+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 10th 2006 Volume 7, Number 46a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for libpam-ldap, ingol, thttpd, php4, phpmyadmin, firefox, screen, Qt, NVIDIA driver, wireshark, kernel, libx11, rpm, jabber, wv, openssh, texinfo, seamonkey, thunderbird, ruby, bind, and imlib2. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- EnGarde Secure Linux v3.0.9 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.10 (Version 3.0, Release 10). This release includes several bug fixes and feature enhancements to Guardian Digital WebTool and the SELinux policy, several updated packages, and several new features. EnGarde Secure Community is a secure distribution of Linux engineered from the ground-up to provide organizations with the level of security required to create a corporate Web presence or even conduct e-business on the Web. It can be used as a Web, DNS, e-mail, database, e-commerce, and general Internet server where security is a primary concern. * Guardian Digital WebTool help system. All of the existing WebTool modules now have help -- just roll your mouse pointer over any help-enabled field for assistance. Special thanks to Ankit Patel and Eric Lubow for all their hard work writing the help text. * Guardian Digital WebTool SELinux Control Console. This new WebTool module gives you greater control over the SELinux subsystem of EnGarde Secure Linux. With it you may monitor the audit logs, toggle enforcing mode and booleans, download the policy to your local computer, and trigger a relabel of the filesystems. * A new SELinux policy boolean: httpd_script_remote. This boolean was added in response to bug #0000093 and grants PHP and CGI scripts to external websites (such as RSS feeds). * Major upgrades of apache (from 2.0.59 to 2.2.3), postfix (2.2.11 to 2.3.3), and snort (2.4.5 to 2.6.0.2). * The latest stable versions of MySQL (5.0.27), aide (0.12), asterisk (1.2.13), libapache-mod_mono (1.1.18), mod_perl (2.0.2), postgresql (8.1.5), and zaptel (1.2.10). http://www.engardelinux.org/modules/index/releases/3.0.10.cgi --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New libpam-ldap packages fix access control bypass 2nd, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125542 * Debian: New ingo1 packages fix arbitrary shell command execution 2nd, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125549 * Debian: New thttpd packages fix insecure temporary file creation 3rd, November, 2006 Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. http://www.linuxsecurity.com/content/view/125557 * Debian: New php4 packages fix several vulnerabilities 6th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125592 * Debian: New phpmyadmin packages fix several vulnerabilities 9th, November, 2006 The following CVEIDs are addressed: CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116 http://www.linuxsecurity.com/content/view/125670 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 5 Update: firefox-1.5.0.8-1.fc5 9th, November, 2006 Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.8 that corrects these issues. http://www.linuxsecurity.com/content/view/125654 * Fedora Extras 9th, November, 2006 CVE IDs: CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809 M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. Fedora Extras versions earlier then the versions mentioned above are vulnerable to this problem, upgrade to fix this vulnerability. http://www.linuxsecurity.com/content/view/125656 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Screen UTF-8 character handling vulnerability 3rd, November, 2006 Screen contains an error in its UTF-8 character handling code that would allow a remote Denial of Service or possibly the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/125554 * Gentoo: Qt Integer overflow 6th, November, 2006 An integer overflow flaw in the Qt pixmap handling could possibly lead to a Denial of Service or the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/125574 * Gentoo: NVIDIA binary graphics driver Privilege escalation vulnerability 7th, November, 2006 The NVIDIA binary graphics driver is vulnerable to a local privilege escalation through an X session. http://www.linuxsecurity.com/content/view/125617 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated php packages to address buffer overflow issue 3rd, November, 2006 The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) In addition, selected patches backported from php cvs that address other issues that may or may not have security implications have been applied to this release. Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect. http://www.linuxsecurity.com/content/view/125551 * Mandriva: Updated wireshark packages fix multiple vulnerabilities 3rd, November, 2006 Vulnerabilities in the HTTP, LDAP, XOT, WBXML, and MIME Multipart dissectors were discovered in versions of wireshark less than 0.99.4, as well as various other bugs. This updated provides wireshark 0.99.4 which is not vulnerable to these issues. http://www.linuxsecurity.com/content/view/125552 * Mandriva: Updated kernel packages fix multiple vulnerabilities and bugs 3rd, November, 2006 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. http://www.linuxsecurity.com/content/view/125564 * Mandriva: Updated imlib2 packages fix several vulnerabilities 6th, November, 2006 M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. http://www.linuxsecurity.com/content/view/125606 * Mandriva: Updated libx11 packages fix file descriptor leak vulnerability 6th, November, 2006 The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. http://www.linuxsecurity.com/content/view/125607 * Mandriva: Updated rpm packages fix vulnerability 7th, November, 2006 A heap-based buffer overflow was discovered in librpm when the LANG or LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly other locales), which could allow for ser-assisted attackers to execute arbitrary code via crafted RPM packages. http://www.linuxsecurity.com/content/view/125622 * Mandriva: Updated jabber package fix SSL support issue 7th, November, 2006 The OpenSSL library was not properly initialized in the jabber SSL support code, which prevented SSL support for incoming client connections on the jabber server. This update corrects this issue. http://www.linuxsecurity.com/content/view/125623 * Mandriva: Updated pam_ldap packages fix PasswordPolicyReponse coding error 7th, November, 2006 Pam_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. This might lead to an attacker being able to login into a suspended system account. http://www.linuxsecurity.com/content/view/125624 * Mandriva: Updated imlib2 packages fix several vulnerabilities 7th, November, 2006 M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. http://www.linuxsecurity.com/content/view/125625 * Mandriva: Updated wv packages fix vulnerabilities 7th, November, 2006 Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. http://www.linuxsecurity.com/content/view/125626 * Mandriva: Updated openssh packages fix vulnerability 8th, November, 2006 A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the abence of additional vulnerabilities. http://www.linuxsecurity.com/content/view/125650 * Mandriva: Updated texinfo packages fix vulnerability 8th, November, 2006 Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/125645 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: php security update 6th, November, 2006 Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125605 * RedHat: Critical: firefox security update 8th, November, 2006 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125627 * RedHat: Critical: seamonkey security update 8th, November, 2006 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125628 * RedHat: Critical: thunderbird security update 8th, November, 2006 Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125629 * RedHat: Moderate: texinfo security update 8th, November, 2006 New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125630 * RedHat: Moderate: ruby security update 8th, November, 2006 Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125646 * RedHat: Moderate: wireshark security update 9th, November, 2006 New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125672 +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ * Slackware: screen 4th, November, 2006 New screen packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database. http://www.linuxsecurity.com/content/view/125568 * Slackware: php 4th, November, 2006 New php packages are available for Slackware 10.2 and 11.0 to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database. http://www.linuxsecurity.com/content/view/125569 * Slackware: bind 7th, November, 2006 New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named. http://www.linuxsecurity.com/content/view/125608 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: PHP vulnerability 2nd, November, 2006 Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application. This update also fixes bugs in the chdir() and tempnam() functions, which did not perform proper open_basedir checks. This could allow local scripts to bypass intended restrictions. http://www.linuxsecurity.com/content/view/125548 * Ubuntu: imlib2 vulnerabilities 3rd, November, 2006 M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/125565 * Ubuntu: NVIDIA vulnerability 3rd, November, 2006 Derek Abdine discovered that the NVIDIA Xorg driver did not correctly verify the size of buffers used to render text glyphs. When displaying very long strings of text, the Xorg server would crash. If a user were tricked into viewing a specially crafted series of glyphs, this flaw could be exploited to run arbitrary code with root privileges. http://www.linuxsecurity.com/content/view/125566 * Ubuntu: RPM vulnerability 3rd, November, 2006 An error was found in the RPM library's handling of query reports. In some locales, certain RPM packages would cause the library to crash. If a user was tricked into querying a specially crafted RPM package, the flaw could be exploited to execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/125567 * Ubuntu: imlib2 regression fix 6th, November, 2006 USN-376-1 provided an update to imlib2 to fix several security vulnerabilities. Unfortunately the update broke JPG file handling in certain situations. This update corrects this problem. We apologize for the inconvenience. http://www.linuxsecurity.com/content/view/125604 * Ubuntu: texinfo vulnerability 9th, November, 2006 Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges. http://www.linuxsecurity.com/content/view/125671 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------