+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 13th 2007 Volume 8, Number 15a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for man-db, libX11, Evince, libwpd,
DokuWiki, krb5, freetype2, tightvnc, ipsec-tools, the Linux kernel, and
the KDE library. The distributors include Debian, Fedora Gentoo,
Mandriva, Ubuntu.
---
* EnGarde Secure Linux v3.0.13 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13
---
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec
management education and the case study affords you unmatched consulting
experience. Using interactive e-Learning technology, you can earn this
esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/linsec/
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New man-db packages fix arbitrary code execution
6th, April, 2007
A buffer overflow has been dicovered in the man command that could allow
an attacker to execute code as the man user by providing specially crafted
arguments to the -H flag. This is likely to be an issue only on machines
with the man and mandb programs installed setuid.
http://www.linuxsecurity.com/content/view/127722
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 5 Update: libX11-1.0.0-4.fc5
10th, April, 2007
Aadded libX11-1.0.1-setuid.diff to fix potential security issue (required)
http://www.linuxsecurity.com/content/view/127757
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: Evince Stack overflow in included gv code
6th, April, 2007
Evince improperly handles user-supplied data possibly allowing for the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/127725
* Gentoo: libwpd Multiple vulnerabilities
6th, April, 2007
libwpd is vulnerable to several heap overflows and an integer overflow.
http://www.linuxsecurity.com/content/view/127726
* Gentoo: DokuWiki Cross-site scripting vulnerability
12th, April, 2007
DokuWiki is vulnerable to a cross-site scripting attack. An attacker could
entice a user to click a specially crafted link and inject CRLF characters
into the variable. This would allow the creation of new lines or fields in
the returned HTTP Response header, which would permit the attacker to
execute arbitrary scripts in the context of the user's browser.
http://www.linuxsecurity.com/content/view/127784
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated krb5 packages fix vulnerabilities
10th, April, 2007
A vulnerability was found in the username handling of the MIT krb5 telnet
daemon. A remote attacker that could access the telnet port of a target
machine could login as root without requiring a password (CVE-2007-0956).
http://www.linuxsecurity.com/content/view/127759
* Mandriva: Updated freetype2 packages fix vulnerability
10th, April, 2007
iDefense integer overflows in the way freetype handled various font files.
http://www.linuxsecurity.com/content/view/127761
* Mandriva: Updated tightvnc packages fix integer overflow
vulnerabilities
10th, April, 2007
Local exploitation of a memory corruption vulnerability in the X.Org and
XFree86 X server could allow an attacker to execute arbitrary code with
privileges of the X server, typically root.
http://www.linuxsecurity.com/content/view/127763
* Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow
vulnerabilities
11th, April, 2007
Local exploitation of a memory corruption vulnerability in the X.Org and
XFree86 X server could allow an attacker to execute arbitrary code with
privileges of the X server, typically root.
http://www.linuxsecurity.com/content/view/127775
* Mandriva: Updated madwifi-source, wpa_supplicant packages fix
vulnerabilities
11th, April, 2007
The ath_rate_sample function in the ath_rate/sample/sample.c sample code
in MadWifi before 0.9.3 allows remote attackers to cause a denial of
service (failed KASSERT and system crash) by moving a connected system to
a location with low signal strength, and possibly other vectors related to
a race condition between interface enabling and packet transmission.
(CVE-2005-4835)
http://www.linuxsecurity.com/content/view/127776
* Mandriva: Updated apache-mod_perl packages fix DoS vulnerability
11th, April, 2007
PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm
in mod_perl 2.x, does not properly escape PATH_INFO before use in a
regular expression, which allows remote attackers to cause a denial of
service (resource consumption) via a crafted URI. Updated packages have
been patched to correct this issue.
http://www.linuxsecurity.com/content/view/127777
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: ipsec-tools vulnerability
9th, April, 2007
A flaw was discovered in the IPSec key exchange server "racoon". Remote
attackers could send a specially crafted packet and disrupt established
IPSec tunnels, leading to a denial of service.
http://www.linuxsecurity.com/content/view/127743
* Ubuntu: Linux kernel vulnerabilities
10th, April, 2007
The kernel key management code did not correctly handle key reuse. A
local attacker could create many key requests, leading to a denial of
service. (CVE-2007-0006)
http://www.linuxsecurity.com/content/view/127764
* Ubuntu: KDE library vulnerability
11th, April, 2007
The Qt library did not correctly handle truncated UTF8 strings, which
could cause some applications to incorrectly filter malicious strings.
If a Konqueror user were tricked into visiting a web site containing
specially crafted strings, normal XSS prevention could be bypassed
allowing a remote attacker to steal confidential data.
http://www.linuxsecurity.com/content/view/127778
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
