+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 31st 2007 Volume 8, Number 35a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for asterisk, dovecot, rsync, postfix-policyd, lighthttpd, mediawiki, moodle, cups, tetex, kdegraphics, koffice, kdelibs, kdebase, po4a, libvorbias, id3lib, bochs, sylpheed, Opera, vim, gdm, gimp, kernel, tar, mysql, emacs, enigmail, and tcpwrappers. The distributors include Debian, Fedora, Mandriva, Red Hat, SuSE, and Ubuntu. -- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- * EnGarde Secure Linux v3.0.16 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.16 (Version 3.0, Release 16). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. http://www.engardelinux.org/modules/download/ --- Review: Ruby by Example Learning a new language cannot be complete without a few 'real world' examples. 'Hello world!'s and fibonacci sequences are always nice as an introduction to certain aspects of programming, but soon or later you crave something meatier to chew on. 'Ruby by Example: Concepts and Code' by Kevin C. Baird provides a wealth of knowledge via general to specialized examples of the dynamic object oriented programming language, Ruby. Want to build an mp3 playlist processor? How about parse out secret codes from 'Moby Dick'? Read on! http://www.linuxsecurity.com/content/view/128840/171/ --- Robert Slade Review: "Information Security and Employee Behaviour" The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/128404/171/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New asterisk packages fix several vulnerabilities 27th, August, 2007 Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: "Mu Security" discovered that a NULL pointer deference in the SIP implementation could lead to denial of service. http://www.linuxsecurity.com/content/view/129054 * Debian: New dovecot packages fix directory traversal 28th, August, 2007 It was discovered that dovecot, a secure mail server that supports mbox and maildir mailboxes, when configured to use non-system-user spools and compressed folders, may allow directory traversal in mailbox names http://www.linuxsecurity.com/content/view/129137 * Debian: New rsync packages fix arbitrary code execution 28th, August, 2007 Sebastian Krahmer discovered that rsync, a fast remote file copy program, contains an off-by-one error which might allow remote attackers to execute arbitary code via long directory names. http://www.linuxsecurity.com/content/view/129138 * Debian: New postfix-policyd packages fix arbitrary code execution 29th, August, 2007 It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly bounds-test incoming SMTP commands potentially allowing the remote exploitation of arbitrary code. http://www.linuxsecurity.com/content/view/129189 * Debian: New lighttpd packages fix several vulnerabilities 29th, August, 2007 Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. The use of mod_auth could leave to a denial of service attack crashing the webserver. http://www.linuxsecurity.com/content/view/129190 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora 7 Update: mediawiki-1.9.3-34.0.2.fc7 27th, August, 2007 This update fixes the following vulnerability: "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer." http://www.linuxsecurity.com/content/view/129069 * Fedora 7 Update: moodle-1.8.2-1.fc7 27th, August, 2007 Upgrade to 1.8.2, Security fixes for 247582. Also corrects bug 245750, cron job problem. http://www.linuxsecurity.com/content/view/129071 * Fedora 7 Update: cups-1.2.12-4.fc7 27th, August, 2007 This update fixes a security problem concerning PDF handling. It also fixes printing speed with USB printers, and includes a fix for the LSPP support. http://www.linuxsecurity.com/content/view/129074 * Fedora 7 Update: tetex-3.0-40.1.fc7 27th, August, 2007 * Fri Aug 10 2007 Jindrich Novy - backport upstream fix for xpdf integer overflow CVE-2007-3387 http://www.linuxsecurity.com/content/view/129075 * Fedora 7 Update: kdegraphics-3.5.7-2.fc7 27th, August, 2007 This is an update to address a vulnerability in kpdf, one that can cause a stack based buffer overflow. http://www.linuxsecurity.com/content/view/129077 * Fedora 7 Update: koffice-1.6.3-9.fc7 27th, August, 2007 This is an update to address a stack-based buffer overflow vulnerability in kword's pdf filter. http://www.linuxsecurity.com/content/view/129078 * Fedora 7 Update: kdelibs-3.5.7-20.fc7 27th, August, 2007 This update primarily addresses problems with URL spoofing and consolekit/session permissions. http://www.linuxsecurity.com/content/view/129082 * Fedora 7 Update: kdebase-3.5.7-13.fc7 27th, August, 2007 This update primarily addresses security issues around URL spoofing. http://www.linuxsecurity.com/content/view/129083 * Fedora 7 Update: po4a-0.32-4.fc7 27th, August, 2007 This update fixes a potential security problem (information leak) due to use of predictable name in /tmp. There is no CVE assignment yet http://www.linuxsecurity.com/content/view/129084 * Fedora 7 Update: libvorbis-1.1.2-3.fc7 27th, August, 2007 Multiple security flaws were found in libvorbis. This updated package fixes them all. Descriptions of the security bugs can be found in the Fedora bug reporting software. http://www.linuxsecurity.com/content/view/129085 * Fedora 7 Update: id3lib-3.8.3-17.fc7 27th, August, 2007 This security update fixes a (minor) tempfile creation security issue (CVE-2007-4460) by using mkstemp (bugzilla 253553) http://www.linuxsecurity.com/content/view/129086 * Fedora 7 Update: bochs-2.3-7.fc7 27th, August, 2007 This security update of bochs fixes CVE-2007-2894: The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. http://www.linuxsecurity.com/content/view/129087 * Fedora 7 Update: sylpheed-2.3.1-5 27th, August, 2007 Ulf Harnhammar (Secunia