Linux Advisory Watch - May 25th 2007

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  May 25th 2007                                 Volume 8, Number 21a |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week advisories were released for samba, xfree86, php5,
clamav, gforge-plugin-scmcvs, tomcat5, phpwiki, mod_security,
pptpd, fetchmail, squirrelmail, evolution, tetex, ipsec-tools,
vixie-cron, libpng, gimp, Quagga, and vim.  The distributors
include Debian, Fedora, Gentoo, Mandriva, Red Hat, SuSE,
and Ubuntu.

---

Vyatta - Linux-based Router, Firewall & VPN

Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.

    Free Vyatta Software & Live Webinars
 >> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28

---

* EnGarde Secure Linux v3.0.13 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.

http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13

---

RFID with Bio-Smart Card in Linux

In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.

http://www.linuxsecurity.com/content/view/125052/171/

---


Packet Sniffing Overview

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.

http://www.linuxsecurity.com/content/view/123570/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New samba packages fix multiple vulnerabilities
  17th, May, 2007

Various bugs in Samba's NDR parsing can allow a user to send
specially crafted MS-RPC requests that will overwrite the heap space
with user defined data.

http://www.linuxsecurity.com/content/view/128228


* Debian: New xfree86 packages fix several vulnerabilities
  17th, May, 2007

Several vulnerabilities have been discovered in the X Window System,
which may lead to privilege escalation. Sean Larsson discovered an
integer overflow in the XC-MISC extension, which might lead to denial
of service or local privilege escalation.

http://www.linuxsecurity.com/content/view/128235


* Debian: New php5 packages fix several vulnerabilities
  19th, May, 2007

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

http://www.linuxsecurity.com/content/view/128251


* Debian: New clamav packages fix denial of service vulnerability
  21st, May, 2007

On 25 April, the Debian Security Team released clamav 0.90.1-3etch1,
an update to the Clam anti-virus toolkit, to address several
vulnerabilities. Unfortunately, there was an error in the updated
packages and CVE-2007-2029, a file descriptor leak in the PDF document
handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing
distribution (lenny). This problem has been fixed in version 0.90.1-3etch2
for Debian 4.0 (etch).

http://www.linuxsecurity.com/content/view/128262


* Debian: New php4 packages fix privilege escalation
  21st, May, 2007

It was discovered that the ftp extension of PHP, a server-side,
HTML-embedded scripting language performs insufficient input
sanitising, which permits an attacker to execute arbitrary FTP commands.
This requires the attacker to already have access to the FTP server.

http://www.linuxsecurity.com/content/view/128263


* Debian: New gforge-plugin-scmcvs packages fix arbitrary shell
command execution
  24th, May, 2007

Bernhard R. Link discovered that the CVS browsing interface of
Gforge, a collaborative development tool, performs insufficient escaping
of URLs, which allows the execution of arbitrary shell commands with the
privileges of the www-data user.

http://www.linuxsecurity.com/content/view/128325



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 6 Update: tomcat5-5.5.23-0jpp.2.fc6
  21st, May, 2007

Several security issues were reported to be fixed in releases prior
to tomcat5.5.23. Tomcat was found to accept multiple content-length
headers in a request. This could allow attackers to poison a web-cache,
bypass web application firewall protection, or conduct cross-site
scripting attacks.

http://www.linuxsecurity.com/content/view/128271


* Fedora Core 6 Update: jakarta-commons-modeler-1.1-8jpp.2.fc6
  21st, May, 2007

Several security issues were reported to be fixed in
releases prior to tomcat5.5.23 Tomcat was found to accept multiple
content-length headers in a request. This could allow attackers to
poison a web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/128272


* Fedora Core 5 Update: samba-3.0.24-6.fc5
  21st, May, 2007

Security bugs where found in samba-3.0.24-6.fc5. This update fixes
nmbd segfault in some rare conditions. Also fixes a bug introduced
with CVE-2007-2444 in some configurations.  fixes CVE-2007-0452 Samba
smbd denial of service

http://www.linuxsecurity.com/content/view/128278


* Fedora Core 5 Update: php-5.1.6-1.6
  24th, May, 2007

This update fixes a number of security issues in PHP.
A heap buffer overflow flaw was found in the PHP 'xmlrpc'
extension. A PHP script which implements an XML-RPC server
using this extension could allow a remote attacker to
execute arbitrary code as the 'apache' user.

