+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 20th 2006 Volume 7, Number 43a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for ncheecktraceker, clamav,
seamonkey, hylafax, python, squid, wxpythongtk, smbldap-tools,
libksba, kdelibs, mysql, imagemagick, libxfont, php, bind,
mailman, kernel, gnutls, gzip, thunderbird, firefox, openssl,
gdb, mono, ffmpeg, awstats, libmusicbrainz, linux-restricted-
module, Xsession, binutils, and pike. The distributors include
Debian, Gentoo, Mandriva, Red Hat, SuSE, and Ubuntu.
---
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.
http://www.msia.norwich.edu/linsec/
---
Review: SELinux by Example
If you use Linux then you've most probably at least heard of
Security-Enhanced Linux (SELinux). In this feature story R
yan W. Maple gives a review and his opinion of the latest
and greatest book to cover SELinux: SELinux by Example:
Using Security Enhanced Linux. Read on for Ryan's review.
"SELinux by Example" is a hands-on book aimed towards anybody
interested in Security-Enhanced Linux (SELinux). Whether you
want to learn how to write SELinux policy or administer a
machine running SELinux, you will find tremendous value in
this book. Each chapter conveniently wraps up with a
bullet-point summary of the material that was covered and
some exercises which do an excellent job of driving the
points home, giving this book it's "hands-on" feel.
The book is written by Frank Mayer (the co-founder and CTO
of Tresys Technology), David Caplan (a senior security
engineer with Tresys), and Karl Macmillan (a very active
contributor to the SELinux community), three of the most
qualified people to write a book on this complicated
subject. It consists of 14 chapters and four appendices,
grouped into three main parts: SELinux Overview, SELinux
Policy Language, and Creating and Writing SELinux
Security Policies.
This is a very good book and is easily the best I've seen
yet on the subject of SELinux. If you've been tasked with
maintaining an SELinux-enabled machine, would like to
write or enhance existing SELinux policy, or just want
to understand what SELinux is and how it came to be,
then this is the book for you. This book and an
SELinux-enabled Linux distribution, such as the easy
to use EnGarde Secure Linux, are all you need to get
involved in the growing world of Security Enhanced
Linux.
http://www.linuxsecurity.com/content/view/125238/171/
---
EnGarde Secure Linux v3.0.9 Now Available
Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.9 (Version 3.0, Release 9). This release
includes several bug fixes and feature enhancements to the
Guardian Digital WebTool and the SELinux policy, several
updated packages, and a couple of new packages available for
installation.
http://www.linuxsecurity.com/content/view/125147/169/
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New cheesetraceker packages fix buffer overflow
13th, October, 2006
This update to DSA-1166 adds the architectures which were missing
from the previous advisory. Luigi Auriemma discovered a buffer
overflow in the loading component of cheesetracker, a sound module
tracking program, which could allow a maliciously constructed input
file to execute arbitary code.
http://www.linuxsecurity.com/content/view/125228
* Debian: New clamav packages fix arbitrary code execution
19th, October, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125310
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: Seamonkey Multiple vulnerabilities
16th, October, 2006
The Seamonkey project has reported multiple security vulnerabilities
in the application.
http://www.linuxsecurity.com/content/view/125236
* Gentoo: CAPI4Hylafax fax receiver Execution of arbitrary code
17th, October, 2006
CAPI4Hylafax allows remote attackers to execute arbitrary commands.
http://www.linuxsecurity.com/content/view/125290
* Gentoo: Mozilla Network Security Service (NSS) RSA signature
forgery
17th, October, 2006
NSS fails to properly validate PKCS #1 v1.5 signatures.
http://www.linuxsecurity.com/content/view/125291
* Gentoo: Python Buffer Overflow
17th, October, 2006
A buffer overflow in Python's "repr()" function can be exploited to
cause a Denial of Service and potentially allows the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/125292
* Gentoo: Python Buffer Overflow
18th, October, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125307
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated squid package corrects bug on x86_64
13th, October, 2006
This update fixes a problem in the squid package as shipped for
Mandriva Linux 2007 which affects only the x86_64 architecture. On
that platform, squid would not start, giving the following message:
http://www.linuxsecurity.com/content/view/125231
* Mandriva: Updated squid package correct transparent proxy issue
13th, October, 2006
An issue in Squid's transparent proxy mode prevented it from working
correctly, giving back to the client an error page stating "Unable to
forward this request at this time".
