+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 20th 2007 Volume 8, Number 16a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released the linux kernel, php, DokuWiki,
xine, Inkscape, Vixie, OpenOffice, file, freeradius, madwiki, ipsec-tools,
cups, and sqlite. The distributors include Fedora, Gentoo, Mandriva,
Red Hat, and Ubuntu.
---
* EnGarde Secure Linux v3.0.13 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13
---
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec
management education and the case study affords you unmatched consulting
experience. Using interactive e-Learning technology, you can earn this
esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/linsec/
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 5 Update: kernel-2.6.20-1.2312.fc5
13th, April, 2007
The atalk_sum_skb function in AppleTalk for Linux kernel
2.6.x before 2.6.21, and possibly 2.4.x, allows remote
attackers to cause a denial of service (crash) via an
AppleTalk frame that is shorter than the specified length,
which triggers a BUG_ON call when an attempt is made to
http://www.linuxsecurity.com/content/view/127797
* Fedora Core 6 Update: kernel-2.6.20-1.2944.fc6
13th, April, 2007
The atalk_sum_skb function in AppleTalk for Linux kernel
2.6.x before 2.6.21, and possibly 2.4.x, allows remote
attackers to cause a denial of service (crash) via an
AppleTalk frame that is shorter than the specified length,
which triggers a BUG_ON call when an attempt is made to
perform a checksum.
http://www.linuxsecurity.com/content/view/127803
* Fedora Core 6 Update: php-5.1.6-3.5.fc6
17th, April, 2007
This update fixes a number of security issues in PHP.
A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array.
http://www.linuxsecurity.com/content/view/127839
* Fedora Core 5 Update: php-5.1.6-1.5
18th, April, 2007
This update fixes a number of security issues in PHP.
A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array.
A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection.
http://www.linuxsecurity.com/content/view/127862
* Gentoo: DokuWiki Cross-site scripting vulnerability
12th, April, 2007
DokuWiki is vulnerable to a cross-site scripting attack.
An attacker could entice a user to click a specially crafted link and
inject CRLF characters into the variable. This would allow the
creation of new lines or fields in the returned HTTP Response header,
which would permit the attacker to execute arbitrary scripts in the
context of the user's browser.
http://www.linuxsecurity.com/content/view/127784
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: xine-lib Heap-based buffer overflow
14th, April, 2007
xine-lib is vulnerable to a heap-based buffer overflow.
An attacker could entice a user to play a specially crafted DMO video
file with a player using xine-lib, potentially resulting in the
execution of arbitrary code with the privileges of the user running
the player.
http://www.linuxsecurity.com/content/view/127807
* Gentoo: Inkscape Two format string vulnerabilities
16th, April, 2007
Two format string vulnerabilities have been discovered in Inkscape,
allowing for user-assisted execution of arbitrary code.
http://www.linuxsecurity.com/content/view/127814
* Gentoo: Vixie Cron Denial of Service
16th, April, 2007
The Gentoo implementation of Vixie Cron is vulnerable to a local
Denial of Service.During an internal audit, Raphael Marichez of the
Gentoo Linux Security Team found that Vixie Cron has weak permissions
set on Gentoo, allowing for a local user to create hard links to system
and users cron files, while a st_nlink check in database.c will generate a
superfluous error.
http://www.linuxsecurity.com/content/view/127822
* Gentoo: OpenOffice.org Multiple vulnerabilities
16th, April, 2007
Multiple vulnerabilities have been discovered in OpenOffice.org,
allowing for remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/127824
* Gentoo: File Denial of Service
17th, April, 2007
A vulnerability has been discovered in file allowing for a denial of
service.
http://www.linuxsecurity.com/content/view/127845
* Gentoo: FreeRADIUS Denial of Service
17th, April, 2007
A memory leak has been discovered in FreeRADIUS, possibly allowing
for a Denial of Service.
http://www.linuxsecurity.com/content/view/127846
* Gentoo: MadWifi Multiple vulnerabilities
17th, April, 2007
Multiple vulnerabilities have been discovered in the MadWifi driver,
possibly leading to a Denial of Service and information disclosure.