http://www.linuxsecurity.com/content/view/128317


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: PhpWiki Remote execution of arbitrary code
  17th, May, 2007

A vulnerability has been discovered in PhpWiki allowing for the
remote execution of arbitrary code. A remote attacker could upload a
specially crafted PHP file to the vulnerable server, resulting in the
execution of arbitrary PHP code
with the privileges of the user running PhpWiki.

http://www.linuxsecurity.com/content/view/128229


* Gentoo: Apache mod_security Rule bypass
  17th, May, 2007

A vulnerability has been discovered in mod_security, allowing a
remote attacker to bypass rules.A remote attacker could send a specially
crafted POST request, possibly bypassing the module ruleset and
leading to the execution of arbitrary code in the scope of the web
server with the rights of the user running
the web server.

http://www.linuxsecurity.com/content/view/128230


* Gentoo: PPTPD Denial of Service attack
  20th, May, 2007

PPTPD is a Point-to-Point Tunnelling Protocol Daemon for Linux. A
vulnerability has been reported in PPTPD which could lead to a Denial
of Service.

http://www.linuxsecurity.com/content/view/128254



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated fetchmail packages fix potential APOP
vulnerabilities
  17th, May, 2007

 The APOP functionality in fetchmail's POP3 client implementation was

validating the APOP challenge too lightly, accepting random garbage
as a POP3 server's APOP challenge, rather than insisting it conform
to RFC-822 specifications. Updated packages have been patched to
prevent these issues, however it should be noted that the APOP
MD5-based authentication scheme should no longer be considered
secure.

http://www.linuxsecurity.com/content/view/128238


* Mandriva: Updated squirrelmailpackages fix vulnerabilities
  19th, May, 2007

 A number of HTML filtering bugs were found in SquirrelMail that
could allow an attacker to inject arbitrary JavaScript leading to
cross-site scripting attacks by sending an email viewed by a user
within SquirrelMail (CVE-2007-1262).

http://www.linuxsecurity.com/content/view/128252


* Mandriva: Updated evolution packages fix APOP weakness
  20th, May, 2007

 A weakness in the way Evolution processed certain APOP
authentication requests was discovered.  A remote attacker could
potentially obtain certain portions of a user's authentication
credentials by sending certain responses when evolution-data-server
attempted to authenticate against an APOP server. The updated packages
have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/128253


* Mandriva: Updated tetex packages fix vulnerabilities
  23rd, May, 2007

 Buffer overflow in the gdImageStringFTEx function in gdft.c in the
GD Graphics Library 2.0.33 and earlier allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via a crafted string with a JIS encoded font.
Tetex 3.x uses an embedded copy of the gd source and may also be
affected by this issue.

http://www.linuxsecurity.com/content/view/128312


* Mandriva: Updated samba packages fix multiple
  24th, May, 2007

 A number of bugs were discovered in the NDR parsing support in Samba

that is used to decode MS-RPC requests.  A remote attacker could
send a carefully crafted request that would cause a heap overflow,
possibly leading to the ability to execute arbitrary code on the
server.

http://www.linuxsecurity.com/content/view/128313


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Moderate: ipsec-tools security update
  17th, May, 2007

Updated ipsec-tools packages that fix a denial of service flaw in
racoon are now available for Red Hat Enterprise Linux 5. A denial of
service flaw was found in the ipsec-tools racoon daemon. It was possible
for a remote attacker, with knowledge of an existing ipsec tunnel, to
terminate the ipsec connection between two machines. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/128231


* RedHat: Moderate: vixie-cron security update
  17th, May, 2007

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Raphael Marichez discovered a denial of service bug in the way
vixie-cron verifies crontab file integrity. A local user with the ability to
create a hardlink to /etc/crontab can prevent vixie-cron from executing
certain system cron jobs.

http://www.linuxsecurity.com/content/view/128232


* RedHat: Moderate: evolution security update
  17th, May, 2007

Updated evolution packages that fix a security bug are now available
for
Red Hat Enterprise Linux 3 and 4. A flaw was found in the way
Evolution processed certain APOP authentication requests. A remote
attacker could potentially acquire certain portions of a user's
authentication credentials by sending certain responses when
evolution-data-server attempted to authenticate against an APOP
server.

