+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| June 1st 2007 Volume 8, Number 22a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for the Linux kernel PulseAudio,
freetype, gforge-plugin-scm, otrs2, php, mutt, selinux, firefox,
epiphany, devhelp, yelp, thunderbird, seamonkey, Mplayer,
gnome-media, tomcat, jbossas, evolution, quagga, file, and
mod_jk. The distributors include Debian, Fedora, Gentoo,
Mandriva, Red Hat, and Ubuntu.
---
Vyatta - Linux-based Router, Firewall & VPN
Vyatta software and appliances combine the features, performance
and reliability of enterprise-class networking gear with the
cost-savings and flexibility of linux-based solutions. Vyatta
empowers you to replace overpriced proprietary router, firewall
and VPN equipment with commercially supported open-source solutions.
Free Vyatta Software & Live Webinars
>> http://www.linuxsecurity.com/ads/adclick.php?bannerid=28
---
* EnGarde Secure Linux v3.0.13 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.13 (Version 3.0, Release 13). This release includes several
bug fixes and feature enhancements to the SELinux policy and several
updated packages.
http://wiki.engardelinux.org/index.php/ReleaseNotes3.0.13
---
RFID with Bio-Smart Card in Linux
In this paper, we describe the integration of fingerprint template and RF
smart card for clustered network, which is designed on Linux platform and
Open source technology to obtain biometrics security. Combination of smart
card and biometrics has achieved in two step authentication where smart
card authentication is based on a Personal Identification Number (PIN) and
the card holder is authenticated using the biometrics template stored in
the smart card that is based on the fingerprint verification.
http://www.linuxsecurity.com/content/view/125052/171/
---
Packet Sniffing Overview
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/123570/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New gforge-plugin-scmcvs packages fix arbitrary shell
command execution
24th, May, 2007
Bernhard R. Link discovered that the CVS browsing interface of
Gforge, a collaborative development tool, performs insufficient
escaping of URLs, which allows the execution of arbitrary shell
commands with the privileges of the www-data user.
http://www.linuxsecurity.com/content/view/128325
* Debian: New otrs2 packages fix cross-site scripting
28th, May, 2007
It was discovered that the Open Ticket Request System performs
insufficient input sanitising for the Subaction parameter, which
allows the injection of arbitrary web script code.
http://www.linuxsecurity.com/content/view/128349
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 5 Update: php-5.1.6-1.6
24th, May, 2007
This update fixes a number of security issues in PHP.
A heap buffer overflow flaw was found in the PHP 'xmlrpc'
extension. A PHP script which implements an XML-RPC server
using this extension could allow a remote attacker to
execute arbitrary code as the 'apache' user.
http://www.linuxsecurity.com/content/view/128317
* Fedora Core 6 Update: mutt-1.4.2.3-1.fc6
30th, May, 2007
The APOP protocol allows remote attackers to guess the first 3
characters of a password via man-in-the-middle (MITM) attacks that
use crafted message IDs and MD5 collisions. Also, a Buffer overflow
in Mutt 1.4.2 might allow local users to execute arbitrary code via
"&" characters in the GECOS field, which triggers the overflow during
alias expansion.
http://www.linuxsecurity.com/content/view/128378
* Fedora Core 5 Update: mutt-1.4.2.1-8.fc5
30th, May, 2007
The APOP protocol allows remote attackers to guess the first 3
characters of a password via man-in-the-middle (MITM) attacks that
use crafted message IDs and MD5 collisions. Buffer overflow in Mutt
1.4.2 might allow local users to execute arbitrary code via "&"
characters in the GECOS field, which triggers the overflow during
alias expansion.
http://www.linuxsecurity.com/content/view/128379
* Fedora Core 6 Update: selinux-policy-2.4.6-72.fc6
30th, May, 2007
This Updates Fedora Core 6 SELinux policy. One change is Allow
prelink sys_resource, Add transition rule to allow apps to run java
in different context. Another is Allow netlable to read etc and work
with init terminals and changes the file context to have all of
policy at SystemLow.
http://www.linuxsecurity.com/content/view/128380
* Fedora Core 6 Update: firefox-1.5.0.12-1.fc6
31st, May, 2007
Updated firefox packages that fix several security bugs are
now available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.
http://www.linuxsecurity.com/content/view/128388
* Fedora Core 6 Update: epiphany-2.16.3-5.fc6
31st, May, 2007
Updated firefox packages that fix several security bugs are now
available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser. Several flaws were
found in the way Firefox processed certain malformed JavaScript code.
