+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 1st, 2008 Volume 9, Number 5 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for mysql, yarssr, pulseaudio, gforge, netkit, maradns, postgresql, blam, xine, cherrypy, icu, kdebase, libxfont, xfree86, and xll. --- 15-Month NSA Certified Masters in Info Assurance Now you can earn your Master of Science in Information Assurance (MSIA) in 15 months. Norwich University has recently launched a 30-credit, 15-month program, alongside the standard 36-credit, 18-month program. To find out if you are eligible for the 15-month MSIA program, please visit: http://www.msia.norwich.edu/linsec --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26 --- HowTo: Secure your Ubuntu Apache Web Server ------------------------------------------- Setting up a web server with Apache on a Linux distribution is a very quick process, however to make it a secure setup takes some work. This article will show you how to make your Apache web server more secure from an attack by effectively using Access control and authentication strategies. http://www.linuxsecurity.com/content/view/133913 --- SSH: Best Practices ------------------- If you're reading LinuxSecurity.com then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible? <BR/>Read on for my best practices for using Secure Shell. http://www.linuxsecurity.com/content/view/133312 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community v3.0.18 Now Available! (Dec 4) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more. http://www.linuxsecurity.com/content/view/131851 -------------------------------------------------------------------------- * Debian: New Linux 2.6.18 packages fix several vulnerabilities (Jan 29) ---------------------------------------------------------------------- Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. http://www.linuxsecurity.com/content/view/133914 * Debian: New mysql-dfsg-5.0 packages fix several (Jan 28) -------------------------------------------------------- Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. http://www.linuxsecurity.com/content/view/133832 * Debian: New yarssr packages fix arbitrary shell command (Jan 27) ---------------------------------------------------------------- Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitising, which could result in the execution of arbitrary shell commands if a malformed feed is read. http://www.linuxsecurity.com/content/view/133827 * Debian: New pulseaudio packages fix privilege escalation (Jan 27) ----------------------------------------------------------------- Marcus Meissner discovered that the PulseAudio sound server performed insufficent checks when dropping privileges, which could lead to local privilege escalation. http://www.linuxsecurity.com/content/view/133826 * Debian: new gforge packages fix cross site scripting (Jan 26) ------------------------------------------------------------- Jos=C3=A9 Ram=C3=B3n Palanco discovered th a cross site scripting vulnera= bility in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. http://www.linuxsecurity.com/content/view/133753 -------------------------------------------------------------------------- * Gentoo: Netkit FTP Server Denial of Service (Jan 29) ---------------------------------------------------- Netkit FTP Server contains a Denial of Service vulnerability. http://www.linuxsecurity.com/content/view/133917 * Gentoo: MaraDNS CNAME Denial of Service (Jan 29) ------------------------------------------------ MaraDNS is prone to a Denial of Service vulnerability impacting CNAME resolution. http://www.linuxsecurity.com/content/view/133916 * Gentoo: PostgreSQL Multiple vulnerabilities (Jan 29) ---------------------------------------------------- PostgreSQL contains multiple vulnerabilities that could result in privilege escalation or a Denial of Service. http://www.linuxsecurity.com/content/view/133912 * Gentoo: Blam User-assisted execution of arbitrary code (Jan 27) --------------------------------------------------------------- Blam doesn't properly handle environment variables, potentially allowing a local attacker to execute arbitrary code. http://www.linuxsecurity.com/content/view/133825 * Gentoo: ngIRCd Denial of Service (Jan 27) ----------------------------------------- ngIRCd does not properly sanitize commands sent by users, allowing for a Denial of Service. http://www.linuxsecurity.com/content/view/133824 * Gentoo: xine-lib User-assisted execution of arbitrary code (Jan 27) ------------------------------------------------------------------- xine-lib is vulnerable to multiple heap-based buffer overflows when processing RTSP streams. http://www.linuxsecurity.com/content/view/133823 * Gentoo: CherryPy Directory traversal vulnerability (Jan 27) ----------------------------------------------------------- CherryPy is vulnerable to a directory traversal that could allow attackers to read and write arbitrary files. http://www.linuxsecurity.com/content/view/133822 -------------------------------------------------------------------------- * Mandriva: Updated MySQL packages fix multiple (Jan 29) ------------------------------------------------------ The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges (CVE-2007-2692). http://www.linuxsecurity.com/content/view/133919 * Mandriva: Updated pulseaudio packages fix local root (Jan 25) ------------------------------------------------------------- A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration. The updated packages fix this issue. http://www.linuxsecurity.com/content/view/133752 * Mandriva: Updated icu packages fix vulnerabilities (Jan 25) ----------------------------------------------------------- Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/133750 * Mandriva: Updated kdebase package fixes a few bugs (Jan 25) ----------------------------------------------------------- On kdebase as released in Mandriva Linux 2008.0, Khelpcenter could not build an index for the KDE applications manuals, because a required package, htdig, is not in the main repositories. Htdig is now added as suggested package. Also, the Add a network wizard did not show up when browsing the remote:/ kioslave in konqueror. And finally, the icon for Home in the pager applet would appear as a blank page and did not work (malformed URL). The updated package fixes these issues. http://www.linuxsecurity.com/content/view/133746 * Mandriva: Updated libxfont packages fix font handling (Jan 24) -------------------------------------------------------------- A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server (CVE-2008-0006). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/133656 * Mandriva: Updated x11-server packages fix multiple (Jan 24) ----------------------------------------------------------- An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). http://www.linuxsecurity.com/content/view/133655 * Mandriva: Updated xorg-x11 packages fix multiple (Jan 24) --------------------------------------------------------- Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which if exploited could lead to local privilege escalation (CVE-2007-4730). http://www.linuxsecurity.com/content/view/133654 * Mandriva: Updated XFree86 packages fix multiple (Jan 24) -------------------------------------------------------- A flaw was found in the XFree86 server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). http://www.linuxsecurity.com/content/view/133653 * Mandriva: Updated x11-server-xgl packages fix multiple (Jan 24) --------------------------------------------------------------- An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). http://www.linuxsecurity.com/content/view/133652 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