http://www.linuxsecurity.com/content/view/125232
* Mandriva: Updated wxPythonGTK package correct path issue on x86_64
16th, October, 2006
A problem with wxPythonGTK would prevent some python programs, such
as pyshell, from starting due to incorrect path locations. The
updated packages correct this issue.
http://www.linuxsecurity.com/content/view/125284
* Mandriva: Updated smbldap-tools package fix smb.conf parsing bug
16th, October, 2006
This update fixes a problem with the smbldap-tools package shipped
with Mandriva Linux 2006 where it would issue warnings if the
smb.conf configuration file had continuation lines using the "\"
character. The updated packages correct this issue.
http://www.linuxsecurity.com/content/view/125286
* Mandriva: Updated libksba packages correct DoS vulnerability
17th, October, 2006
The libksba library, as used by gpgsm in the gnupg2 package, allows
attackers to cause a denial of service (application crash) via a
malformed X.509 certificate in a signature. libksba-0.9.15 in
Mandriva 2007.0 is not affected by this issue. Updated packages have
been patched to correct this issue.
http://www.linuxsecurity.com/content/view/125294
* Mandriva: Updated clamav packages fix vulnerabilities
17th, October, 2006
An integer overflow in previous versions of ClamAV could allow a
remote attacker to cause a Denial of Service (scanning service crash)
and execute arbitrary code via a Portable Executable (PE) file
(CVE-2006-4182).
http://www.linuxsecurity.com/content/view/125295
* Mandriva: Updated php packages to address multiple vulnerabilities
18th, October, 2006
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to
bypass certain Apache HTTP Server httpd.conf options, such as
safe_mode and open_basedir, via the ini_restore function, which
resets the values to their php.ini (Master Value) defaults.
(CVE-2006-4625).
http://www.linuxsecurity.com/content/view/125296
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Critical: kdelibs security update
18th, October, 2006
Updated kdelibs packages that correct an integer overflow flaw are
now available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/125297
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: clamav security problems
18th, October, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125304
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: MySQL vulnerabilities
16th, October, 2006
There are multiple vulnerabilities in MySQL. The following CVEIDs
have been addressed: CVE-2006-4227 CVE-2006-4031
http://www.linuxsecurity.com/content/view/125253
* Ubuntu: OpenSSL vulnerability
16th, October, 2006
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of
Google Security discovered that the OpenSSL library did not
sufficiently check the padding of PKCS #1 v1.5 signatures if the
exponent of the public key is 3 (which is widely used for CAs). This
could be exploited to forge signatures without the need of the secret
key.
http://www.linuxsecurity.com/content/view/125254
* Ubuntu: imagemagick vulnerabilities
16th, October, 2006
Tavis Ormandy discovered several buffer overflows in imagemagick's
Sun Raster and XCF (Gimp) image decoders. By tricking a user or
automated system into processing a specially crafted image, this
could be exploited to execute arbitrary code with the users'
privileges.
http://www.linuxsecurity.com/content/view/125255
* Ubuntu: libxfont vulnerability
16th, October, 2006
An integer overflow has been discovered in X.org's font handling
library. By using a specially crafted font file, this could be
exploited to crash the X server or execute arbitrary code with root
privileges.
http://www.linuxsecurity.com/content/view/125256
* Ubuntu: PHP vulnerabilities
16th, October, 2006
There are multiple vulnerabilities in PHP. The following CVEIDs have
been addressed: CVE-2006-4020 CVE-2006-4481 CVE-2006-4482
CVE-2006-4484
http://www.linuxsecurity.com/content/view/125257
* Ubuntu: bind9 vulnerabilities
16th, October, 2006
bind did not sufficiently verify particular requests and responses
from other name servers and users. By sending a specially crafted
packet, a remote attacker could exploit this to crash the name
server.
http://www.linuxsecurity.com/content/view/125258
* Ubuntu: X.org vulnerabilities
16th, October, 2006
iDefense security researchers found several integer overflows in
X.org's font handling library. By using a specially crafted Type1 CID
font file, a local user could exploit these to crash the X server or
execute arbitrary code with root privileges.