A web page containing malicious JavaScript code could cause Firefox
to crash or potentially execute arbitrary code as the user running
Firefox.
http://www.linuxsecurity.com/content/view/128389
* Fedora Core 6 Update: devhelp-0.12-11.fc6
31st, May, 2007
Updated firefox packages that fix several security bugs are
now available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.
http://www.linuxsecurity.com/content/view/128390
* Fedora Core 6 Update: yelp-2.16.0-13.fc6
31st, May, 2007
Updated firefox packages that fix several security bugs are
now available Fedora Core 6. This update has been rated as having
critical security impact by the Fedora Security Response Team.
http://www.linuxsecurity.com/content/view/128391
* Fedora Core 6 Update: thunderbird-1.5.0.12-1.fc6
31st, May, 2007
Updated thunderbird packages that fix several security bugs
are now available for Fedora Core. This update has been rated as
having critical security impact by the Fedora Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain
malformed JavaScript code. A web page containing
malicious JavaScript code could cause Thunderbird to crash or
potentially execute arbitrary code as the user running Thunderbird.
http://www.linuxsecurity.com/content/view/128392
* Fedora Core 5 Update: thunderbird-1.5.0.12-1.fc5
31st, May, 2007
Updated thunderbird packages that fix several security bugs are now
available for Fedora Core. This update has been rated as having
critical security impact by the Fedora Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain
malformed JavaScript code. A web page containing malicious JavaScript
code could cause Thunderbird to crash or potentially execute
arbitrary code as the user running Thunderbird.
http://www.linuxsecurity.com/content/view/128393
* Fedora Core 5 Update: seamonkey-1.0.9-1.fc5
31st, May, 2007
Updated seamonkey packages that fix several security bugs
are now available for Fedora Core 5. This update has been rated as
having critical security impact by the Fedora Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.
http://www.linuxsecurity.com/content/view/128394
* Fedora Core 5 Update: devhelp-0.11-7.fc5
31st, May, 2007
Updated seamonkey packages that fix several security bugs are now
available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor. Several flaws were found in
the way SeaMonkey processed certain malformed JavaScript code. A web
page containing malicious JavaScript code could cause SeaMonkey to
crash or potentially execute arbitrary code as the user running
SeaMonkey.
http://www.linuxsecurity.com/content/view/128395
* Fedora Core 5 Update: yelp-2.14.3-5.fc5
31st, May, 2007
Updated seamonkey packages that fix several security bugs are now
available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team.
SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor. Several flaws were found in
the way SeaMonkey processed certain malformed JavaScript code. A web
page containing malicious JavaScript code could cause SeaMonkey to
crash or potentially execute arbitrary code as the user running
SeaMonkey.
http://www.linuxsecurity.com/content/view/128396
* Fedora Core 5 Update: epiphany-2.14.3-6.fc5
31st, May, 2007
Updated seamonkey packages that fix several security bugs are now
available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team. SeaMonkey
is an open source Web browser, advanced email and newsgroup client, IRC chat
client, and HTML editor. Several flaws were found in the way SeaMonkey
processed certain malformed JavaScript code. A web page containing malicious
JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary
code as the user running SeaMonkey.
http://www.linuxsecurity.com/content/view/128397
* Fedora Core 5 Update: firefox-1.5.0.12-1.fc5
31st, May, 2007
Updated firefox packages that fix several security bugs are
now available for Fedora Core 5. This update has been rated as having
critical security impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser. Several flaws were
found in the way Firefox processed
certain malformed JavaScript code. A web page containing malicious
JavaScript code could cause Firefox to crash or potentially execute
arbitrary code as the user running Firefox.
http://www.linuxsecurity.com/content/view/128398
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: PHP Multiple vulnerabilities
26th, May, 2007
PHP contains several vulnerabilities including buffer and integer
overflows which could under certain conditions lead to the remote
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/128345
* Gentoo: Blackdown Java Applet privilege escalation
26th, May, 2007
The Blackdown JDK and the Blackdown JRE suffer from the multiple
unspecified vulnerabilities that already affected the Sun JDK and
JRE. Chris Evans has discovered multiple buffer overflows in the Sun
JDK and the Sun JRE possibly related to various AWT and font layout
functions.
http://www.linuxsecurity.com/content/view/128346
* Gentoo: MPlayer Two buffer overflows
30th, May, 2007
Two vulnerabilities have been discovered in MPlayer, each one could
lead to the execution of arbitrary code.A buffer overflow has been
reported in the DMO_VideoDecoder_Open() function in file
loader/dmo/DMO_VideoDecoder.c. Another buffer overflow has been
reported in the DS_VideoDecoder_Open() function in file
loader/dshow/DS_VideoDecoder.c.
http://www.linuxsecurity.com/content/view/128368
* Gentoo: FreeType Buffer overflow
30th, May, 2007
Victor Stinner discovered a heap-based buffer overflow in the
function Get_VMetrics() in src/truetype/ttgload.c when processing TTF
files with a negative n_points attribute. A remote attacker could entice
a user to open a specially crafted TTF file, possibly resulting in the
execution of arbitrary code with the privileges of the user running
FreeType.
http://www.linuxsecurity.com/content/view/128369
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated samba packages fix multiple
24th, May, 2007
A number of bugs were discovered in the NDR parsing support in Samba
that is used to decode MS-RPC requests. A remote attacker could
send a carefully crafted request that would cause a heap overflow,
possibly leading to the ability to execute arbitrary code on the
server.
