+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| September 21st 2007 Volume 8, Number 38a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for openoffice, vim, realplayer,
flac123, eggdrop, id3lib, tar, phpwiki, gdm, popler, qt, cacti,
avahi, libvorbis, xorg, nfs-utils-lib, php, quagga, and t11lib.
The distributors include Debian, Gentoo, Mandriva, Red Hat
and Ubuntu.
--
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=26
---
* EnGarde Secure Linux v3.0.16 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.16 (Version 3.0, Release 16). This release includes
many updated packages and bug fixes, some feature enhancements to
Guardian Digital WebTool and the SELinux policy, and a few new
features.
http://www.engardelinux.org/modules/download/
---
Review: Ruby by Example
Learning a new language cannot be complete without a few 'real
world' examples. 'Hello world!'s and fibonacci sequences are
always nice as an introduction to certain aspects of programming,
but soon or later you crave something meatier to chew on. 'Ruby
by Example: Concepts and Code' by Kevin C. Baird provides a
wealth of knowledge via general to specialized examples of the
dynamic object oriented programming language, Ruby. Want to build
an mp3 playlist processor? How about parse out secret codes from
'Moby Dick'? Read on!
http://www.linuxsecurity.com/content/view/128840/171/
---
Robert Slade Review: "Information Security and Employee Behaviour"
The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.
http://www.linuxsecurity.com/content/view/128404/171/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New OpenOffice.org packages fix arbitrary code execution
17th, September, 2007
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/129513
* Debian: New vim packages fix several vulnerabilities
19th, September, 2007
Editors often provide a way to embed editor configuration commands
(aka modelines) which are executed once a file is opened. Harmful
commands are filtered by a sandbox mechanism. It was discovered that
function calls to writefile(), feedkeys() and system() were not filtered,
allowing shell command execution with a carefully crafted file opened in
vim.
http://www.linuxsecurity.com/content/view/129635
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: RealPlayer Buffer overflow
14th, September, 2007
RealPlayer is vulnerable to a buffer overflow allowing for execution
of arbitrary code. A stack-based buffer overflow vulnerability has been
reported in the SmilTimeValue::parseWallClockValue() function in
smlprstime.cpp when handling HH:mm:ss.f type time formats.
http://www.linuxsecurity.com/content/view/129499
* Gentoo: flac123 Buffer overflow
14th, September, 2007
flac123 is affected by a buffer overflow vulnerability, which could
allow for the execution of arbitrary code.An attacker could entice a
user to play a specially crafted audio file, which could lead to the
execution of arbitrary code with the privileges
of the user running the application.
http://www.linuxsecurity.com/content/view/129500
* Gentoo: Eggdrop Buffer overflow
15th, September, 2007
A remote stack-based buffer overflow has been discovered in Eggdrop.
http://www.linuxsecurity.com/content/view/129504
* Gentoo: id3lib Insecure temporary file creation
15th, September, 2007
A vulnerability has been discovered in id3lib allowing local users to
overwrite arbitrary files via a symlink attack.
http://www.linuxsecurity.com/content/view/129505
* Gentoo: GNU Tar Directory traversal vulnerability
15th, September, 2007
A directory traversal vulnerability has been discovered in GNU Tar.
http://www.linuxsecurity.com/content/view/129506
* Gentoo: MIT Kerberos 5 Multiple
17th, September, 2007
Two vulnerabilities have been found in MIT Kerberos 5, which could
allow a remote unauthenticated user to execute arbitrary code with
root privileges.
http://www.linuxsecurity.com/content/view/129510
* Gentoo: PhpWiki Authentication bypass
18th, September, 2007
A vulnerability has been discovered in PhpWiki authentication
mechanism.
http://www.linuxsecurity.com/content/view/129607
* Gentoo: GDM Local Denial of Service
18th, September, 2007
A local user could send a crafted message to /tmp/.gdm_socket that
would trigger the null pointer dereference and crash GDM, thus
preventing it from managing future displays.
http://www.linuxsecurity.com/content/view/129608
* Gentoo: Poppler Two buffer overflow vulnerabilities
19th, September, 2007
Poppler is vulnerable to an integer overflow and a stack overflow.
