debian: new openssl096 packages fix denial of service 10th, October, 2006 Updated package. http://www.linuxsecurity.com/content/view/125208 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 5 Update: mono-1.1.13.7-2.fc5.1 6th, October, 2006 The Mono runtime implements a JIT engine for the ECMA CLI virtual machine (as well as a byte code interpreter, the class loader, the garbage collector, threading system and metadata access libraries. This advisory covers CVEID: CVE-2006-5072 Mono insecure temporary file usage http://www.linuxsecurity.com/content/view/125187 * Fedora Core 5 Update: gzip-1.3.5-7.fc5 10th, October, 2006 Gzip should be installed on your Red Hat Linux system, because it is a very commonly used data compression program. The following CVDIDs were addressed: CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4338 CVE-2006-4337 http://www.linuxsecurity.com/content/view/125204 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Adobe Flash Player Arbitrary code execution 5th, October, 2006 Multiple input validation errors have been identified that allow arbitrary code execution on a user's system via the handling of malicious Flash files. http://www.linuxsecurity.com/content/view/125165 * Gentoo: ncompress Buffer Underflow 6th, October, 2006 A buffer underflow vulnerability has been reported in ncompress allowing for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/125181 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated php packages fix integer overflow vulnerability 5th, October, 2006 An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. Updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/125174 * Mandriva: Updated cups package corrects bugs 7th, October, 2006 A bug in the shipped version of CUPS would allow for the unexpected deletion of cupsd.conf and cause a crash of CUPS. This issue, as well as many other bugs, have been corrected in CUPS 1.2.4, which is being provided with this update. http://www.linuxsecurity.com/content/view/125188 * Mandriva: Updated glibc package are available for new kernels 10th, October, 2006 Updated glibc packages are being provided to ensure that kernel and user-space tools are in sync. This update also fixes a bug present on x86_64 platforms where strncmp() is mis-optimized. http://www.linuxsecurity.com/content/view/125209 * Mandriva: Updated python packages fix vulnerability 10th, October, 2006 A vulnerability in python's repr() function was discovered by Benjamin C. Wiley Sittler. It was found that the function did not properly handle UTF-32/UCS-4 strings, so an application that used repr() on certin untrusted data could possibly be exploited to execute arbitrary code with the privileges of the user running the python application. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/125210 * Mandriva: Updated kernel packages fix multiple vulnerabilities and bugs 11th, October, 2006 Stephane Eranian discovered an issue with permon2.0 where, under certain circumstances, the perfmonctl() system call may not correctly manage the file descriptor reference count, resulting in the system possibly running out of file structure (CVE-2006-3741). http://www.linuxsecurity.com/content/view/125216 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: php security update 5th, October, 2006 Updated PHP packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125170 * RedHat: Important: kernel security update 5th, October, 2006 Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125173 * RedHat: Important: python security update 9th, October, 2006 Updated Python packages are now available to correct a security issue in Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125200 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: php4,php5 (SUSE-SA:2006:059) 9th, October, 2006 The ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625). Additionally php5 on all products as well as php4 on SLES8 were vulnerable to an integer overflow problem in the memory allocation routine. This bug can be exploited to execute arbitrary code with the uid of the web server (CVE-2006-4812). Thanks to Stefan Esser for reporting the problem. http://www.linuxsecurity.com/content/view/125194 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------