+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 16th, 2008 Volume 9, Number 20 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for gforge, openssh, openssl, icedove, sipp, openoffic, libid3tag, InspIRCd, firebird, perl, drakxtools, hal-info, ImageMagick, libvorbis, xen, gpdf, php, mozilla-thunderbird, OpenVPN, and Speex. The distributors include Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu. --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26 --- Review: The Book of Wireless ---------------------------- =93The Book of Wireless=94 by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks. http://www.linuxsecurity.com/content/view/136167 --- April 2008 Open Source Tool of the Month: sudo ---------------------------------------------- This month the editors at LinuxSecurity.com have chosen sudo as the Open Source Tool of the Month! http://www.linuxsecurity.com/content/view/135868 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community 3.0.19 Now Available! (Apr 15) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/136174 -------------------------------------------------------------------------- * Debian: New gforge packages fix insecure temporary files (May 14) ----------------------------------------------------------------- Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitary files on the local system. http://www.linuxsecurity.com/content/view/136980 * Debian: New openssh packages fix predictable randomness (May 14) ---------------------------------------------------------------- Jan Pechanec discovered that ssh fails back to creating a trusted X11 cookie if creating an untrusted cookie fails, potentially exposing the local display to a malicious remote server when using X11 forwarding. http://www.linuxsecurity.com/content/view/136975 * Debian: New openssl packages fix predictable random number generator (May= 13) -------------------------------------------------------------------------= ---- Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. http://www.linuxsecurity.com/content/view/136865 * Debian: New Linux 2.6.18 packages fix denial of service (May 12) ---------------------------------------------------------------- Alexander Viro discovered a race condition in the fcntl code that may permit local users on multi-processor systems to execute parallel code paths that are otherwise prohibited and gain re-ordered access to the descriptor table. http://www.linuxsecurity.com/content/view/136862 * Debian: New icedove packages fix several vulnerabilities (May 12) ----------------------------------------------------------------- Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/136861 -------------------------------------------------------------------------- * Fedora 7 Update: sipp-3.1-1.fc7 (May 10) ---------------------------------------- .Bug #444728 - CVE-2008-1959 SIPp stack based buffer overflow in get_remote_video_port_media() https://bugzilla.redhat.com/show_bug.cgi?id=3D444728 http://www.linuxsecurity.com/content/view/136739 -------------------------------------------------------------------------- * Gentoo: OpenOffice.org Multiple vulnerabilities (May 14) -------------------------------------------------------- Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. http://www.linuxsecurity.com/content/view/136982 * Gentoo: libid3tag Denial of Service (May 14) -------------------------------------------- A Denial of Service vulnerability was found in libid3tag. http://www.linuxsecurity.com/content/view/136978 * Gentoo: InspIRCd Denial of Service (May 9) ------------------------------------------ A buffer overflow in InspIRCd allows remote attackers to cause a Denial of Service. http://www.linuxsecurity.com/content/view/136736 * Gentoo: Linux Terminal Server Project Multiple vulnerabilities (May 9) ---------------------------------------------------------------------- Multiple vulnerabilities have been discovered in components shipped with LTSP which allow remote attackers to compromise terminal clients. http://www.linuxsecurity.com/content/view/136735 * Gentoo: Firebird Data disclosure (May 9) ---------------------------------------- Firebird allows remote connections to the administrative account without verifying credentials. http://www.linuxsecurity.com/content/view/136734 -------------------------------------------------------------------------- * Mandriva: Updated perl packages fix denial of service (May 11) -------------------------------------------------------------- A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/136857 * Mandriva: Updated drakxtools package fixes various bugs (May 9) --------------------------------------------------------------- This update fixes several minor issues: - some GUIes (eg: rpmdrake) would crash on clicking on the close=09 button while they load (bug #35230) - draksec was crashing if the administrator refused to install (bug #38911) - localdrake: After changing the localization language from drakconf in a high security level, the permissions of /etc/sysconfig/i18n were changed such that the file was only readable by root. This caused graphical login via kdm to fail (bug #39027) http://www.linuxsecurity.com/content/view/136738 * Mandriva: Updated hal-info package fixes resume issue (May 8) ------------------------------------------------------------- An updated hal-info package fixes resume from suspend to RAM on HP 6710b systems. It had previously failed with a black screen on Mandriva Linux 2008.0. http://www.linuxsecurity.com/content/view/136731 * Mandriva: Updated ImageMagick packages fix vulnerabilities (May 8) ------------------------------------------------------------------ A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick (CVE-2008-1096). http://www.linuxsecurity.com/content/view/136729 -------------------------------------------------------------------------- * RedHat: Important: libvorbis security update (May 14) ----------------------------------------------------- Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/136972 * RedHat: Important: libvorbis security update (May 14) ----------------------------------------------------- Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/136973 * RedHat: Important: xen security and bug fix update (May 13) ----------------------------------------------------------- Daniel P. Berrange discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the format of messages serving to update the contents of the framebuffer. This could allow a malicious user to cause a denial of service, or compromise the privileged domain (Dom0). (CVE-2008-1944) http://www.linuxsecurity.com/content/view/136866 * RedHat: Important: gpdf security update (May 8) ----------------------------------------------- Kees Cook discovered a flaw in the way gpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) http://www.linuxsecurity.com/content/view/136721 -------------------------------------------------------------------------- * Slackware: php (May 8) ------------------------ New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. Note that PHP5 is not the default PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is or you'll (by definition) run into problems. More details about one of the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-0599 http://www.linuxsecurity.com/content/view/136719 * Slackware: mozilla-thunderbird (May 8) ---------------------------------------- New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues, including crashes that can corrupt memory, as well as a JavaScript privilege escalation and arbitrary code execution flaw. More details about these issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thu nderbird http://www.linuxsecurity.com/content/view/136720 -------------------------------------------------------------------------- * Ubuntu: OpenVPN regression (May 14) ------------------------------------ USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. http://www.linuxsecurity.com/content/view/136983 * Ubuntu: OpenSSH update (May 14) -------------------------------- Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. http://www.linuxsecurity.com/content/view/136981 * Ubuntu: ssl-cert vulnerability (May 14) ---------------------------------------- A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This=09particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. http://www.linuxsecurity.com/content/view/136974 * Ubuntu: OpenSSH vulnerability (May 13) --------------------------------------- A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. http://www.linuxsecurity.com/content/view/136970 * Ubuntu: OpenSSL vulnerability (May 13) --------------------------------------- A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. http://www.linuxsecurity.com/content/view/136870 * Ubuntu: GStreamer Good Plugins vulnerability (May 8) ----------------------------------------------------- It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. http://www.linuxsecurity.com/content/view/136728 * Ubuntu: vorbis-tools vulnerability (May 8) ------------------------------------------- It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. http://www.linuxsecurity.com/content/view/136726 * Ubuntu: Speex vulnerability (May 8) ------------------------------------ It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. http://www.linuxsecurity.com/content/view/136725 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------