http://www.linuxsecurity.com/content/view/129634
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated qt3/qt4 packages fix vulnerability
14th, September, 2007
A buffer overflow was found in how Qt expanded malformed Unicode
strings. If an application linked against Qt parsed a malicious
Unicode string, it could lead to a denial of service or potentially
allow for the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/129497
* Mandriva: Updated cacti packages fix vulnerability
17th, September, 2007
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption)
via large values of the graph_start, graph_end, graph_height, or
graph_width parameters. Updated packages have been patched to
prevent this issue.
http://www.linuxsecurity.com/content/view/129517
* Mandriva: Updated avahi packages fix vulnerability
17th, September, 2007
The Avahi daemon in 0.6.20 and previous allows attackers to cause a
denial of service via empty TXT data over D-Bus, which triggers an
assert error. Updated packages have been patched to prevent this
issue.
http://www.linuxsecurity.com/content/view/129518
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Important: openoffice.org security update
18th, September, 2007
Updated openoffice.org packages to correct a security issue are now
available for Red Hat Enterprise Linux 3, 4, and 5. A heap overflow
flaw was found in the TIFF parser. An attacker could create a
carefully crafted document containing a malicious TIFF file that
could cause OpenOffice.org to crash or possibly execute arbitrary
code if opened by a victim. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/129519
* RedHat: Important: libvorbis security update
19th, September, 2007
Several flaws were found in the way libvorbis processed audio data.
An attacker could create a carefully crafted OGG audio file in such a
way that it could cause an application linked with libvorbis to crash
or execute arbitrary code when it was opened. This update has been
rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/129628
* RedHat: Moderate: xorg-x11 security update
19th, September, 2007
A flaw was found in the way X.Org's composite extension handles 32
bit color depth windows while running in 16 bit color depth mode. If an
X.org server has enabled the composite extension, it may be possible for a
malicious authorized client to cause a denial of service (crash) or
potentially execute arbitrary code with the privileges of the X.org
server. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/129629
* RedHat: Important: nfs-utils-lib security update
19th, September, 2007
An updated nfs-utils-lib package to correct a security flaw is now
available for Red Hat Enterprise Linux 4. Tenable Network Security
discovered a stack buffer overflow flaw in the RPC library used by
nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger
this flaw and cause the application to crash This update has been
rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/129630
* RedHat: Moderate: php security update
20th, September, 2007
Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5. Various integer overflow
flaws were found in the PHP gd extension. A script that could be forced to
resize images from an untrusted source could possibly allow a remote
attacker to execute arbitrary code as the apache user.
http://www.linuxsecurity.com/content/view/129636
+---------------------------------+
| Distribution: Ubuntoo | ----------------------------//
+---------------------------------+
* Ubuntu: Quagga vulnerability
15th, September, 2007
It was discovered that Quagga did not correctly verify OPEN messages
or COMMUNITY attributes sent from configured peers. Malicious
authenticated remote peers could send a specially crafted message which
would cause bgpd to abort, leading to a denial of service.
http://www.linuxsecurity.com/content/view/129502
* Ubuntu: Qt vulnerability
18th, September, 2007
Dirk Mueller discovered that UTF8 strings could be made to cause a
small buffer overflow. A remote attacker could exploit this by sending
specially crafted strings to applications that use the Qt3 library for UTF8
processing, potentially leading to arbitrary code execution with user
privileges, or a denial of service.
http://www.linuxsecurity.com/content/view/129606
* Ubuntu: X.org vulnerability
18th, September, 2007
Aaron Plattner discovered that the Composite extension did not
correctly calculate the size of buffers when copying between different
bit depths. An authenticated user could exploit this to execute
arbitrary code with root privileges.
http://www.linuxsecurity.com/content/view/129610
* Ubuntu: t1lib vulnerability
19th, September, 2007
It was discovered that t1lib does not properly perform bounds
checking which can result in a buffer overflow vulnerability. An
attacker could send specially crafted input to applications linked
against t1lib which could result in a DoS or arbitrary code execution.
http://www.linuxsecurity.com/content/view/129633
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
