+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 15th 2006 Volume 7, Number 50a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for l2tpns, gnupg, clamav, ruby, enemies-of-carlotta, wv, xine-lib, ModPlug, KOffice, Mozilla, SeaMonkey, MadWifi, tar, F-Prot, libgsf, Trac, samba, radius, powermanga, phpmyadmin, php-eaccelaerator, squirrelmail, kdegraphics, tomboy, evince, flashplayer, kernel, and avahi. The distributors include Debian, Gentoo, Mandriva, SuSE and Ubuntu. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- * EnGarde Secure Linux v3.0.11 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.11 (Version 3.0, Release 11). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.11 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: new l2tpns packages fix buffer overflow 8th, December, 2006 Rhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunnelling protocol network server, which could be triggered by a remote user to execute arbitary code. http://www.linuxsecurity.com/content/view/126116 * Debian: New gnupg packages fix arbitrary code execution 9th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126123 * Debian: New clamav packages fix denial of service 9th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126124 * Debian: New Linux 2.6.8 packages fix several vulnerabilities 10th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126131 * Debian: New ruby1.6 package fix denial of service 13th, December, 2006 A denial of service vulnerability has been discovered in the CGI library included with Ruby, the intepreted scripting langauge for quick and easy object-orientated programming. http://www.linuxsecurity.com/content/view/126196 * Debian: New ruby1.8 package fix denial of service 13th, December, 2006 A denial of service vulnerability has been discovered in the CGI library included with Ruby, the intepreted scripting langauge for quick and easy object-orientated programming. http://www.linuxsecurity.com/content/view/126197 * Debian: New enemies-of-carlotta package fix missing sanity checks 13th, December, 2006 Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell. http://www.linuxsecurity.com/content/view/126198 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: wv library Multiple integer overflows 7th, December, 2006 The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/126099 * Gentoo: xine-lib Buffer overflow 9th, December, 2006 xine-lib is vulnerable to a buffer overflow in the Real Media input plugin, which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/126122 * Gentoo: GnuPG Multiple vulnerabilities 10th, December, 2006 GnuPG is vulnerable to a buffer overflow and an erroneous function pointer dereference that can result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/126125 * Gentoo: ModPlug Multiple buffer overflows 10th, December, 2006 ModPlug contains several boundary errors that could lead to buffer overflows resulting in the possible execution of arbitrary code. http://www.linuxsecurity.com/content/view/126126 * Gentoo: KOffice shared libraries Heap corruption 10th, December, 2006 An integer overflow in koffice-libs allows for a Denial of Service and possibly the execution of arbitrary code when viewing malicious PowerPoint files. http://www.linuxsecurity.com/content/view/126127 * Gentoo: Mozilla Thunderbird Multiple vulnerabilities 10th, December, 2006 Multiple vulnerabilities have been identified in Mozilla Thunderbird. http://www.linuxsecurity.com/content/view/126128 * Gentoo: Mozilla Firefox Multiple vulnerabilities 10th, December, 2006 Multiple vulnerabilities have been reported in Mozilla Firefox. http://www.linuxsecurity.com/content/view/126129 * Gentoo: SeaMonkey Multiple vulnerabilities 10th, December, 2006 Multiple vulnerabilities have been identified in the SeaMonkey project. http://www.linuxsecurity.com/content/view/126130 * Gentoo: MadWifi Kernel driver buffer overflow 10th, December, 2006 MadWifi is vulnerable to a buffer overflow that could potentially lead to the remote execution of arbitrary code with root privileges. http://www.linuxsecurity.com/content/view/126132 * Gentoo: GnuPG Multiple vulnerabilities 11th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126136 * Gentoo: Tar Directory traversal vulnerability 11th, December, 2006 Tar is vulnerable to directory traversal possibly allowing for the overwriting of arbitrary files. http://www.linuxsecurity.com/content/view/126170 * Gentoo: MadWifi Kernel driver buffer overflow 11th, December, 2006 OpenSSL contains multiple vulnerabilities including the possible execution of remote arbitrary code. http://www.linuxsecurity.com/content/view/126174 * Gentoo: F-PROT Antivirus Multiple vulnerabilities 12th, December, 2006 F-Prot Antivirus contains a buffer overflow and other unspecified vulnerabilities, possibly allowing the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/126190 * Gentoo: libgsf Buffer overflow 12th, December, 2006 libgsf improperly allocates memory allowing for a heap overflow and possibly the execution of arbitrary code. http://www.linuxsecurity.com/content/view/126191 * Gentoo: Trac Cross-site request forgery 12th, December, 2006 Trac allows remote attackers to execute unauthorized actions as other users. http://www.linuxsecurity.com/content/view/126192 * Gentoo: McAfee VirusScan Insecure DT_RPATH 14th, December, 2006 McAfee VirusScan for Linux is distributed with an insecure DT_RPATH, potentially allowing a remote attacker to execute arbitrary code. http://www.linuxsecurity.com/content/view/126229 * Gentoo: Links Arbitrary Samba command execution 14th, December, 2006 Links does not properly validate "smb://" URLs, making it