http://www.linuxsecurity.com/content/view/125259
* Ubuntu: mailman vulnerabilities
16th, October, 2006
Steve Alexander discovered that mailman did not properly handle
attachments with special filenames. A remote user could exploit that
to stop mail delivery until the server administrator manually cleaned
these posts.
http://www.linuxsecurity.com/content/view/125260
* Ubuntu: Linux kernel vulnerabilities
16th, October, 2006
There are multiple vulnerabilities in the linux kernel. THe
following CVEIDs have been addressed: CVE-2006-2934 CVE-2006-2935
CVE-2006-2936 CVE-2006-3468 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145
http://www.linuxsecurity.com/content/view/125261
* Ubuntu: GnuTLS vulnerability
16th, October, 2006
The GnuTLS library did not sufficiently check the padding of PKCS #1
v1.5 signatures if the exponent of the public key is 3 (which is
widely used for CAs). This could be exploited to forge signatures
without the need of the secret key.
http://www.linuxsecurity.com/content/view/125262
* Ubuntu: Linux kernel vulnerabilities
16th, October, 2006
Sridhar Samudrala discovered a local Denial of Service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel.
http://www.linuxsecurity.com/content/view/125263
* Ubuntu: gzip vulnerabilities
16th, October, 2006
Tavis Ormandy discovered that gzip did not sufficiently verify the
validity of gzip or compress archives while unpacking. By tricking an
user or automated system into unpacking a specially crafted
compressed file, this could be exploited to execute arbitrary code
with the user's privileges.
http://www.linuxsecurity.com/content/view/125264
* Ubuntu: Thunderbird vulnerabilities
16th, October, 2006
This update upgrades Thunderbird from 1.0.8 to 1.5.0.7. This step was
necessary since the 1.0.x series is not supported by upstream any
more. Various flaws have been reported that allow an attacker to
execute arbitrary code with user privileges by tricking the user into
opening a malicious email containing JavaScript. Please note that
JavaScript is disabled by default for emails, and it is not
recommended to enable it.
http://www.linuxsecurity.com/content/view/125265
* Ubuntu: firefox vulnerabilities
16th, October, 2006
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript.
http://www.linuxsecurity.com/content/view/125266
* Ubuntu: Thunderbird vulnerabilities
16th, October, 2006
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious email containing JavaScript. Please note that JavaScript
is disabled by default for emails, and it is not recommended to
enable it.
http://www.linuxsecurity.com/content/view/125267
* Ubuntu: openssl vulnerabilities
16th, October, 2006
Dr. Henson of the OpenSSL core team and Open Network Security
discovered a mishandled error condition in the ASN.1 parser. By
sending specially crafted packet data, a remote attacker could
exploit this to trigger an infinite loop, which would render the
service unusable and consume all available system memory.
http://www.linuxsecurity.com/content/view/125268
* Ubuntu: gdb vulnerability
16th, October, 2006
Will Drewry, of the Google Security Team, discovered buffer overflows
in GDB's DWARF processing. This would allow an attacker to execute
arbitrary code with user privileges by tricking the user into using
GDB to load an executable that contained malicious debugging
information.
http://www.linuxsecurity.com/content/view/125269
* Ubuntu: openssh vulnerabilities
16th, October, 2006
Tavis Ormandy discovered that the SSH daemon did not properly handle
authentication packets with duplicated blocks. By sending specially
crafted packets, a remote attacker could exploit this to cause the
ssh daemon to drain all available CPU resources until the login grace
time expired.
http://www.linuxsecurity.com/content/view/125270
* Ubuntu: Mono vulnerability
16th, October, 2006
Sebastian Krahmer of the SuSE security team discovered that the
System.CodeDom.Compiler classes used temporary files in an insecure
way. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the program.
Under some circumstances, a local attacker could also exploit this to
inject arbitrary code into running Mono processes.
http://www.linuxsecurity.com/content/view/125271
* Ubuntu: ffmpeg, xine-lib vulnerabilities
16th, October, 2006
XFOCUS Security Team discovered that the AVI decoder used in xine-lib
did not correctly validate certain headers. By tricking a user into
playing an AVI with malicious headers, an attacker could execute
arbitrary code with the target user's privileges. (CVE-2006-4799)
Multiple integer overflows were discovered in ffmpeg and tools that
contain a copy of ffmpeg (like xine-lib and kino), for several types
of video formats. By tricking a user into running a video player that
uses ffmpeg on a stream with malicious content, an attacker could
execute arbitrary code with the target user's privileges.