http://www.linuxsecurity.com/content/view/127847
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated ipsec-tools packages fix DoS vulnerability
16th, April, 2007
The ipsec-tools package prior to version 0.6.7 allows remote
attackers to cause a Denial of Service (tunnel crash) via crafted
DELTE and NOTIFY messages. Updated packages have been patched to correct
this issue.
http://www.linuxsecurity.com/content/view/127825
* Mandriva: Updated freeradius packages fix DoS vulnerability
16th, April, 2007
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers
to cause a denial of service (memory consumption) via a large number of
EAP-TTLS tunnel connections using malformed Diameter format
attributes, which causes the authentication request to be rejected but
does not reclaim VALUE_PAIR data structures. Updated packages have been
patched to correct this issue.
http://www.linuxsecurity.com/content/view/127826
* Mandriva: Updated cups packages fix DoS vulnerability
16th, April, 2007
A flaw was discovered in how CUPS handled SSL negotiation that could
allow a remote attacker capable of connecting to the CUPS daemon to
cause a DoS to other CUPS users.
Updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/127827
* Mandriva: Updated php packages fix multiple vulnerabilities
19th, April, 2007
A heap-based buffer overflow vulnerability was found in PHP's gd
extension. A script that could be forced to process WBMP images
from an untrusted source could result in arbitrary code execution
A DoS flaw was found in how PHP processed a deeply nested array.
A remote attacker could cause the PHP intrerpreter to creash
by submitting an input variable with a deeply nested array
http://www.linuxsecurity.com/content/view/127865
* Mandriva: Updated php packages fix multiple vulnerabilities
19th, April, 2007
A heap-based buffer overflow vulnerability was found in PHP's gd
extension. A script that could be forced to process WBMP images
from an untrusted source could result in arbitrary code execution
http://www.linuxsecurity.com/content/view/127866
* Mandriva: Updated php packages fix multiple vulnerabilities
19th, April, 2007
A heap-based buffer overflow vulnerability was found in PHP's gd
extension. A script that could be forced to process WBMP images
from an untrusted source could result in arbitrary code execution
(CVE-2007-1001).
http://www.linuxsecurity.com/content/view/127867
* Mandriva: Updated php packages fix multiple vulnerabilities
19th, April, 2007
A heap-based buffer overflow vulnerability was found in PHP's gd
extension. A script that could be forced to process WBMP images
from an untrusted source could result in arbitrary code execution
A DoS flaw was found in how PHP processed a deeply nested array.
A remote attacker could cause the PHP intrerpreter to creash
by submitting an input variable with a deeply nested array
http://www.linuxsecurity.com/content/view/127868
* Mandriva: Updated sqlite packages fix vulnerability
19th, April, 2007
A buffer overflow in sqlite could allow context-dependent attackers
to execute arbitrary code via an empty value of the 'in' parameter.
Updated packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/127869
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Moderate: cups security update
16th, April, 2007
Updated CUPS packages that fix a security issue are now available
for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/127808
* RedHat: Moderate: freetype security update
16th, April, 2007
Updated freetype packages that fix a security flaw are now available
for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/127809
* RedHat: Moderate: php security update
16th, April, 2007
Updated PHP packages that fix several security issues are now
available for Red Hat Application Stack v1.1. This update has been rated
as having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/127810
* RedHat: Important: php security update
16th, April, 2007
Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1. This update has been rated
as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/127817
* RedHat: Important: php security update
16th, April, 2007
Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 3 and 4. This update has been
rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/127818
* RedHat: Moderate: xorg-x11-apps and libX11 security
16th, April, 2007
Updated xorg-x11-apps and libX11 packages that fix a security issue
are now available for Red Hat Enterprise Linux 5. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/127819
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: X.org vulnerability
18th, April, 2007
Multiple integer overflows were found in the XGetPixel function of
libx11. If a user were tricked into opening a specially crafted XWD
image, remote attackers could execute arbitrary code with user
privileges.
http://www.linuxsecurity.com/content/view/127857
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