vulnerable to the execution of arbitrary Samba commands. http://www.linuxsecurity.com/content/view/126236 * Gentoo: GNU Radius Format string vulnerability 14th, December, 2006 A format string vulnerabilty has been found in GNU Radius, which could lead to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/126237 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated powermanga to fix startup bug. 8th, December, 2006 Powermanga fails to to start with a "can't locate file :texts/text_en.txt" error message. The required files have been included in this update. http://www.linuxsecurity.com/content/view/126121 * Mandriva: Updated phpMyAdmin to address several bugs. 11th, December, 2006 phpmMyAdmin 2.8.2.2 fails and does core dump to /tmp when doing some work. like: 1. Export database structure to file.sql using tab "export" 2. Move a table to another database using tab "operation" The ssl redirection has been deactivated in this package because it could fail under some circumstances using virtual hosts. http://www.linuxsecurity.com/content/view/126139 * Mandriva: Updated php-eaccelerator to address issue of being built against the wrong php version. 11th, December, 2006 The php-eaccelerator package that comes with CS4 was not built against the correct php version. This update addresses this problem. The eloader and encoder portions are being dropped upstream because they do not work properly. Therefore, there will be no php-eaccelerator-eloader sub package provided with this release. In addition, the version has been upgraded from 0.9.5 RC1 to 0.9.5 final. http://www.linuxsecurity.com/content/view/126140 * Mandriva: Updated logrotate to fix rotation issue for syslogd. 11th, December, 2006 The log rotation script that rotates the system logs was moved from the backported sysklogd package (used in CS4) to the logrotate package. The new logrotate package will see to it that the system log files will be rotated as usual. http://www.linuxsecurity.com/content/view/126141 * Mandriva: Updated squirrelmail packages fix vulnerabilities 11th, December, 2006 Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." http://www.linuxsecurity.com/content/view/126164 * Mandriva: Updated kdegraphics packages fix EXIF vulnerability 11th, December, 2006 Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion. http://www.linuxsecurity.com/content/view/126168 * Mandriva: Updated gnupg packages fix vulnerability 11th, December, 2006 A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/126175 * Mandriva: Updated glibc package are available for new kernels 11th, December, 2006 Updated glibc packages are being provided to ensure that kernel and user-space tools are in sync. This update also fixes a bug present on x86_64 platforms where strncmp() is mis-optimized. http://www.linuxsecurity.com/content/view/126176 * Mandriva: Updated tomboy package to address missing dependencies on x86_64 13th, December, 2006 A bug in the build system made the tomboy package miss some dependencies like gnome-sharp2 on x86_64. The rebuilt package now installs all required packages. http://www.linuxsecurity.com/content/view/126199 * Mandriva: Updated evince packages fix buffer overflow vulnerability 14th, December, 2006 Stack-based buffer overflow in ps.c for evince allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header http://www.linuxsecurity.com/content/view/126227 * Mandriva: Updated clamav packages fix vulnerability 14th, December, 2006 The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406). http://www.linuxsecurity.com/content/view/126228 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: Madwifi remote root exploit 11th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126163 * SuSE: gpg (SUSE-SA:2006:075) 13th, December, 2006 Updated package. http://www.linuxsecurity.com/content/view/126193 * SuSE: libgsf buffer overflows 14th, December, 2006 The libgsf library is used by various GNOME programs to handle for instance OLE2 data streams. Specially crafted OLE documents enabled attackers to use a heap buffer overflow for potentially executing code. This issue is tracked by the Mitre CVE ID CVE-2006-4514. http://www.linuxsecurity.com/content/view/126233 * SuSE: flash-player CRLF injection 14th, December, 2006 This security update brings the Adobe Flash Player to version 7.0.69. The update fixes the following security problem: CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. The flexibility of the attack varies depending on the type of web browser being used. http://www.linuxsecurity.com/content/view/126234 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: GnuPG2 vulnerabilities 7th, December, 2006 USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update provides the corresponding updates for gnupg2. http://www.linuxsecurity.com/content/view/126105 * Ubuntu: Ruby vulnerability 8th, December, 2006 An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. http://www.linuxsecurity.com/content/view/126114 * Ubuntu: Linux kernel vulnerabilities 13th, December, 2006 The following CVEIDs are covered by this advisory: CVE-2006-4572, CVE-2006-4813, CVE-2006-4997, CVE-2006-5158, CVE-2006-5173, CVE-2006-5619, CVE-2006-5648, CVE-2006-5649, CVE-2006-5701, CVE-2006-5751 http://www.linuxsecurity.com/content/view/126200 * Ubuntu: avahi regression 14th, December, 2006 USN-380-1 fixed a vulnerability in Avahi. However, if used with Network manager, that version occasionally failed to resolve .local DNS names until Avahi got restarted. This update fixes the problem. We apologize for the inconvenience. http://www.linuxsecurity.com/content/view/126235 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------