(CVE-2006-4800)
http://www.linuxsecurity.com/content/view/125272
* Ubuntu: OpenSSL vulnerability
16th, October, 2006
USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J
Cox noticed that the applied patch for CVE-2006-2940 was flawed. This
update corrects that patch. For reference, this is the relevant part
of the original advisory: Certain types of public key could take
disproportionate amounts of time to process. The library now limits
the maximum key exponent size to avoid Denial of Service attacks.
(CVE-2006-2940)
http://www.linuxsecurity.com/content/view/125273
* Ubuntu: Python vulnerability
16th, October, 2006
Benjamin C. Wiley Sittler discovered that Python's repr() function
did not properly handle UTF-32/UCS-4 strings. If an application uses
repr() on arbitrary untrusted data, this could be exploited to
execute arbitrary code with the privileges of the python application.
http://www.linuxsecurity.com/content/view/125274
* Ubuntu: awstats vulnerabilities
16th, October, 2006
awstats did not fully sanitize input, which was passed directly to
the user's browser, allowing for an XSS attack. If a user was
tricked into following a specially crafted awstats URL, the user's
authentication information could be exposed for the domain where
awstats was hosted. (CVE-2006-3681) awstats could display its
installation path under certain conditions. However, this might only
become a concern if awstats is installed into an user's home
directory. (CVE-2006-3682)
http://www.linuxsecurity.com/content/view/125275
* Ubuntu: Mozilla vulnerabilities
16th, October, 2006
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL.
http://www.linuxsecurity.com/content/view/125276
* Ubuntu: PHP vulnerabilities
16th, October, 2006
The stripos() function did not check for invalidly long or empty
haystack strings. In an application that uses this function on
arbitrary untrusted data this could be exploited to crash the PHP
interpreter. (CVE-2006-4485) An integer overflow was discovered in
the PHP memory allocation handling.
http://www.linuxsecurity.com/content/view/125277
* Ubuntu: libmusicbrainz vulnerability
16th, October, 2006
Luigi Auriemma discovered multiple buffer overflows in
libmusicbrainz. When a user made queries to MusicBrainz servers, it
was possible for malicious servers, or man-in-the-middle systems
posing as servers, to send a crafted reply to the client request and
remotely gain access to the user's system with the user's privileges.
http://www.linuxsecurity.com/content/view/125278
* Ubuntu: Fixed linux-restricted-modules-2.6.15
16th, October, 2006
USN-346-1 provided an updated Linux kernel to fix several security
vulnerabilities. Unfortunately the update broke the binary 'nvidia'
driver from linux-restricted-modules. This update corrects this
problem. We apologize for the inconvenience.
http://www.linuxsecurity.com/content/view/125280
* Ubuntu: Xsession vulnerability
16th, October, 2006
A race condition existed that would allow other local users to see
error messages generated during another user's X session. This could
allow potentially sensitive information to be leaked.
http://www.linuxsecurity.com/content/view/125282
* Ubuntu: libksba vulnerability
16th, October, 2006
A parsing failure was discovered in the handling of X.509
certificates that contained extra trailing data. Malformed or malicious
certificates could cause services using libksba to crash, potentially
creating a denial of service.
http://www.linuxsecurity.com/content/view/125285
* Ubuntu: binutils vulnerability
18th, October, 2006
A buffer overflow was discovered in gas (the GNU assembler). By
tricking an user or automated system (like a compile farm) into
assembling a specially crafted source file with gcc or gas, this
could be exploited to execute arbitrary code with the user's
privileges.
http://www.linuxsecurity.com/content/view/125308
* Ubuntu: Pike vulnerability
18th, October, 2006
An SQL injection was discovered in Pike's PostgreSQL module.
Applications using a PostgreSQL database and uncommon character
encodings could be fooled into running arbitrary SQL commands, which
could result in privilege escalation within the application,
application data exposure, or denial of service.
http://www.linuxsecurity.com/content/view/125309
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
