+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 25th, 2008 Volume 9, Number 4 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for exiv2, php, scponly, xfree86, xine-lib, libvorbis, horde3, flac, tomcat, xorg, mantis, tikiwiki, libcdio, libxfont, cairo, mysql, lzma, regression, and apt-listchanges. The distributors include Debian, Gentoo, Mandriva, SuSE, and Ubuntu. --- 15-Month NSA Certified Masters in Info Assurance Now you can earn your Master of Science in Information Assurance (MSIA) in 15 months. Norwich University has recently launched a 30-credit, 15-month program, alongside the standard 36-credit, 18-month program. To find out if you are eligible for the 15-month MSIA program, please visit: http://www.msia.norwich.edu/linsec --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26 --- SSH: Best Practices ------------------- If you're reading LinuxSecurity.com then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible? http://www.linuxsecurity.com/content/view/133312 --- Open Source Tool of the Month: GnuPG! ------------------------------------- It=92s the new year! And to start it off right, LinuxSecurity.com wants to start things off with January=92s Open Source Tool of the month: <b>GnuPG!</b> Encryption is one of the main pillars of security, and GnuPG is a robust and flexible tool with great functionality that is fully GPL Licensed. And since it just celebrated its landmark 10th Anniversary, it was an easy choice for our tool of the month. Ten years is a long time in the open source community; a very long time. Lasting a decade, especially in these years of open source development, is nothing short of remarkable. And like all great open source projects, it came from humble beginnings - it was initiated as a way to encrypt data without relying on restricted patents (namely RSA and IDEA) by Werner Koch from Germany. Why? Back in 1999 Richard Stallman was interested in pursuing a PGP replacement after existing patents had run out and had decided to turn to European developers... http://www.linuxsecurity.com/content/view/133059 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community v3.0.18 Now Available! (Dec 4) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more. http://www.linuxsecurity.com/content/view/131851 -------------------------------------------------------------------------- * Debian: New exiv2 packages fix arbitrary code execution (Jan 23) ---------------------------------------------------------------- Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/133649 * Debian: New php5 packages fix regression (Jan 23) ------------------------------------------------- It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. http://www.linuxsecurity.com/content/view/133648 * Debian: New scponly packages fix arbitrary code execution (Jan 21) ------------------------------------------------------------------ In addition, it was discovered that it was possible to invoke with scp with certain options that may lead to execution of arbitrary commands (CVE-2007-6415). http://www.linuxsecurity.com/content/view/133483 * Debian: New xfree86 packages fix regression (Jan 21) ---------------------------------------------------- Several local vulnerabilities have been discovered in the X.Org X server."regenrecht" discovered that missing input sanitising within the XFree86-Misc extension may lead to local privilege escalation. http://www.linuxsecurity.com/content/view/133481 * Debian: New xine-lib packages fix arbitrary code execution (Jan 21) ------------------------------------------------------------------- Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/133480 * Debian: New libvorbis packages fix several vulnerabilities (Jan 21) ------------------------------------------------------------------- Several vulnerabilities were found in the the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening to a malformed Ogg Audio file with an application linked against libvorbis. http://www.linuxsecurity.com/content/view/133479 * Debian: New horde3 packages fix denial of service (Jan 20) ---------------------------------------------------------- Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client. http://www.linuxsecurity.com/content/view/133476 * Debian: New flac packages fix arbitrary code execution (Jan 20) --------------------------------------------------------------- Sean de Regge and Greg Linares discovered multiple heap and stack based buffer overflows in FLAC, the Free Lossless Audio Codec, which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/133474 * Debian: New tomcat5.5 packages fix several vulnerabilities (Jan 20) ------------------------------------------------------------------- Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in=09information disclosure. http://www.linuxsecurity.com/content/view/133473 * Debian: New xorg-server packages fix regression (Jan 19) -------------------------------------------------------- Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client. http://www.linuxsecurity.com/content/view/133469 * Debian: New mantis packages fix several vulnerabilities (Jan 19) ---------------------------------------------------------------- Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system. Multiple cross site scripting issues allowed a remote attacker to=09 insert malicious HTML or web script into Mantis web pages. http://www.linuxsecurity.com/content/view/133468 * Debian: New xorg-server packages fix several vulnerabilities (Jan 17) --------------------------------------------------------------------- Several local vulnerabilities have been discovered in the X.Org X server. "regenrecht" discovered that missing input sanitising within the XFree86-Misc extension may lead to local privilege escalation. http://www.linuxsecurity.com/content/view/133421 -------------------------------------------------------------------------- * Gentoo: TikiWiki Multiple vulnerabilities (Jan 23) -------------------------------------------------- Multiple