+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | March 23rd 2007 Volume 8, Number 12a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for webcalendar, libwpd, lookup-el, openoffice, openafs, tcpdump,asterisk, postgresql, thunderbird, LTSP, LSAT, php, Mozilla, wordpress, nufw, libwpd, nas, openafs, libwpd, php, libwpd, Inkscape, file, and mysql. The distributors include Debain, Gentoo, Mandriva, Red Hat, SuSE, and Ubuntu. --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New webcalendar packages fix remote file inclusion 15th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127464 * Debian: New libwpd packages fix arbitrary code execution 17th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127480 * Debian: New lookup-el packages fix insecure temporary file 18th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127481 * Debian: New OpenOffice.org packages fix several vulnerabilities 20th, March, 2007 Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems. http://www.linuxsecurity.com/content/view/127511 * Debian: New openafs packages fix remote privilege escalation bug 20th, March, 2007 A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. It's possible for an attacker with knowledge of AFS to forge an AFS FetchStatus call and make an arbitrary binary file appear to an AFS client host to be setuid. If they can then arrange for that binary to be executed, they will be able to achieve privilege escalation. http://www.linuxsecurity.com/content/view/127512 * Debian: New tcpdump packages fix denial of service 22nd, March, 2007 Moritz Jodeit discovered an off-by-one buffer overflow in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service. http://www.linuxsecurity.com/content/view/127539 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Asterisk SIP Denial of Service 16th, March, 2007 Asterisk is vulnerable to Denial of Service in the SIP channel. http://www.linuxsecurity.com/content/view/127477 * Gentoo: PostgreSQL Multiple vulnerabilities 16th, March, 2007 PostgreSQL contains two vulnerabilities that could result in a Denial of Service or unauthorized access to certain information. http://www.linuxsecurity.com/content/view/127478 * Gentoo: Apache JK Tomcat Connector Remote execution of arbitrary code 16th, March, 2007 The Apache Tomcat Connector (mod_jk) contains a buffer overflow vulnerability that could result in the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/127479 * Gentoo: ulogd Remote execution of arbitrary code 18th, March, 2007 ulogd contains a possible buffer overflow potentially allowing for the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/127482 * Gentoo: Mozilla Thunderbird Multiple vulnerabilities 18th, March, 2007 Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow user-assisted arbitrary remote code execution. http://www.linuxsecurity.com/content/view/127483 * Gentoo: LTSP Authentication bypass in included LibVNCServer code 18th, March, 2007 LTSP includes a version of libVNCServer that is vulnerable to an authentication bypass. http://www.linuxsecurity.com/content/view/127484 * Gentoo: LSAT Insecure temporary file creation 18th, March, 2007 LSAT insecurely creates temporary files which can lead to symlink attacks allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/127485 * Gentoo: PHP Multiple vulnerabilities 20th, March, 2007 PHP contains several vulnerabilities including a heap buffer overflow, potentially leading to the remote execution of arbitrary code under certain conditions. http://www.linuxsecurity.com/content/view/127514 * Gentoo: Mozilla Network Security Service Remote execution of arbitrary code 20th, March, 2007 The Mozilla Network Security Services libraries are vulnerable to two buffer overflows that could result in the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/127515 * Gentoo: WordPress Multiple vulnerabilities 20th, March, 2007 Wordpress contains several cross-site scripting, cross-site request forgery and information leak vulnerabilities. http://www.linuxsecurity.com/content/view/127516 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated nufw packages fix various bugs 15th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127462 * Mandriva: Updated libwpd packages to address heap overflow vulnerabilities 16th, March, 2007 iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/127475 * Mandriva: Updated openoffice.org packages to address libwpd heap overflow vulnerabilities 16th, March, 2007 iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. OpenOffice.org-2.X contains an embedded copy of libpwd, and as such is susceptible to the same issues. Updated packages have been rebuilt using the system libwpd to address this issue. http://www.linuxsecurity.com/content/view/127476 * Mandriva: Updated nas packages address multiple vulnerabilities 20th, March, 2007 Luigi Auriemma discovered a number of problems with the nas (Network Audio System) daemon that could be used to crash nasd. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/127518 * Mandriva: Updated OpenAFS packages address vulnerability 20th, March, 2007 By default, OpenAFS prior to 1.44 and 1.5.17 supports setuid programs within the local cell, which could allow attackers to obtain privileges. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/127519 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: libwpd security update 16th, March, 2007 Updated libwpd packages to correct a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127472 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: php security problems 15th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127457 * SuSE: Linux kernel (SUSE-SA:2007:021) 16th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127471 * SuSE: Mozilla security problems 20th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127503 * SuSE: OpenOffice,libwpd security problems 21st, March, 2007 Several security problems were fixed in the Wordperfect converter library libwpd and OpenOffice_org. http://www.linuxsecurity.com/content/view/127522 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: libwpd vulnerability 19th, March, 2007 Sean Larsson of iDefense Labs discovered that libwpd was vulnerable to integer overflows. If a user were tricked into opening a specially crafted WordPerfect document with an application that used libwpd, an attacker could execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/127492 * Ubuntu: Inkscape vulnerability 20th, March, 2007 A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/127517 * Ubuntu: file vulnerability 21st, March, 2007 Jean-Sebastien Guay-Leroux discovered that "file" did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the "file" utility, a remote attacker could execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/127526 * Ubuntu: MySQL vulnerability 21st, March, 2007 Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL subselect queries using "ORDER BY" could be made to crash the MySQL server. An attacker with access to a MySQL instance could cause an intermitant denial of service. http://www.linuxsecurity.com/content/view/127527 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------