+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | December 14th, 2007 Volume 8, Number 51 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for ruby, libnss, htdig, samba, qt, firefox, wpa_supplicant, openssh-askpass, mysql, e2fsprogs, tomcat, java, autofs, python, and cairo. The distributors include Debian, Fedora, Mandriva, Red Hat, SuSE, and Ubuntu. --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Knock, Knock, Knockin' on EnGarde's Door (with FWKNOP) ------------------------------------------------------ Secret knocks have been used for purposes as simple and childish as identifying friend or foe during a schoolyard fort war. Fraternities teach these knocks as a rite of passage into their society, and in our security world we can implement this layer of security to lock down an SSH server. With this guide on FWKNOP by Eckie S. (one of our own), you are taken on an easy-to-follow process of securing your platform with your own client and server port knocking set-up. Installation, iptable Rules setup, configuring access for the client and server, and everything in between. Check it out! http://www.linuxsecurity.com/content/view/131846 --- Master's Student: Social Engineering is not just a definition! -------------------------------------------------------------- We are happy to announce a new addition to the Linux Security Contributing Team: Gian G. Spicuzza. Currently a Graduate Student pursuing a Masters Degree in Computer Security (MSIA), Gian is a certified Linux/Unix administrator, the lead developer for the OSCAR-Backup System (at Sourceforge.com) and has experience in a variety of CSO, Management and consulting positions. His first topic is a quick foray into the world and psychology of Social Engineering: All the security in the world isn't going to stop one of your employees or coworkers from giving up information. Just how easy is it? http://www.linuxsecurity.com/content/view/131036 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community v3.0.18 Now Available! (Dec 4) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more. http://www.linuxsecurity.com/content/view/131851 -------------------------------------------------------------------------- * Debian: New Linux 2.6.18 packages fix several vulnerabilities (Dec 11) ---------------------------------------------------------------------- Eric Sandeen provided a backport of Tejun Heo's fix for a local denial of service vulnerability in sysfs. Under memory pressure, a dentry structure maybe reclaimed resulting in a bad pointer dereference causing an oops during a readdir. http://www.linuxsecurity.com/content/view/132136 * Debian: New ruby-gnome2 packages fix execution of arbitrary code (Dec 11) ------------------------------------------------------------------------- It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitary code if untrusted input is displayed within a dialog. http://www.linuxsecurity.com/content/view/132133 * Debian: New libnss-ldap packages fix denial of service (Dec 11) --------------------------------------------------------------- It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks when applications use pthreads. http://www.linuxsecurity.com/content/view/132132 * Debian: New htdig packages fix cross site scripting (Dec 11) ------------------------------------------------------------ Michael Skibbe discovered that htdig, a WWW search system for an intranet or small internet, did not adequately quote values submitted to the search script, allowing remote attackers to inject arbitrary script or HTML into specially crafted links. http://www.linuxsecurity.com/content/view/132131 * Debian: New Linux 2.6.18 packages fix several vulnerabilities (Dec 11) ---------------------------------------------------------------------- and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Eric Sandeen provided a backport of Tejun Heo's fix for a local denial of service vulnerability in sysfs. Under memory pressure, a dentry structure maybe reclaimed resulting in a bad pointer dereference causing an oops during a readdir. http://www.linuxsecurity.com/content/view/132128 * Debian: New samba packages fix arbitrary code execution (Dec 10) ---------------------------------------------------------------- Alin Rad Pop discovered that Samba, a LanManager-like file and printer server for Unix, is vulnerable to a buffer overflow in the nmbd code which handles GETDC mailslot requests, which might lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/132047 -------------------------------------------------------------------------- * Fedora 7 Update: qt4-theme-quarticurve (Dec 13) ----------------------------------------------- This update fixes Quarticurve to use system icons (rather than builtin Qt ones) in Qt 4 dialogs (e.g. QPrintDialog) also in KDE 4 apps. http://www.linuxsecurity.com/content/view/132203 -------------------------------------------------------------------------- * Mandriva: Updated Firefox packages fix multiple (Dec 14) -------------------------------------------------------- A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.11. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.11 for older products. http://www.linuxsecurity.com/content/view/132236 * Mandriva: Updated wpa_supplicant package fixes remote (Dec 13) -------------------------------------------------------------- Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 allows remote attackers to cause a denial of service (crash) via crafted TSF data. Updated package fixes this issue. http://www.linuxsecurity.com/content/view/132201 * Mandriva: Updated samba packages fix vulnerability (Dec 11) ----------------------------------------------------------- Alin Rad Pop of Secunia Research discovered a stack buffer overflow in how Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or possibly execute arbitrary code with the permissions of the Samba server. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/132135 * Mandriva: Updated openssh-askpass-qt package fixes exit (Dec 11) ---------------------------------------------------------------- The QT openssh password asking dialog, provided by openssh-askpass-qt package, would always exit with successful status (0), even when the user did not press the Ok button. This would, at least, make the openssh client always allow sharing a connection when ControlMaster option was set to ask. This update fixes the issue. http://www.linuxsecurity.com/content/view/132134 * Mandriva: Updated MySQL packages fix multiple (Dec 10) ------------------------------------------------------ A vulnerability in MySQL prior to 5.0.45 did not require priveliges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure (CVE-2007-3781). http://www.linuxsecurity.com/content/view/132127 * Mandriva: Updated e2fsprogs packages fix vulnerability (Dec 10) --------------------------------------------------------------- Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These flaws could result in heap-based overflows potentially allowing for the execution of arbitrary code. http://www.linuxsecurity.com/content/view/132126 * Mandriva: Updated tomcat5 packages fix multiple (Dec 10) -------------------------------------------------------- A number of vulnerabilities were found in Tomcat: A directory traversal vulnerability, when using certain proxy modules, allows a remote attacker to read arbitrary files via a .. (dot dot) sequence with various slash, backslash, or url-encoded backslash characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only). Multiple cross-site scripting vulnerabilities in certain JSP files allow remote attackers to inject arbitrary web script or HTML (CVE-2007-2449). http://www.linuxsecurity.com/content/view/132048 -------------------------------------------------------------------------- * RedHat: Moderate: java-1.4.2-bea security update (Dec 12) --------------------------------------------------------- A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. http://www.linuxsecurity.com/content/view/132138 * RedHat: Important: autofs security update (Dec 12) -------------------------------------------------- Updated autofs packages are now available to fix a security flaw for Red Hat Enterprise Linux 5. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the "hosts" map did not specify the "nosuid" mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. http://www.linuxsecurity.com/content/view/132139 * RedHat: Important: autofs5 security update (Dec 12) --------------------------------------------------- Updated Red Hat Enterprise Linux 4 Technology Preview autofs5 packages are now available to fix a security flaw. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the "hosts" map did not specify the "nosuid" mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/132140 * RedHat: Critical: samba security update (Dec 10) ------------------------------------------------ Updated samba packages that fix a security issue are now available for Red Hat Enterprise Linux 4.5 Extended Update Support.A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/132043 * RedHat: Moderate: python security update (Dec 10) ------------------------------------------------- Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/132044 * RedHat: Moderate: python security update (Dec 10) ------------------------------------------------- Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/132041 * RedHat: Critical: samba security and bug fix update (Dec 10) ------------------------------------------------------------ Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux. A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/132042 -------------------------------------------------------------------------- * SuSE: samba (SUSE-SA:2007:068) (Dec 12) --------------------------------------- The Samba suite is an open-source implementatin of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON packets. http://www.linuxsecurity.com/content/view/132137 -------------------------------------------------------------------------- * Ubuntu: Cairo regression (Dec 12) ---------------------------------- USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. We apologize for the inconvenience. http://www.linuxsecurity.com/content/view/132198 * Ubuntu: Cairo regression (Dec 10) ---------------------------------- Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/132046 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
