+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 9th, 2007 Volume 8, Number 45 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week advisories were released for gallery2, phpmyadmin, gforge, perl, iceape, pcre3, perdition, mono, glib2, xfs, autofs, netpbm, ghostscript, perl, pwlib, opal, xen, openldap, poppler, tetex, xpdf, cups, conga, wireshark, httpd, mcstrans, tcpdump, openssh, pam, coolkey, jboss, cups, and compiz. The distributors include Debian, Fedora, Mandriva, Red Hat, and Ubuntu. --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26 --- Review: Linux Firewalls ----------------------- Security is at the forefront of everyone's mind and a firewall can be an integral part of your Linux defense. But is Michael's Rash's "Linux Firewalls," the newest release from NoStarchPress, up for the challenge? Eckie S. here at Linuxsecurity.com gives you the low-down on this newest addition to the Linux security resource library and how it's one of the best ways to crack down on attacks to your Linux network. http://www.linuxsecurity.com/content/view/130392 --- State of Linux Security Survey ------------------------------ It is customary for communities of every sphere to stand up occasionally, and take a good, long look at what=92s going on in the world around them. For us here at Linuxsecurity.com, we felt it was a great opportunity to put it all together. Since 1996, Linuxsecurity.com has been bringing open source news, HOW-TOs, Feature stories and more to the open source community with comprehensive coverage. As one of the veterans in this area, we=92d like to see you chime in. With so much going on in Linux and security, what does the community really care about? http://www.linuxsecurity.com/content/view/130173 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community v3.0.17 Now Available (Oct 9) ------------------------------------------------------ Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.17 (Version 3.0, Release 17). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce. http://www.linuxsecurity.com/content/view/129961 -------------------------------------------------------------------------- * Debian: New gallery2 packages fix privilege escalation (Nov 8) -------------------------------------------------------------- Nicklous Roberts discovered that the Reupload module of Gallery 2, a web based photo management application, allowed unauthorized users to edit Gallery's data file. http://www.linuxsecurity.com/content/view/130668 * Debian: New phpmyadmin packages fix cross-site scripting (Nov 8) ---------------------------------------------------------------- Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies, phpMyAdmin allows a remote attacker to inject arbitrary web script or HTML in the context of a logged in user's session (cross site scripting). http://www.linuxsecurity.com/content/view/130667 * Debian: New gforge packages fix several vulnerabilities (Nov 7) --------------------------------------------------------------- Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack. http://www.linuxsecurity.com/content/view/130602 * Debian: New perl packages fix arbitrary code execution (Nov 6) -------------------------------------------------------------- Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in Perl's regular expression compiler, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. http://www.linuxsecurity.com/content/view/130578 * Debian: New iceape packages fix several vulnerabilities (Nov 5) --------------------------------------------------------------- Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing. http://www.linuxsecurity.com/content/view/130494 * Debian: New pcre3 packages fix arbitrary code execution (Nov 5) --------------------------------------------------------------- Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions.f http://www.linuxsecurity.com/content/view/130484 * Debian: New perdition packages fix arbitrary code execution (Nov 5) ------------------------------------------------------------------- Bernhard Mueller of SEC Consult has discovered a format string vulnerability in perdition, an IMAP proxy. This vulnerability could allow an unauthenticated remote user to run arbitrary code on the perdition server by providing a specially formatted IMAP tag. http://www.linuxsecurity.com/content/view/130452 * Debian: New mono packages fix integer overflow (Nov 3) ------------------------------------------------------ An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono. http://www.linuxsecurity.com/content/view/130450 -------------------------------------------------------------------------- * Fedora 8 Update: glib2-2.14.3-1.fc8 (Nov 8) ------------------------------------------- The latest stable upstream release of GLib includes a new version of PCRE, which fixes several vulnerabilities. http://www.linuxsecurity.com/content/view/130615 -------------------------------------------------------------------------- * Mandriva: Updated pcre packages fix vulnerability (Nov 8) --------------------------------------------------------- Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions.=09If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130666 * Mandriva: Updated pcre packages fix vulnerability (Nov 8) --------------------------------------------------------- Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions.=09If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130665 * Mandriva: Updated xfs package prevents arbitrary code (Nov 6) ------------------------------------------------------------- Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. http://www.linuxsecurity.com/content/view/130579 * Mandriva: Updated autofs package fixes issue when used with (Nov 6) ------------------------------------------------------------------- The autofs init script was missing a dependency on ypbind, preventing a correct initialisation order in parallel mode, when storing autofs configuration in NIS (bug #34559). The updated package fixes this issue. http://www.linuxsecurity.com/content/view/130577 * Mandriva: Updated netpbm packages fix vulnerability (Nov 6) ----------------------------------------------------------- A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. netpbm contains an embedded copy of libjasper and as such is vulnerable to this issue. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130497 * Mandriva: Updated ghostscript packages fix vulnerability (Nov 6) ---------------------------------------------------------------- A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. Newer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue. Updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/130495 * Mandriva: Updated perl packages fix vulnerability (Nov 6) --------------------------------------------------------- Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl. Updated packages have been patched to prevent these issues. http://www.linuxsecurity.com/content/view/130496 * Mandriva: Updated pwlib packages fix vulnerability (Nov 2) ---------------------------------------------------------- A memory management flaw was discovered in PWLib, that an attacker could use to crash an application linked with it, such as Ekiga. Updated packages have been patched to prevent these issues. http://www.linuxsecurity.com/content/view/130448 * Mandriva: Updated opal packages fix vulnerability (Nov 2) --------------------------------------------------------- A flaw in opal, the Open Phone Abstraction Library, was found in how it handles certain Session Initiation Protocol (SIP) packets. An attacker could use this vulnerability to crash an application linked to opal, such as Ekiga. Updated packages have been patched to prevent these issues. http://www.linuxsecurity.com/content/view/130447 * Mandriva: Updated xen packages fix multiple vulnerabilities (Nov 1) ------------------------------------------------------------------- Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1320). http://www.linuxsecurity.com/content/view/130396 -------------------------------------------------------------------------- * RedHat: Important: openldap security and enhancement (Nov 8) ------------------------------------------------------------ Updated openldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 5. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. A local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130653 * RedHat: Important: poppler security update (Nov 7) -------------------------------------------------- Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130597 * RedHat: Important: tetex security update (Nov 7) ------------------------------------------------ Updated tetex packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130598 * RedHat: Important: xpdf security update (Nov 7) ----------------------------------------------- Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130599 * RedHat: Important: xpdf security update (Nov 7) ----------------------------------------------- Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened.=09This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130600 * RedHat: Important: xpdf security update (Nov 7) ----------------------------------------------- Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130601 * RedHat: Important: cups security update (Nov 7) ----------------------------------------------- Updated CUPS packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed.=09This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130593 * RedHat: Important: cups security update (Nov 7) ----------------------------------------------- Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130594 * RedHat: Important: cups security update (Nov 7) ----------------------------------------------- Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130595 * RedHat: Important: gpdf security update (Nov 7) ----------------------------------------------- Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130596 * RedHat: Moderate: conga security, bug fix, (Nov 7) -------------------------------------------------- Updated conga packages that correct a security flaw and provide bug fixes and add enhancements are now available. A flaw was found in ricci during a code audit.=09A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130586 * RedHat: Low: wireshark security update (Nov 7) ---------------------------------------------- New Wireshark packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 5. Wireshark was previously known as Ethereal. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130587 * RedHat: Moderate: httpd security, bug fix, (Nov 7) -------------------------------------------------- Updated httpd packages that fix a security issue, fix various bugs, and add enhancements, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130588 * RedHat: Low: mcstrans security and bug fix update (Nov 7) --------------------------------------------------------- An updated mcstrans package that fixes a security issue and a bug is now available. An algorithmic complexity weakness was found in the way the mcstrans daemon handled ranges of compartments in sensitivity labels. A local user could trigger this flaw causing mctransd to temporarily stop responding to other requests; a partial denial of service. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130589 * RedHat: Moderate: tcpdump security and bug fix update (Nov 7) ------------------------------------------------------------- Updated tcpdump packages that fix a security issue and functionality bugs are now available. Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11 processing code. If a certain link type was explicitly specified, an attacker could inject a carefully crafted frame onto the IEEE 802.11 network that could crash a running tcpdump session. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130582 * RedHat: Moderate: openssh security and bug fix update (Nov 7) ------------------------------------------------------------- Updated openssh packages that fix a security issue and various bugs are now available. A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130583 * RedHat: Moderate: pam security, bug fix, (Nov 7) ------------------------------------------------ Updated pam packages that fix two security flaws, resolve several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130584 * RedHat: Low: coolkey security and bug fix update (Nov 7) -------------------------------------------------------- Updated coolkey packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 5. Steve Grubb discovered a flaw in the way coolkey created a temporary directory. A local attacker could perform a symlink attack and cause arbitrary files to be overwritten. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130585 * RedHat: Important: perl security update (Nov 5) ----------------------------------------------- Updated Perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130477 * RedHat: Important: perl security update (Nov 5) ----------------------------------------------- Updated Perl packages that fix security issues for Red Hat Application Stack v1.2 are now available. A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130478 * RedHat: Critical: pcre security update (Nov 5) ---------------------------------------------- Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 5. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130479 * RedHat: Critical: pcre security update (Nov 5) ---------------------------------------------- Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 4. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130480 * RedHat: Moderate: JBoss Enterprise Application Platform (Nov 5) --------------------------------------------------------------- Updated JBoss Enterprise Application Platform packages that fix several security issues and bugs are now available for Red Hat Application Stack v1 and v2. Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130476 * RedHat: Important: kernel security update (Nov 1) ------------------------------------------------- Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 4 kernel are now available. A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/130394 -------------------------------------------------------------------------- * Slackware: cups (Nov 2) ------------------------- CUPS was found to contain errors in ipp.c which could allow a remote attacker to crash CUPS, resulting in a denial of service. If you use CUPS, it is recommended to update to the latest package for your version of Slackware. The latest cups package is available for Slackware -current, and patched packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 that fix the problems. http://www.linuxsecurity.com/content/view/130443 -------------------------------------------------------------------------- * Ubuntu: CUPS vulnerability (Nov 6) ----------------------------------- Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. http://www.linuxsecurity.com/content/view/130498 * Ubuntu: Compiz vulnerability (Nov 2) ------------------------------------- USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz. Original advisory details: Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver. http://www.linuxsecurity.com/content/view/130446 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