http://www.linuxsecurity.com/content/view/128233


* RedHat: Moderate: squirrelmail security update
  17th, May, 2007

A new squirrelmail package that fixes security issues is now
available for Red Hat Enterprise Linux 3, 4 and 5.Several HTML
filtering bugs were discovered in SquirrelMail.  An attacker could
inject arbitrary JavaScript leading to cross-site scripting attacks
by sending an e-mail viewed by a user within SquirrelMail.
This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128234


* RedHat: Moderate: libpng security update
  17th, May, 2007

Updated libpng packages that fix security issues are now available
for Red Hat Enterprise Linux.A flaw was found in the handling of
malformed images in libpng. An attacker could create a carefully
crafted PNG image file in such a way that it could cause an application
linked with libpng to crash when the file was manipulated. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.

http://www.linuxsecurity.com/content/view/128236


* RedHat: Moderate: gimp security update
  21st, May, 2007

Updated gimp packages that fix a security issue are now available for
Red Hat Enterprise Linux.Marsu discovered a stack overflow bug in The
GIMP RAS file loader.  An attacker could create a carefully crafted
file that could cause The GIMP to crash or possibly execute arbitrary
code if the file was opened by a victim. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128256


* RedHat: Important: tomcat security update
  21st, May, 2007

Updated tomcat packages that fix multiple security issues are now
available for Red Hat Application Server v2.Tomcat was found to accept
multiple content-length headers in a request. This could allow attackers
to poison a web-cache, bypass web application firewall protection, or
conduct cross-site scripting attacks. This update has been rated as
having important security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/128257


* RedHat: Important: tomcat security update
  24th, May, 2007

Updated tomcat packages that fix multiple security issues and a bug
are now available for Red Hat Developer Suite 3. Tomcat was found to
accept multiple content-length headers in a request. This could allow
attackers to poison a web-cache, bypass web application firewall
protection, or conduct cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/128320


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: samba security problems
  22nd, May, 2007

The Samba server was affected by several security problems which have
been fixed. Specially crafted MS-RPC packets could overwrite heap
memory and therefore could potentially be exploited to execute code.
Authenticated users could leverage specially crafted MS-RPC packets
to pass arguments unfiltered to /bin/sh.

http://www.linuxsecurity.com/content/view/128283


* SuSE: php4,php5 security problems
  23rd, May, 2007

Numerous numerous vulnerabilities have been fixed in PHP. Most of
them were made public during the "Month of PHP Bugs" project by
Stefan Esser and we thank Stefan for his reports. The vulnerabilities
potentially lead to crashes, information leaks
or even execution of malicious code.

http://www.linuxsecurity.com/content/view/128300


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Ubuntu:  Quagga vulnerability
  17th, May, 2007

It was discovered that Quagga did not correctly verify length
information sent from configured peers. Remote malicious peers could
send a specially crafted UPDATE message which would cause bgpd to
abort, leading to a denial of service.

http://www.linuxsecurity.com/content/view/128237


* Ubuntu:  pptpd regression
  21st, May, 2007

USN-459-1 fixed vulnerabilities in pptpd.  However, a portion of the
fix caused a regression in session establishment under Dapper for certain
PPTP clients.  This update fixes the problem. We apologize for the
inconvenience.

http://www.linuxsecurity.com/content/view/128267


* Ubuntu:  Samba regression
  22nd, May, 2007

USN-460-1 fixed several vulnerabilities in Samba.  The upstream
changes
for CVE-2007-2444 had an unexpected side-effect in Feisty. Paul
Griffith and Andrew Hogue discovered that Samba did not fully drop
root privileges while translating SIDs. A remote authenticated user
could issue SMB operations during a small window of opportunity and
gain root privileges.  (CVE-2007-2444)

http://www.linuxsecurity.com/content/view/128291


* Ubuntu:  PHP vulnerabilities
  22nd, May, 2007

A flaw was discovered in the FTP command handler in PHP.  Commands
were not correctly filtered for control characters.  An attacker
could issue arbitrary FTP commands using specially crafted arguments.

http://www.linuxsecurity.com/content/view/128293


* Ubuntu:  vim vulnerability
  22nd, May, 2007

Tomas Golembiovsky discovered that some vim commands were
accidentally allowed in modelines.  By tricking a user into opening a
specially crafted file in vim, an attacker could execute arbitrary code
with user privileges.

http://www.linuxsecurity.com/content/view/128294


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux