+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| November 24th 2006 Volume 7, Number 48a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for imagemagick, phpmyadmin, gv,
xine-lib, flexbackup, linux-ftpd, proftpd, libpng, TikiWiki, Ruby,
netlink, qmailAdmin, Texinfo, fvwm, libpng, syslinux, pxelinux,
doxygen, chromium, xorg, avahi, links, openldap, apache-mod_auth_kerb,
asterisk, powerdns, and libpng. The distributors include Debian,
Gentoo, Mandriva, SuSE, and Ubuntu.
---
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.
http://www.msia.norwich.edu/linsec/
---
* EnGarde Secure Linux v3.0.10 Now Available
Guardian Digital is pleased to announce the release of
EnGarde Secure Community 3.0.10 (Version 3.0, Release 10). This
release includes our new SELinux Control Console and our new
context-sensitive Guardian Digital help system, along with bug fixes
and upgrades to major applications including Apache, Postfix, and
Snort.
http://www.engardelinux.org/modules/index/releases/3.0.10.cgi
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template
and RF smart card for clustered network, which is designed on Linux
platform and Open source technology to obtain biometrics security.
Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a
Personal Identification Number (PIN) and the card holder is
authenticated using the biometrics template stored in the smart
card that is based on the fingerprint verification. The fingerprint
verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire
parameters of smart security controller like PIN options, Reader
delay, real-time clock, alarm option and cardholder access
conditions.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption.
While this won't prevent a sniffer from functioning, it will ensure
that what a sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New imagemagick packages fix several vulnerabilities
19th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125816
* Debian: New phpmyadmin packages fix regression
19th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125817
* Debian: New gv packages fix arbitrary code execution
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125838
* Debian: New xine-lib packages fix execution of arbitrary code
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125839
* Debian: New flexbackup packages fix denial of service
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125840
* Debian: New linux-ftpd packages fix access control bypass
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125841
* Debian: New proftpd packages fix denial of service
21st, November, 2006
It was discovered that the proftpd FTP daemon performs insufficient
validation of FTP command buffer size limits, which may lead to
denial of service. CVEID CVE-2006-5815 is addressed by this
vulnerability.
http://www.linuxsecurity.com/content/view/125858
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: libpng Denial of Service
17th, November, 2006
A vulnerability in libpng may allow a remote attacker to crash
applications that handle untrusted images.
http://www.linuxsecurity.com/content/view/125808
* Gentoo: WordPress Multiple vulnerabilities
17th, November, 2006
Flaws in WordPress allow a Denial of Service, the disclosure of user
metadata and the overwriting of restricted files.
http://www.linuxsecurity.com/content/view/125809
* Gentoo: TikiWiki Multiple vulnerabilities
20th, November, 2006
TikiWiki allows for the disclosure of MySQL database authentication
credentials and for cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/125834
* Gentoo: Ruby Denial of Service vulnerability
20th, November, 2006
The Ruby cgi.rb CGI library is vulnerable to a Denial of Service
attack.
http://www.linuxsecurity.com/content/view/125835
* Gentoo: Avahi "netlink" message vulnerability
20th, November, 2006
Avahi fails to verify the origin of netlink messages, which could
allow local users to spoof network changes.
http://www.linuxsecurity.com/content/view/125836
* Gentoo: TORQUE Insecure temproary file creation
20th, November, 2006
TORQUE creates temporary files in an insecure manner which could lead
to the execution of arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/125837
* Gentoo: qmailAdmin Buffer overflow
21st, November, 2006
qmailAdmin is vulnerable to a buffer overflow that could lead to the
remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/125854
* Gentoo: TORQUE Insecure temporary file creation
21st, November, 2006
TORQUE creates temporary files in an insecure manner which could lead
to the execution of arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/125855
* Gentoo: Texinfo Buffer overflow
21st, November, 2006
Texinfo is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/125856
* Gentoo: fvwm fvwm-menu-directory fvwm command injection
23rd, November, 2006
A flaw in fvwm-menu-directory may permit a local attacker to execute
arbitrary commands with the privileges of another user.
http://www.linuxsecurity.com/content/view/125886
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated libpng packages fix vulnerabilities
16th, November, 2006
Buffer overflow in the png_decompress_chunk function in pngrutil.c
in libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name".
http://www.linuxsecurity.com/content/view/125794
* Mandriva: Updated syslinux packages to fix embedded libpng
vulnerabilities
16th, November, 2006
SYSLINUX is a boot loader for the Linux operating system which
operates off an MS-DOS/Windows FAT filesystem. It is built with a
private copy of libpng, and as such could be susceptible to some
of the same vulnerabilities.
http://www.linuxsecurity.com/content/view/125795
* Mandriva: Updated pxelinux packages to fix embedded libpng
vulnerabilities
16th, November, 2006
PXELINUX is a PXE bootloader. It is built with a private copy of
libpng, and as such could be susceptible to some of the same
vulnerabilities.
http://www.linuxsecurity.com/content/view/125796
* Mandriva: Updated doxygen packages to fix embedded libpng
vulnerabilities
16th, November, 2006
Doxygen is a documentation system for C, C++ and IDL. It is built
with a private copy of libpng, and as such could be susceptible to
some of the same vulnerabilities.
http://www.linuxsecurity.com/content/view/125803
* Mandriva: Updated chromium packages to fix embedded libpng
vulnerabilities
16th, November, 2006
Chromium is an OpenGL-based shoot them up game with fine graphics. It
is built with a private copy of libpng, and as such could be
susceptible to some of the same vulnerabilities.
