+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 9th, 2008 Volume 9, Number 19 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week security advisories were issued for CUPS, Emacs, KDE, LTSP, OpenOffice.org, b2evolution, blender, cacti, cpio, gpdf, kazehakase, kdelibs, kernel, mozilla-thunderbird, openssh, php, roundup, wordpress, and multiple X11 terminals. The distributors included Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu. --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26 --- Review: The Book of Wireless ---------------------------- =93The Book of Wireless=94 by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks. http://www.linuxsecurity.com/content/view/136167 --- April 2008 Open Source Tool of the Month: sudo ---------------------------------------------- This month the editors at LinuxSecurity.com have chosen sudo as the Open Source Tool of the Month! http://www.linuxsecurity.com/content/view/135868 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community 3.0.19 Now Available! (Apr 15) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/136174 -------------------------------------------------------------------------- * Debian: New kazehakase packages fix execution of arbitrary (May 6) ------------------------------------------------------------------ The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version. http://www.linuxsecurity.com/content/view/136706 * Debian: New roundup packages fix regression (May 6) --------------------------------------------------- Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser. http://www.linuxsecurity.com/content/view/136702 * Debian: New cacti packages fix regression (May 6) ------------------------------------------------- It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible. http://www.linuxsecurity.com/content/view/136701 * Debian: New cacti packages fix multiple vulnerabilities (May 5) --------------------------------------------------------------- It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible. http://www.linuxsecurity.com/content/view/136698 * Debian: New b2evolution packages fix cross site scripting (May 5) ----------------------------------------------------------------- "unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting. http://www.linuxsecurity.com/content/view/136697 * Debian: New blender packages fix arbitrary code execution (May 5) ----------------------------------------------------------------- Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application.=09The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory containing such a file is browsed via Blender's image-open dialog. http://www.linuxsecurity.com/content/view/136696 * Debian: New cpio packages fix denial of service (May 2) ------------------------------------------------------- Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive. http://www.linuxsecurity.com/content/view/136691 * Debian: New Linux 2.6.18 packages fix several vulnerabilities (May 1) --------------------------------------------------------------------- Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/136688 * Debian: New wordpress packages fix several vulnerabilities (May 1) ------------------------------------------------------------------ Several remote vulnerabilities have been discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites. http://www.linuxsecurity.com/content/view/136687 -------------------------------------------------------------------------- * Gentoo: Multiple X11 terminals Local privilege escalation (May 7) ----------------------------------------------------------------- A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm, allowing for local privilege escalation. http://www.linuxsecurity.com/content/view/136718 -------------------------------------------------------------------------- * Mandriva: Updated openssh packages fix vulnerability (May 6) ------------------------------------------------------------ A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc (CVE-2008-1657). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/136710 * Mandriva: Updated kdelibs packages fix vulnerability in (May 6) --------------------------------------------------------------- A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code (CVE-2008-1671). By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/136709 * Mandriva: Updated emacs packages fix vulnerability in vcdiff (May 6) -------------------------------------------------------------------- Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program (CVE-2008-1694). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/136708 * Mandriva: Updated OpenOffice.org packages fix (May 2) ----------------------------------------------------- A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow user-assisted remote attackers to execute arbitrary Java code via crafted database documents (CVE-2007-4575). http://www.linuxsecurity.com/content/view/136692 -------------------------------------------------------------------------- * RedHat: Important: gpdf security update (May 8) ----------------------------------------------- Kees Cook discovered a flaw in the way gpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) http://www.linuxsecurity.com/content/view/136721 * RedHat: Important: kernel security and bug fix update (May 7) ------------------------------------------------------------- Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/136713 * RedHat: Important: kernel security and bug fix update (May 7) ------------------------------------------------------------- Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/136714 * RedHat: Important: kernel security and bug fix update (May 7) ------------------------------------------------------------- Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/136715 -------------------------------------------------------------------------- * Slackware: php (May 8) ------------------------ New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. Note that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is or you'll (by definition) run into problems. More details about one of the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-0599 http://www.linuxsecurity.com/content/view/136719 * Slackware: mozilla-thunderbird (May 8) ---------------------------------------- New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues, including crashes that can corrupt memory, as well as a JavaScript privilege escalation and arbitrary code execution flaw. More details about these issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thu nderbird http://www.linuxsecurity.com/content/view/136720 -------------------------------------------------------------------------- * Ubuntu: LTSP vulnerability (May 7) ----------------------------------- Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network.=09A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information. http://www.linuxsecurity.com/content/view/136712 * Ubuntu: OpenOffice.org vulnerabilities (May 7) ----------------------------------------------- It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. (CVE-2007-4575) http://www.linuxsecurity.com/content/view/136711 * Ubuntu: Thunderbird vulnerabilities (May 6) -------------------------------------------- Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/content/view/136707 * Ubuntu: KDE vulnerability (May 6) ---------------------------------- It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code. (CVE-2008-1671) http://www.linuxsecurity.com/content/view/136703 * Ubuntu: Emacs vulnerabilities (May 6) -------------------------------------- It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. (CVE-2007-6109) Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2008-1694) http://www.linuxsecurity.com/content/view/136704 * Ubuntu: CUPS vulnerability (May 5) ----------------------------------- Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1722) http://www.linuxsecurity.com/content/view/136695 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------