http://www.linuxsecurity.com/content/view/128313
* Mandriva: Updated gnome-media packages fix bug
24th, May, 2007
A window modality bug was preventing audio profile editing from
Sound-juicer or Rhythmbox applications. This bug is fixed with the
updated gnome-media package.
http://www.linuxsecurity.com/content/view/128330
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Important: tomcat security update
24th, May, 2007
Updated tomcat packages that fix multiple security issues and a bug
are now available for Red Hat Developer Suite 3. Tomcat was found to
accept multiple content-length headers in a request. This could allow
attackers to poison a web-cache, bypass web application firewall
protection, or conduct cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/128320
* RedHat: Important: jbossas security update
24th, May, 2007
Updated jbossas packages that fix multiple security issues in tomcat
are now available for Red Hat Application Stack. This update has been rated
as having Important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128327
* RedHat: Moderate: evolution-data-server security update
30th, May, 2007
Updated evolution-data-server package that fixes a security bug are
now available for Red Hat Enterprise Linux 5.A flaw was found in the way
evolution-data-server processed certain APOP authentication requests.
By sending certain responses when evolution-data-server attempted to
authenticate against an APOP server, a remote attacker could
potentially acquire certain portions of a user's authentication
credentials. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128360
* RedHat: Important: mod_jk security update
30th, May, 2007
Updated mod_jk packages that fix a security issue are now available
for Red Hat Application Server.If Tomcat was used behind mod_jk and
configured to only proxy some contexts, an attacker could construct a
carefully crafted HTTP request to work around the context restriction and
potentially access non-proxied content. This update has been rated as having
Important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128361
* RedHat: Moderate: quagga security update
30th, May, 2007
An updated quagga package that fixes a security bug is now available
for
Red Hat Enterprise Linux 3, 4 and 5.An out of bounds memory read flaw
was discovered in Quagga's bgpd. A configured peer of bgpd could
cause Quagga to crash, leading to a denial of service. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/128362
* RedHat: Moderate: file security update
30th, May, 2007
An updated file package that fixes a security flaw is now available
for Red Hat Enterprise Linux 4 and 5.The fix for CVE-2007-1536 introduced
a new integer underflow flaw in the file utility. An attacker could
create a carefully crafted file which, if examined by a victim using
the file utility, could lead to arbitrary code execution. This update
has been rated as having moderate security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/128363
* RedHat: Important: mod_jk security update
30th, May, 2007
Updated mod_jk packages that fix a security issue are now available
for Red Hat Application Stack v1.1. If Tomcat was used behind mod_jk and
configured to only proxy some contexts, an attacker could construct a carefully
crafted HTTP request to work around the context restriction and potentially
access non-proxied content. This update has been rated as having Important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128367
* RedHat: Critical: firefox security update
30th, May, 2007
Updated firefox packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4 and 5. Several flaws were found
in the way Firefox processed certain malformed JavaScript code. A web page
containing malicious JavaScript code could cause Firefox to crash or
potentially execute arbitrary code as the user running Firefox. This
update has been rated as having critical security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128383
* RedHat: Critical: thunderbird security update
30th, May, 2007
Updated thunderbird packages that fix several security bugs are now
available for Red Hat Enterprise Linux 4 and 5.Several flaws were
found in the way Thunderbird processed certain malformed JavaScript
code. A web page containing malicious JavaScript code could cause
Thunderbird to crash or potentially execute arbitrary code as the
user running Thunderbird. This update has been rated as having
critical security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128384
* RedHat: Critical: seamonkey security update
30th, May, 2007
Updated seamonkey packages that fix several security bugs are now
available
for Red Hat Enterprise Linux 2.1, 3, and 4.Several flaws were found
in the way SeaMonkey processed certain malformed JavaScript code. A
web page containing malicious JavaScript code could cause SeaMonkey
to crash or potentially execute arbitrary code as the user running
SeaMonkey. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/128385
+---------------------------------+
| Distribution: Ubuntu | ----------------------------//
+---------------------------------+
* Ubuntu: Linux kernel vulnerabilities
24th, May, 2007
Philipp Richter discovered that the AppleTalk protocol handler did
not sufficiently verify the length of packets. By sending a crafted
AppleTalk packet, a remote attacker could exploit this to crash the
kernel.
http://www.linuxsecurity.com/content/view/128329
* Ubuntu: PulseAudio vulnerability
25th, May, 2007
Luigi Auriemma discovered multiple flaws in pulseaudio's network
processing code. If an unauthenticated attacker sent specially
crafted requests to the pulseaudio daemon, it would crash, resulting
in a denial of service.
http://www.linuxsecurity.com/content/view/128343
* Ubuntu: freetype vulnerability
30th, May, 2007
Victor Stinner discovered that freetype did not correctly verify the
number of points in a TrueType font. If a user were tricked into
using a specially crafted font, a remote attacker could execute arbitrary
code with user privileges.
http://www.linuxsecurity.com/content/view/128382
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