Research) has discovered a format string vulnerability in sylpheed and claws-mail in inc_put_error() function in src/inc.c when displaying POP3 error reply. http://www.linuxsecurity.com/content/view/129095 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Qt Multiple format string vulnerabilities 27th, August, 2007 Format string vulnerabilities in Qt 3 may lead to the remote execution of arbitrary code in some Qt applications. An attacker could trigger one of the vulnerabilities by causing a Qt application to parse specially crafted text, which may lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/129057 * Gentoo: Opera Multiple vulnerabilities 27th, August, 2007 Opera contain several vulnerabilities, some of which may allow the execution of arbitrary code. A remote attacker could trigger the BitTorrent vulnerability by enticing a user into starting a malicious BitTorrent download, and execute arbitrary code through unspecified vectors. http://www.linuxsecurity.com/content/view/129058 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated vim packages fix vulnerability 27th, August, 2007 A format string vulnerability in the helptags support in vim allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/129059 * Mandriva: Updated gdm packages fix DoS vulnerability 27th, August, 2007 A vulnerability was discovered in how gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to gdm's unix domain socket. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/129061 * Mandriva: Updated gimp packages fix input data validation 27th, August, 2007 Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. http://www.linuxsecurity.com/content/view/129062 * Mandriva: Updated kernel packages fix multiple 28th, August, 2007 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The first is that the Linux kernel did not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allowed local users to cause a denial of service (process crash). http://www.linuxsecurity.com/content/view/129139 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Moderate: tar security update 27th, August, 2007 Updated tar package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. http://www.linuxsecurity.com/content/view/129064 * RedHat: Important: mysql security update 30th, August, 2007 Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. A flaw was discovered in MySQL's authentication protocol. It is possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash. http://www.linuxsecurity.com/content/view/129210 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: Linux kernel (SUSE-SA:2007:035) 27th, August, 2007 The ftdi_sio driver allowed local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. This requires this driver to be loaded, which only happens if such a device is plugged in. http://www.linuxsecurity.com/content/view/129065 * SuSE: Mozilla Firefox, Thunderbird, 27th, August, 2007 The Mozilla Firefox browser was brought to security update version 1.5.0.12 on Novell Linux Desktop 9 and 2.0.0.4 on SUSE Linux Enterprise 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2. The Mozilla Thunderbird mailreader was brought to security update version 1.5.0.12 on SUSE Linux 10.0, 10.1 and openSUSE 10.2. http://www.linuxsecurity.com/content/view/129066 * SuSE: Opera (SUSE-SA:2007:050) 30th, August, 2007 The Opera web-browser allows an attacker to execute arbitrary code by providing an invalid pointer to a virtual function in JavaScript. This bug can be exploited automatically when a user visits a web-site that contains the attacker's JavaScript code http://www.linuxsecurity.com/content/view/129192 +---------------------------------+ | Distribution: Ubuntu | ----------------------------// +---------------------------------+ * Ubuntu: KDE vulnerabilities 27th, August, 2007 It was discovered that Konqueror could be tricked into displaying incorrect URLs. Remote attackers could exploit this to increase their chances of tricking a user into visiting a phishing URL, which could lead to credential theft. http://www.linuxsecurity.com/content/view/129055 * Ubuntu: Thunderbird vulnerabilities 27th, August, 2007 Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. http://www.linuxsecurity.com/content/view/129056 * Ubuntu: Emacs vulnerability 28th, August, 2007 Hendrik Tews discovered that emacs21 did not correctly handle certain GIF images. By tricking a user into opening a specially crafted GIF, a remote attacker could cause emacs21 to crash, resulting in a denial of service. http://www.linuxsecurity.com/content/view/129143 * Ubuntu: tar vulnerability 28th, August, 2007 Dmitry V. Levin discovered that tar did not correctly detect the ".." file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges. http://www.linuxsecurity.com/content/view/129144 * Ubuntu: vim vulnerability 28th, August, 2007 Ulf Harnhammar discovered that vim does not properly sanitise the "helptags_one()" function when running the "helptags" command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/129145 * Ubuntu: Enigmail regression 28th, August, 2007 USN-469-1 fixed vulnerabilities in the Mozilla Thunderbird email client. The updated Thunderbird version broken compatibility with the Enigmail plugin. This update corrects the problem. We apologize for the inconvenience. http://www.linuxsecurity.com/content/view/129146 * Ubuntu: tcp-wrappers vulnerability 29th, August, 2007 It was discovered that the TCP wrapper library was incorrectly allowing connections to services that did not specify server-side connection details. Remote attackers could connect to services that had been configured to block such connections. This only affected Ubuntu Feisty. http://www.linuxsecurity.com/content/view/129191 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------