+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 18th 2007 Volume 8, Number 20a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for squirrelmail, samba, qt4-x11, samba, php, postgresql, ImageMagick, Xscreensaver, phpwiki, mod_security, free radius, tomcat, bluez-utils, ipsec tools, vixie-cron, evolution, libpng, and pptpd. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu. --- Vyatta Open-Source Router, Firewall & VPN Vyatta software and appliances combine the features, performance and reliability of enterprise-class networking gear with the cost-savings and flexibility of open-source solutions. Vyatta empowers you to replace overpriced proprietary router, firewall and VPN equipment with commercially supported open-source solutions. >> Free Webinars & Vyatta Community Edition 2 Software >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28 --- * EnGarde Secure Linux v3.0.13 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.13 (Version 3.0, Release 13). This release includes several bug fixes and feature enhancements to the SELinux policy and several updated packages. http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13 --- RFID with Bio-Smart Card in Linux In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. http://www.linuxsecurity.com/content/view/125052/171/ --- Packet Sniffing Overview The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/123570/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New Linux 2.6.18 packages fix several vulnerabilities 13th, May, 2007 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. http://www.linuxsecurity.com/content/view/128165 * Debian: New squirrelmail packages fix cross-site scripting 13th, May, 2007 It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages. http://www.linuxsecurity.com/content/view/128166 * Debian: New samba packages fix multiple vulnerabilities 15th, May, 2007 Several issues have been identified in Samba, the SMB/CIFS file and print-server implementation for GNU/Linux. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. http://www.linuxsecurity.com/content/view/128207 * Debian: New qt4-x11 packages fix cross-site scripting vulnerability 15th, May, 2007 ndreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. http://www.linuxsecurity.com/content/view/128209 * Debian: New samba packages fix multiple vulnerabilities 17th, May, 2007 Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. http://www.linuxsecurity.com/content/view/128228 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 6 Update: php-5.1.6-3.6.fc6 14th, May, 2007 This update fixes a number of security issues in PHP. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. http://www.linuxsecurity.com/content/view/128184 * Fedora Core 5 Update: samba-3.0.24-5.fc5 14th, May, 2007 This release of Samba fixes some Serious security bugs, CVE-2007-2444, CVE-2007-2446 and CVE-2007-2447. Fixes the security bugs which causes a Samba smbd denial of service. http://www.linuxsecurity.com/content/view/128189 * Fedora Core 6 Update: samba-3.0.24-5.fc6 14th, May, 2007 This release of Samba fixes some Serious security bugs CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447 http://www.linuxsecurity.com/content/view/128192 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: PostgreSQL Privilege escalation 10th, May, 2007 An error involving insecure search_path settings in the SECURITY DEFINER functions has been reported in PostgreSQL. This error contains a vulnerability that could result in SQL privilege escalation. http://www.linuxsecurity.com/content/view/128148 * Gentoo: ImageMagick Multiple buffer overflows 10th, May, 2007 iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are used to process DCM and XWD files. It can allow for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/128149 * Gentoo: XScreenSaver Privilege escalation 13th, May, 2007 XScreenSaver allows local users to bypass authentication under certain configurations. XScreenSaver incorrectly handles the results of the getpwuid() function in drivers/lock.c when using directory servers during a network outage. http://www.linuxsecurity.com/content/view/128167 * Gentoo: ImageMagick Multiple buffer overflows 14th, May, 2007 Multiple integer overflows have been discovered in ImageMagick allowing for the execution of arbitrary code. iDefense Labs has discovered integer overflows in ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are used to process DCM and XWD files. http://www.linuxsecurity.com/content/view/128177 * Gentoo: Samba Multiple vulnerabilities 15th, May, 2007 Samba contains multiple vulnerabilities potentially resulting in the execution of arbitrary code with root privileges. A remote attacker could exploit these vulnerabilities to gain root privileges via various vectors. http://www.linuxsecurity.com/content/view/128202 * Gentoo: PhpWiki Remote execution of arbitrary code 17th, May, 2007 A vulnerability has been discovered in PhpWiki allowing for the remote execution of arbitrary code. A remote attacker could upload a specially crafted PHP file to the vulnerable server, resulting in the execution of arbitrary PHP