+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 11th 2007 Volume 8, Number 19a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for ldap-account-manager, pptpd, vim, evolution-data-server, X11, Lighttpd, GIMP, IPsec, MySQL, ImageMagick, xscreenserver, bind, clamav, python, postgsql, php, freeradius, elinks, and MoinMoin. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu. --- Vyatta: Open-Source Router / Firewall / VPN Vyatta software and appliances combine the features, performance and reliability of an enterprise-class router and firewall with the cost savings and flexibility of open source solutions. >> Free Vyatta Community Edition 2 Software & Live Demo Webinars >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28 --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New ldap-account-manager packages fix multiple vulnerabilities 7th, May, 2007 Two vulnerabilities have been identified in the version of ldap-account-manager shipped with Debian 3.1 (sarge). An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PATH environment variable referencing this executable. http://www.linuxsecurity.com/content/view/128085 * Debian: New pptpd packages fix denial of service 8th, May, 2007 It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. http://www.linuxsecurity.com/content/view/128122 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 6 Update: vim-7.0.235-1.fc6 7th, May, 2007 This update fixes several issues where opening a malicious file with vim can run an arbitrary command via modeline http://www.linuxsecurity.com/content/view/128099 * Fedora Core 5 Update: evolution-data-server-1.6.3-4.fc5 7th, May, 2007 This update fixes a security vulnerability in APOP authentication. This only affects POP mail accounts. http://www.linuxsecurity.com/content/view/128100 * Fedora Core 6 Update: evolution-data-server-1.8.3-6.fc6 7th, May, 2007 This update fixes a security vulnerability in APOP authentication. This only affects POP mail accounts. http://www.linuxsecurity.com/content/view/128102 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: X.Org X11 library Multiple integer overflows 5th, May, 2007 The X.Org X11 library contains multiple integer overflows, which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/128077 * Gentoo: Lighttpd Two Denials of Service 7th, May, 2007 Two vulnerabilities have been discovered in Lighttpd, each allowing for a Denial of Service.Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd tries to access a file with a mtime of 0. http://www.linuxsecurity.com/content/view/128088 * Gentoo: GIMP Buffer overflow 7th, May, 2007 GIMP is vulnerable to a buffer overflow which may lead to the execution of arbitrary code.Marsu discovered that the "set_color_table()" function in the SUNRAS plugin is vulnerable to a stack-based buffer overflow. http://www.linuxsecurity.com/content/view/128089 * Gentoo: IPsec-Tools Denial of Service 8th, May, 2007 IPsec-Tools contains a vulnerability that allows a remote attacker to crash the IPsec tunnel. A remote attacker could send a specially crafted IPsec message to one of the two peers during the beginning of phase 1, resulting in the termination of the IPsec exchange. http://www.linuxsecurity.com/content/view/128111 * Gentoo: LibXfont, TightVNC Multiple vulnerabilities 8th, May, 2007 Multiple vulnerabilities have been reported in libXfont and TightVNC, allowing for the execution of arbitrary code with root privileges. The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. http://www.linuxsecurity.com/content/view/128118 * Gentoo: MySQL Two Denial of Service vulnerabilities 8th, May, 2007 Two Denial of Service vulnerabilities have been discovered in MySQL. Mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata. http://www.linuxsecurity.com/content/view/128119 * Gentoo: PostgreSQL Privilege escalation 10th, May, 2007 An error involving insecure search_path settings in the SECURITY DEFINER functions has been reported in PostgreSQL. This error contains a vulnerability that could result in SQL privilege escalation. http://www.linuxsecurity.com/content/view/128148 * Gentoo: ImageMagick Multiple buffer overflows 10th, May, 2007 iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are used to process DCM and XWD files. It can allow for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/128149 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated xscreensaver packages fix vulnerability 3rd, May, 2007 A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen. Updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/128055 * Mandriva: Updated bind packages fix vulnerability 9th, May, 2007 A vulnerability in ISC BIND 9.4.0, when recursion is enabled, could allow a remote attacker to cause a denial of service (daemon exit) via a certain sequence of queries. BIND 9.4.1, which corrects this issue, is provided with this update. http://www.linuxsecurity.com/content/view/128132 * Mandriva: Updated clamav packages fix vulnerabilities 8th, May, 2007 iDefense discovered a stack-based overflow in ClamAV when processing negative values in .cab files. As well, multiple file descriptor leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c. This update provides ClamAV 0.90.2 which corrects these problems and provides new functionality. http://www.linuxsecurity.com/content/view/128123 * Mandriva: Updated python packages fix vulnerabilities 8th, May, 2007 An off-by-one error was discovered in the PyLocale_strxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/128124 * Mandriva: Updated bind packages fix vulnerability 9th, May, 2007 A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim.Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/128138 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: postgresql security update 3rd, May, 2007 Updated postgresql packages that fix several security vulnerabilities are now available for the Red Hat Application Stack. A flaw was found in the way PostgreSQL allows authenticated users to execute security-definer functions. It was possible for an unprivileged user to execute arbitrary code with the privileges of the security-definer function. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128061 * RedHat: Moderate: postgresql security update 8th, May, 2007 Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. A flaw was found in the way PostgreSQL allows authenticated users to execute security-definer functions. It was possible for an unprivileged user to execute arbitrary code with the privileges of the security-definer function. http://www.linuxsecurity.com/content/view/128116 * RedHat: Important: php security update 8th, May, 2007 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128117 * RedHat: Moderate: vim security update 9th, May, 2007 Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5.An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128128 * RedHat: Important: php security update 9th, May, 2007 Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4.A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. http://www.linuxsecurity.com/content/view/128129 * RedHat: Important: php security update 10th, May, 2007 Updated PHP packages that fix several security issues are now available for Red Hat Application Stack.This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128144 * RedHat: Moderate: freeradius security update 10th, May, 2007 Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux 3, 4, and 5. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. http://www.linuxsecurity.com/content/view/128146 +---------------------------------+ | Distribution: Slasware | ----------------------------// +---------------------------------+ * Slackware: php 8th, May, 2007 New php packages are available for Slackware 10.2, 11.0, and -current to improve the stability and security of PHP. Quite a few bugs were fixed please see http://www.php.net for a detailed list. http://www.linuxsecurity.com/content/view/128106 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: Linux kernel (SUSE-SA:2007:029) 3rd, May, 2007 A NULL pointer dereference in the IPv6 sockopt handling could potentially be used by local attackers to read arbitrary kernel memory and thereby gain access to private information. http://www.linuxsecurity.com/content/view/128064 * SuSE: Linux kernel (SUSE-SA:2007:030) 10th, May, 2007 This kernel update is for SUSE Linux 9.3 which fixes the some security problems. The ftdi_sio driver allowed local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. This requires this driver to be loaded, which only happens if such a device is plugged in. http://www.linuxsecurity.com/content/view/128140 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: elinks vulnerability 7th, May, 2007 Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges. http://www.linuxsecurity.com/content/view/128086 * Ubuntu: MoinMoin vulnerabilities 8th, May, 2007 A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. http://www.linuxsecurity.com/content/view/128107 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------