vulnerabilities have been discovered in TikiWiki, some of them having unknown impact. http://www.linuxsecurity.com/content/view/133651 * Gentoo: TikiWiki Multiple vulnerabilities (Jan 23) -------------------------------------------------- Multiple vulnerabilities have been discovered in TikiWiki, some of them having unknown impact. http://www.linuxsecurity.com/content/view/133650 * Gentoo: X.Org X server and Xfont library Multiple vulnerabilities (Jan 20= ) -------------------------------------------------------------------------= - Multiple vulnerabilities have been discovered in the X.Org X server and Xfont library, allowing for a local privilege escalation and arbitrary code execution. http://www.linuxsecurity.com/content/view/133475 * Gentoo: libcdio User-assisted execution of arbitrary code (Jan 19) ------------------------------------------------------------------ A buffer overflow vulnerability has been discovered in libcdio. A remote attacker could entice a user to open a specially crafted ISO image in the cd-info and iso-info applications, resulting in the execution of arbitrary code with the privileges of the user running the application. Applications linking against shared libraries of libcdio are not affected. http://www.linuxsecurity.com/content/view/133471 * Gentoo: Adobe Flash Player Multiple vulnerabilities (Jan 19) ------------------------------------------------------------ Multiple vulnerabilities have been identified, the worst of which allow arbitrary code execution on a user's system via a malicious Flash file. http://www.linuxsecurity.com/content/view/133470 -------------------------------------------------------------------------- * Mandriva: Updated libxfont packages fix font handling (Jan 24) -------------------------------------------------------------- A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server (CVE-2008-0006). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/133656 * Mandriva: Updated x11-server packages fix multiple (Jan 24) ----------------------------------------------------------- An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). http://www.linuxsecurity.com/content/view/133655 * Mandriva: Updated xorg-x11 packages fix multiple (Jan 24) --------------------------------------------------------- Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which if exploited could lead to local privilege escalation (CVE-2007-4730). http://www.linuxsecurity.com/content/view/133654 * Mandriva: Updated XFree86 packages fix multiple (Jan 24) -------------------------------------------------------- A flaw was found in the XFree86 server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). http://www.linuxsecurity.com/content/view/133653 * Mandriva: Updated x11-server-xgl packages fix multiple (Jan 24) --------------------------------------------------------------- An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). http://www.linuxsecurity.com/content/view/133652 * Mandriva: Updated xine-lib packages fix remote code (Jan 22) ------------------------------------------------------------ Two vulnerabilities discovered in xine-lib allow remote execution of arbitrary code: Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. (CVE-2008-0225) http://www.linuxsecurity.com/content/view/133644 * Mandriva: Updated cairo packages fix vulnerability (Jan 22) ----------------------------------------------------------- Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/133485 * Mandriva: Updated gFTP packages fix vulnerabilities (Jan 21) ------------------------------------------------------------ Kalle Olavi Niemitalo found two boundary errors in the fsplib library, a copy of which is included in gFTP source. A remote attacer could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code (CVE-2007-3962) or a denial of service (CVE-2007-3961). The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/133484 * Mandriva: Updated MySQL packages fix multiple (Jan 19) ------------------------------------------------------ MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement (CVE-2007-6303). http://www.linuxsecurity.com/content/view/133472 * Mandriva: Updated lzma packages fix possible data loss issue (Jan 17) --------------------------------------------------------------------- The lzma program did not properly check that the closing of output succeeded, which could lead to rare, but possible, data loss. Another issue with liblzmadec was also discovered where programs could crash if decoding of a stream was not properly initialized. This update ensures that output is properly closed so as to avoid silent data loss, and adds consistency checks to liblzmadec so that programs will no longer crash if a stream isn't properly initialized. http://www.linuxsecurity.com/content/view/133422 -------------------------------------------------------------------------- * SuSE: Xorg and XFree (SUSE-SA:2008:003) (Jan 17) ------------------------------------------------ The X windows system is vulnerable to several kind of vulner- abilities that are caused due to insufficient input validation. The bugs range from crashing the X server to executing arbitrary code with the privilges of the X server process. http://www.linuxsecurity.com/content/view/133417 -------------------------------------------------------------------------- * Ubuntu: X.org regression (Jan 19) ---------------------------------- Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) http://www.linuxsecurity.com/content/view/133467 * Ubuntu: apt-listchanges vulnerability (Jan 18) ----------------------------------------------- Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries. A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges. http://www.linuxsecurity.com/content/view/133427 * Ubuntu: X.org vulnerabilities (Jan 18) --------------------------------------- Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. http://www.linuxsecurity.com/content/view/133423 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
