+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | April 5th 2007 Volume 8, Number 14a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for file, zope, krb, XMMS, Ekiga, Squid, CUPS, Asterisk, Kerberos, OpenAFS, OpenPBS, zziplib, kdelibs, openoffice, qt3, qt4, XFree86, xorg-x11, libXfont, mysql, ktorrent, and gpg. The distributors include Debian, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu. --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec/ --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New file packages fix arbitrary code execution 2nd, April, 2007 Updated package. http://www.linuxsecurity.com/content/view/127643 * Debian: New zope2.7 packages fix cross-site scripting flaw 2nd, April, 2007 Updated package. http://www.linuxsecurity.com/content/view/127653 * Debian: New krb5 packages fix several vulnerabilities 3rd, April, 2007 Updated package. http://www.linuxsecurity.com/content/view/127671 * Debian: New XMMS packages fix arbitrary code execution 4th, April, 2007 Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files. <p> http://www.linuxsecurity.com/content/view/127695 * Gentoo: Ekiga Format string vulnerability 29th, March, 2007 A format string vulnerability in Ekiga may allow the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/127613 * Gentoo: file Integer underflow 30th, March, 2007 A buffer underflow vulnerability has been reported in file allowing for the user-assisted execution of arbitrary code. http://www.linuxsecurity.com/content/view/127634 * Gentoo: Squid Denial of Service 31st, March, 2007 Squid is affected by a Denial of Service vulnerability. http://www.linuxsecurity.com/content/view/127638 * Gentoo: CUPS Denial of Service 31st, March, 2007 CUPS incorrectly handles partially-negotiated SSL connections allowing for a Denial of Service. http://www.linuxsecurity.com/content/view/127639 * Gentoo: Asterisk Two SIP Denial of Service vulnerabilities 2nd, April, 2007 Asterisk is vulnerable to two Denial of Service issues in the SIP channel. http://www.linuxsecurity.com/content/view/127651 * Gentoo: MIT Kerberos 5 Arbitrary remote code execution 3rd, April, 2007 Multiple vulnerabilities in MIT Kerberos 5 could potentially result in unauthenticated remote root code execution. http://www.linuxsecurity.com/content/view/127670 * Gentoo: OpenAFS Privilege escalation 3rd, April, 2007 OpenAFS is subject to a design flaw that could allow privilege escalation on the client. http://www.linuxsecurity.com/content/view/127672 * Gentoo: OpenPBS Multiple vulnerabilities 3rd, April, 2007 OpenPBS contains unspecified vulnerabilities which may allow for the remote execution of arbitrary code or a Denial of Service. http://www.linuxsecurity.com/content/view/127673 * Gentoo: zziplib Buffer Overflow 3rd, April, 2007 The zziplib library contains a buffer overflow vulnerability that could lead to user-assisted remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/127674 * Mandriva: Updated xmms packages to address integer vulnerabilities 29th, March, 2007 Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. (CVE-2007-0653) Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow. (CVE-2007-0654) Updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/127612 * Mandriva: Updated kdelibs packages to address FTP PASV issue in konqueror 29th, March, 2007 The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/127614 * Mandriva: Updated openoffice.org packages to address vulnerabilities 29th, March, 2007 Stack-based buffer overflow in the StarCalc parser in OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary code via a crafted document. (CVE-2007-0238) OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. (CVE-2007-0239) Updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/127615 * Mandriva: Updated qt3 packages to address utf8 decoder bug 3rd, April, 2007 Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/127680 * Mandriva: Updated kdelibs packages to address UTF8 issue in KJS 3rd, April, 2007 A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/127681 * Mandriva: Updated qt4 packages to address utf8 decoder bug 3rd, April, 2007 Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection. Updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/127682 * RedHat: Critical: krb5 security update 3rd, April, 2007 Updated krb5 packages that fix a number of issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127659 * RedHat: Important: XFree86 security update 3rd, April, 2007 Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127662 * RedHat: Important: xorg-x11 security update 3rd, April, 2007 Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127663 * RedHat: Important: xorg-x11-server security update 3rd, April, 2007 Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127664 * RedHat: Moderate: squid security update 3rd, April, 2007 An updated squid package that fixes a security vulnerability is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127665 * RedHat: Important: libXfont security update 3rd, April, 2007 Updated X.org libXfont packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127666 * RedHat: Moderate: mysql security update 3rd, April, 2007 Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/127667 * Slackware: file [and bin package] 3rd, April, 2007 New file packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue. http://www.linuxsecurity.com/content/view/127676 * Slackware: qt 3rd, April, 2007 New qt packages are available for Slackware 10.2, 11.0, and -current to fix a security issue. http://www.linuxsecurity.com/content/view/127677 * Slackware: ktorrent 3rd, April, 2007 New ktorrent packages are available for Slackware 11.0 and -current to fix security issues. http://www.linuxsecurity.com/content/view/127678 * SuSE: gpg (SUSE-SA:2007:024) 30th, March, 2007 Updated package. http://www.linuxsecurity.com/content/view/127630 * Ubuntu: X.org vulnerabilities 3rd, April, 2007 Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003)Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. http://www.linuxsecurity.com/content/view/127675 * Ubuntu: krb5 vulnerabilities 3rd, April, 2007 The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. http://www.linuxsecurity.com/content/view/127679 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------