code with the privileges of the user running PhpWiki. http://www.linuxsecurity.com/content/view/128229 * Gentoo: Apache mod_security Rule bypass 17th, May, 2007 A vulnerability has been discovered in mod_security, allowing a remote attacker to bypass rules.A remote attacker could send a specially crafted POST request, possibly bypassing the module ruleset and leading to the execution of arbitrary code in the scope of the web server with the rights of the user running the web server. http://www.linuxsecurity.com/content/view/128230 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated php packages fix multiple vulnerabilities 10th, May, 2007 A heap buffer overflow flaw was found in the xmlrpc extension for PHP. A script that implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the apache user. This flaw does not, however, affect PHP applications using the pure-PHP XML_RPC class provided via PEAR. http://www.linuxsecurity.com/content/view/128153 * Mandriva: Updated php packages fix multiple vulnerabilities 10th, May, 2007 A heap buffer overflow flaw was found in the xmlrpc extension for PHP. A script that implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the apache user. This flaw does not, however, affect PHP applications using the pure-PHP XML_RPC class provided via PEAR http://www.linuxsecurity.com/content/view/128154 * Mandriva: Updated samba packages fix multiple vulnerabilities 14th, May, 2007 A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server http://www.linuxsecurity.com/content/view/128199 * RedHat: Important: php security update 10th, May, 2007 Updated PHP packages that fix several security issues are now available for Red Hat Application Stack.This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128144 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: freeradius security update 10th, May, 2007 Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux 3, 4, and 5. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. http://www.linuxsecurity.com/content/view/128146 * RedHat: Critical: samba security update 14th, May, 2007 Updated samba packages that fix several security flaws are now available.Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128174 * RedHat: Important: tomcat security update 14th, May, 2007 Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128175 * RedHat: Moderate: bluez-utils security update 14th, May, 2007 Updated bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128176 * RedHat: Important: kernel security and bug fix update 16th, May, 2007 Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available.One of the flaws is in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128219 * RedHat: Moderate: ipsec-tools security update 17th, May, 2007 Updated ipsec-tools packages that fix a denial of service flaw in racoon are now available for Red Hat Enterprise Linux 5. A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128231 * RedHat: Moderate: vixie-cron security update 17th, May, 2007 The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. http://www.linuxsecurity.com/content/view/128232 * RedHat: Moderate: evolution security update 17th, May, 2007 Updated evolution packages that fix a security bug are now available for Red Hat Enterprise Linux 3 and 4. A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server. http://www.linuxsecurity.com/content/view/128233 * RedHat: Moderate: squirrelmail security update 17th, May, 2007 A new squirrelmail package that fixes security issues is now available for Red Hat Enterprise Linux 3, 4 and 5.Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/128234 +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ * Slackware: samba 15th, May, 2007 New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, and current to fix security issues. The security fixes local SID/Name translation bug can result in user privilege elevation, multiple heap overflows allow remote code execution, and Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution. Vulnerabilities and Exposures (CVE) database: http://www.linuxsecurity.com/content/view/128200 * Slackware: libpng 16th, May, 2007 New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,10.2, 11.0, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database. http://www.linuxsecurity.com/content/view/128222 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: Linux kernel (SUSE-SA:2007:030) 10th, May, 2007 This kernel update is for SUSE Linux 9.3 which fixes the some security problems. The ftdi_sio driver allowed local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. This requires this driver to be loaded, which only happens if such a device is plugged in. http://www.linuxsecurity.com/content/view/128140 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: pptpd vulnerability 14th, May, 2007 A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. http://www.linuxsecurity.com/content/view/128198 * Ubuntu: Samba vulnerabilities 15th, May, 2007 Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. http://www.linuxsecurity.com/content/view/128212 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------