+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 14th 2007 Volume 8, Number 37a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for krb5, gforge, xorg, id3lib, phpmyadmin, ktorrent, phpwiki, jffnms, eggdrop, Mysql, x11-server, fetchmail, php, openssh, and samba. The distributors include Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu. -- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- * EnGarde Secure Linux v3.0.16 Now Available Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.16 (Version 3.0, Release 16). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. http://www.engardelinux.org/modules/download/ --- Review: Ruby by Example Learning a new language cannot be complete without a few 'real world' examples. 'Hello world!'s and fibonacci sequences are always nice as an introduction to certain aspects of programming, but soon or later you crave something meatier to chew on. 'Ruby by Example: Concepts and Code' by Kevin C. Baird provides a wealth of knowledge via general to specialized examples of the dynamic object oriented programming language, Ruby. Want to build an mp3 playlist processor? How about parse out secret codes from 'Moby Dick'? Read on! http://www.linuxsecurity.com/content/view/128840/171/ --- Robert Slade Review: "Information Security and Employee Behaviour" The best way to secure you against sniffing is to use encryption. While this won't prevent a sniffer from functioning, it will ensure that what a sniffer reads is pure junk. http://www.linuxsecurity.com/content/view/128404/171/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New krb5 packages fix arbitrary code execution 6th, September, 2007 It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code. The original patch from DSA-1367-1 didn't address the problem fully. This update delivers an updated fix. http://www.linuxsecurity.com/content/view/129347 * Debian: New gforge packages fix SQL injection 6th, September, 2007 Sumit I. Siddharth discovered that Gforge, a collaborative development tool performs insufficient input sanitising, which allows SQL injection. http://www.linuxsecurity.com/content/view/129348 * Debian: New xorg-server packages fix privilege escalation 9th, September, 2007 Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation. http://www.linuxsecurity.com/content/view/129392 * Debian: New id3lib3.8.3 packages fix denial of service 9th, September, 2007 Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks. http://www.linuxsecurity.com/content/view/129394 * Debian: New phpmyadmin packages fix several vulnerabilities 9th, September, 2007 Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. http://www.linuxsecurity.com/content/view/129395 * Debian: New phpmyadmin packages fix several vulnerabilities 10th, September, 2007 Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. http://www.linuxsecurity.com/content/view/129441 * Debian: New ktorrent packages fix directory traversal 11th, September, 2007 It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users toover write arbitrary files. http://www.linuxsecurity.com/content/view/129444 * Debian: New phpwiki packages fix several vulnerabilities 11th, September, 2007 Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. http://www.linuxsecurity.com/content/view/129445 * Debian: New jffnms packages fix several vulnerabilities 11th, September, 2007 Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks. Cross-site scripting (XSS) vulnerability in auth.php, which allows a remote attacker to inject arbitrary web script or HTML via the user parameter. http://www.linuxsecurity.com/content/view/129446 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: MIT Kerberos 5 Multiple vulnerabilities 11th, September, 2007 Two vulnerabilities have been found in MIT Kerberos 5, which could allow a remote unauthenticated user to execute arbitrary code with root privileges. http://www.linuxsecurity.com/content/view/129447 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated krb5 packages fix vulnerabilities 6th, September, 2007 A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. http://www.linuxsecurity.com/content/view/129345 * Mandriva: Updated eggdrop package fix remote buffer overflow 6th, September, 2007 A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message. Updated packages fix this issue. http://www.linuxsecurity.com/content/view/129346 * Mandriva: Updated kdebase and kdelibs packages fix location 6th, September, 2007 konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. (CVE-2007-3820) http://www.linuxsecurity.com/content/view/129349 * Mandriva: Updated MySQL packages fix vulnerabilities 6th, September, 2007 A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash (CVE-2007-3780). http://www.linuxsecurity.com/content/view/129350 * Mandriva: Updated krb5 packages fix vulnerabilities 7th, September, 2007 A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash. http://www.linuxsecurity.com/content/view/129390 * Mandriva: Updated x11-server packages fix vulnerability 11th, September, 2007 Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which if exploited could lead to local privilege escalation. Updated packages have been patched to prevent these issues. http://www.linuxsecurity.com/content/view/129448 * Mandriva: Updated fetchmail packages fix DoS vulnerability 11th, September, 2007 A vulnerability in fetchmail was found where it could crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a denial of service. http://www.linuxsecurity.com/content/view/129449 * Mandriva: Updated id3lib packages fix vulnerability 12th, September, 2007 A programming error was found in id3lib by Nikolaus Schulz that could lead to a denial of service through symlink attacks. Updated packages have been patched to prevent these issues. http://www.linuxsecurity.com/content/view/129485 * Mandriva: Updated librpcsecgss packages fix vulnerabilities 12th, September, 2007 A stack buffer overflow vulnerability was discovered in the RPCSEC_GSS RPC library by Tenable Network Security that could potentially allow for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/129486 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Important: krb5 security update 7th, September, 2007 Updated krb5 packages that correct a security flaw are now available for Red Hat Enterprise Linux 5. The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c (CVE-2007-3999). http://www.linuxsecurity.com/content/view/129352 * RedHat: Important: mysql security update 10th, September, 2007 Updated MySQL packages for the Red Hat Application Stack comprising the v1.2 release fixed various security issues. A flaw was discovered in MySQL's authentication protocol. A remote unauthenticated attacker could send a specially crafted authentication request to the MySQL server causing it to crash. http://www.linuxsecurity.com/content/view/129398 * RedHat: Important: kernel security update 13th, September, 2007 Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available. http://www.linuxsecurity.com/content/view/129489 +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ * Slackware: php 12th, September, 2007 New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, and 12.0 to fix "several low priority security bugs." http://www.linuxsecurity.com/content/view/129484 * Slackware: openssh 12th, September, 2007 New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue. This version should also provide increased performance with certain ciphers. More details about this issue may be found in the Common http://www.linuxsecurity.com/content/view/129487 * Slackware: samba 12th, September, 2007 New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a security issue and various other bugs. http://www.linuxsecurity.com/content/view/129488 +---------------------------------+ | Distribution: Unbuntu | ----------------------------// +---------------------------------+ * Ubuntu: Kerberos vulnerability 7th, September, 2007 Original advisory details: It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges. http://www.linuxsecurity.com/content/view/129389 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------