http://www.linuxsecurity.com/content/view/125804
* Mandriva: Updated gv packages fix buffer overflow vulnerability
17th, November, 2006
Stack-based buffer overflow in the ps_gettext function in ps.c for
GNU gv 3.6.2, and possibly earlier versions, allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with
certain headers that contain long comments, as demonstrated using the
DocumentMedia header.
http://www.linuxsecurity.com/content/view/125814
* Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow
vulnerabilities
18th, November, 2006
Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an
attacker to execute arbitrary code with privileges of the X server,
typically root (CVE-2006-3739).
http://www.linuxsecurity.com/content/view/125815
* Mandriva: Updated avahi packages fix netlink vulnerability
20th, November, 2006
Steve Grubb discovered that netlink messages were not being checked
for their sender identity. This could lead to local users
manipulating the Avahi service.
http://www.linuxsecurity.com/content/view/125842
* Mandriva: Updated links packages fix smb vulnerability
20th, November, 2006
The links web browser with smbclient installed allows remote
attackers to execute arbitrary code via shell metacharacters in an
smb:// URI, as demonstrated by using PUT and GET statements.
http://www.linuxsecurity.com/content/view/125843
* Mandriva: Updated proftpd packages fix vulnerabilities
20th, November, 2006
As disclosed by an exploit (vd_proftpd.pm) and a related vendor
bugfix, a Denial of Service (DoS) vulnerability exists in the FTP
server ProFTPD, up to and including version 1.3.0. The flaw is due
to both a potential bus error and a definitive buffer overflow in the
code which determines the FTP command buffer size limit. The
vulnerability can be exploited only if the "CommandBufferSize"
directive is explicitly used in the server configuration, which is
not the case in the default configuration of ProFTPD.
http://www.linuxsecurity.com/content/view/125848
* Mandriva: Updated openldap packages fixes Bind vulnerability
21st, November, 2006
An unspecified vulnerability in OpenLDAP allows remote attackers to
cause a denial of service (daemon crash) via a certain combination of
SASL Bind requests that triggers an assertion failure in libldap.
Packages have been patched to correct this issue. Packages for Corp4
were built from the wrong src.rpm, breaking Heimdal Kerboros and
possibly other support. Updated packages are being provided to
correct this issue.
http://www.linuxsecurity.com/content/view/125867
* Mandriva: Updated apache-mod_auth_kerb packages fixes DoS
vulnerability
23rd, November, 2006
An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0
allows remote attackers to cause a denial of service (crash) via a
crafted Kerberos message that triggers a heap-based buffer overflow
in the component array. Packages have been patched to correct this
issue.
http://www.linuxsecurity.com/content/view/125887
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: Mozilla Firefox, Thunderbird,
16th, November, 2006
The following CVEIDs are addresed by this vulnerability:
CVE-2006-5464 CVE-2006-5747 CVE-2006-5748 CVE-2006-5462 CVE-2006-5463
http://www.linuxsecurity.com/content/view/125790
* SuSE: asterisk (SUSE-SA:2006:069)
16th, November, 2006
Two security problem have been found and fixed in the PBX software
Asterisk. CVE-2006-5444: Integer overflow in the get_input function
in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP
phones, allows remote attackers to potentially execute arbitrary code
via a certain dlen value that passes a signed integer comparison and
leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability
in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE
Linux 10.1 allows remote attackers to cause a denial of service
(resource consumption) via unspecified vectors that result in the
creation of "a real pvt structure" that uses more resources than
necessary.
http://www.linuxsecurity.com/content/view/125791
* SuSE: powerdns denial of service
16th, November, 2006
Two security problems that have been found in PowerDNS are fixed by
this update: CVE-2006-4251: The PowerDNS Recursor can be made to
crash by sending malformed questions to it over TCP potentially
executing code. CVE-2006-4252: Zero second CNAME TTLs can make
PowerDNS exhaust allocated stack space and crash.
http://www.linuxsecurity.com/content/view/125792
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: libpng vulnerability
17th, November, 2006
Tavis Ormandy discovered that libpng did not correctly calculate the
size of sPLT structures when reading an image. By tricking a user or
an automated system into processing a specially crafted PNG file, an
attacker could exploit this weakness to crash the application using
the library.
http://www.linuxsecurity.com/content/view/125806
* Ubuntu: OpenLDAP vulnerability
20th, November, 2006
Evgeny Legerov discovered that the OpenLDAP libraries did not
correctly truncate authcid names. This situation would trigger an
assert and abort the program using the libraries. A remote attacker
could send specially crafted bind requests that would lead to an LDAP
server denial of service.
http://www.linuxsecurity.com/content/view/125849
* Ubuntu: Thunderbird vulnerabilities
21st, November, 2006
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462) Various flaws
have been reported that allow an attacker to execute arbitrary code
with user privileges by tricking the user into opening a malicious
email containing JavaScript. Please note that JavaScript is disabled
by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
http://www.linuxsecurity.com/content/view/125860
* Ubuntu: Firefox vulnerabilities
21st, November, 2006
USN-351-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462) Various flaws
have been reported that allow an attacker to execute arbitrary code
with user privileges by tricking the user into opening a malicious
web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464,
CVE-2006-5747, CVE-2006-5748)
http://www.linuxsecurity.com/content/view/125861
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
