+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 1st 2006 Volume 7, Number 49a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for pstotext, texinfo, libsgf, proftpd, fvwm, ImageMagick, Kile, Ingo, Mono, LHa, OpenLDAP, apach- mode_auth_kerb, dbus, audacity, tar, rpmdrake, drakxtools, jbossas, phpMyAdmin, Dovecot, KOffice, GnuPG. The distributors include Debian, Gentoo, Mandriva, SuSE, and Ubuntu. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- * EnGarde Secure Linux v3.0.10 Now Available Guardian Digital is pleased to announce the release of EnGarde Secure Community 3.0.10 (Version 3.0, Release 10). This release includes our new SELinux Control Console and our new context-sensitive Guardian Digital help system, along with bug fixes and upgrades to major applications including Apache, Postfix, and Snort. http://www.engardelinux.org/modules/index/releases/3.0.10.cgi --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New pstotext packages fix arbitrary shell command execution 26th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125898 * Debian: New texinfo packages fix multiple vulnerabilities 27th, November, 2006 Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output. CVE-2005-3011: Handling of temporary files is performed in an insecure manner, allowing an attacker to overwrite any file writable by the victim. http://www.linuxsecurity.com/content/view/125934 * Debian: New libgsf packages fix arbitrary code execution 30th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125987 * Debian: New proftpd packages fix several vulnerabilities 30th, November, 2006 Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-5815 It was discovered that a buffer overflow in the sreplace() function may lead to denial of service and possibly the execution of arbitrary code. http://www.linuxsecurity.com/content/view/125994 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: fvwm fvwm-menu-directory fvwm command injection 23rd, November, 2006 A flaw in fvwm-menu-directory may permit a local attacker to execute arbitrary commands with the privileges of another user. http://www.linuxsecurity.com/content/view/125886 * Gentoo: ImageMagick PALM and DCM buffer overflows 24th, November, 2006 ImageMagick improperly handles PALM and DCM images, potentially resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/125895 * Gentoo: GNU gv Stack overflow 24th, November, 2006 GNU gv improperly handles user-supplied data possibly allowing for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/125896 * Gentoo: Kile Incorrect backup file permission 27th, November, 2006 Kile uses default permissions for backup files, potentially leading to information disclosure. http://www.linuxsecurity.com/content/view/125902 * Gentoo: Ingo H3 Folder name shell command injection 27th, November, 2006 Ingo H3 is vulnerable to arbitrary shell command execution when handling procmail rules. http://www.linuxsecurity.com/content/view/125903 * Gentoo: Mono Insecure temporary file creation 28th, November, 2006 Mono is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/125956 * Gentoo: LHa Multiple vulnerabilities 28th, November, 2006 LHa is affected by several vulnerabilities including the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/125957 * Gentoo: OpenLDAP Denial of Service vulnerability 28th, November, 2006 A flaw in OpenLDAP allows remote unauthenticated attackers to cause a Denial of Service. http://www.linuxsecurity.com/content/view/125958 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated apache-mod_auth_kerb packages fixes DoS vulnerability 23rd, November, 2006 An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. Packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/125887 * Mandriva: Updated dbus packages fix D-Bus specification compliance 25th, November, 2006 On Mandriva Linux 2007.0, the path for D-Bus system bus socket was not following D-Bus specification. This could cause some implementation of the D-Bus specification to not detect the system bus correctly. This updated package ensures the location of the system bus is exported through BUS_SYSTEM_BUS_ADDRESS, in compliance with D-Bus specification. http://www.linuxsecurity.com/content/view/125897 * Mandriva: Updated audacity packages fixes menu issues with French locale 28th, November, 2006 For the French locale, menu items which contained accented characters do not show up in the Audacity sound editor. This is because the French translation file was not in the correct character encoding. This issue is corrected in the updated packages. http://www.linuxsecurity.com/content/view/125945 * Mandriva: Updated tar packages fix vulnerability 28th, November, 2006 GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. The updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/125963 * Mandriva: Updated rpmdrake packages address several issues 29th, November, 2006 Several bugs were fixed in rpmdrake: - various people saw crashes due to invalid UTF-8 strings (#26099) - edit-urpm-sources.pl didn't start if urpmi.cfg did not exist (#27336) - MandrivaUpdate got several fixes: o it was impossible to select an update where there was only one group (#26135) o all updates are preselected by default (#25271) o all security, bugfix & normal updates were not displayed in "all updates" mode (#27268) o default is now "all updates" rather than "security updates" http://www.linuxsecurity.com/content/view/125985 * Mandriva: Updated drakxtools packages address several issues 29th, November, 2006 Several bugs were fixed in drakxtools/ http://www.linuxsecurity.com/content/view/125986 * RedHat: Critical: jbossas security update 27th, November, 2006 An updated jbossas package that corrects a security vulnerability is now available for Red Hat Application Stack. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/125904 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: phpMyAdmin (SUSE-SA:2006:071) 24th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125893 * SuSE: openldap2-client (SUSE-SA:2006:072) 24th, November, 2006 Updated package. http://www.linuxsecurity.com/content/view/125894 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: tar vulnerability 27th, November, 2006 Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges. http://www.linuxsecurity.com/content/view/125941 * Ubuntu: ImageMagick vulnerability 27th, November, 2006 Daniel Kobras discovered multiple buffer overflows in ImageMagick's SGI file format decoder. By tricking a user or an automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/125942 * Ubuntu: Dovecot vulnerability 28th, November, 2006 Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmap_disable=yes" were vulnerable. http://www.linuxsecurity.com/content/view/125961 * Ubuntu: KOffice vulnerability 29th, November, 2006 An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/125973 * Ubuntu: GnuPG vulnerability 29th, November, 2006 A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode. http://www.linuxsecurity.com/content/view/125975 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------