+------------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | May 23rd, 2008 Volume 9, Number 21 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +------------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for xine-lib, speex, libfissound, gnome-peercast, gnutls13, phpgedview, netpbm-free, php4, GnuTLS, ClamAV, Mozilla, Perl, kernel, libid3tag, libvorbis, rdisktop, bind, mysql, nss_ldap, compiz, vsftpd, dovecot, settroubleshoot, libxslt, gnutls, java, openssl-blacklist. The distributors include Debian, Gentoo, Mandriva, Red Hat, and Ubuntu. --- >> Linux+DVD Magazine << Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc. In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26 --- Review: The Book of Wireless ---------------------------- =93The Book of Wireless=94 by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks. http://www.linuxsecurity.com/content/view/136167 --- April 2008 Open Source Tool of the Month: sudo ---------------------------------------------- This month the editors at LinuxSecurity.com have chosen sudo as the Open Source Tool of the Month! http://www.linuxsecurity.com/content/view/135868 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- -------------------------------------------------------------------------- * EnGarde Secure Community 3.0.19 Now Available! (Apr 15) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/136174 -------------------------------------------------------------------------- * Debian: New xine-lib packages fix several vulnerabilities (May 22) ------------------------------------------------------------------ Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. These weaknesses allow an attacker to overflow heap buffers and potentially execute arbitrary code by supplying a maliciously crafted file of those types. http://www.linuxsecurity.com/content/view/137481 * Debian: New speex packages fix execution of arbitrary code (May 21) ------------------------------------------------------------------- It was discovered that speex, The Speex codec command line tools, did not correctly did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code. http://www.linuxsecurity.com/content/view/137476 * Debian: New libfissound packages fix execution of arbitrary (May 21) -------------------------------------------------------------------- It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field.=09This could allow malicious files to execute arbitrary code http://www.linuxsecurity.com/content/view/137475 * Debian: New gnome-peercast packages fix several vulnerabilities (May 20) ------------------------------------------------------------------------ Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. http://www.linuxsecurity.com/content/view/137247 * Debian: New peercast packages fix arbitrary code execution (May 20) ------------------------------------------------------------------- Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code. http://www.linuxsecurity.com/content/view/137246 * Debian: New gnutls13 packages fix potential code execution (May 20) ------------------------------------------------------------------- A pre-authentication heap overflow involving oversized session resumption data may lead to arbitrary code execution (CVE-2008-1948). http://www.linuxsecurity.com/content/view/137244 * Debian: New phpgedview packages fix privilege escalation (May 20) ----------------------------------------------------------------- It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error. http://www.linuxsecurity.com/content/view/137239 * Debian: New netpbm-free packages fix arbitrary code execution (May 18) ---------------------------------------------------------------------- A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code. http://www.linuxsecurity.com/content/view/137227 * Debian: New php4 packages fix several vulnerabilities (May 17) -------------------------------------------------------------- Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: http://www.linuxsecurity.com/content/view/137086 -------------------------------------------------------------------------- * Gentoo: GnuTLS Execution of arbitrary code (May 22) --------------------------------------------------- Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. http://www.linuxsecurity.com/content/view/137478 * Gentoo: GnuTLS Execution of arbitrary code (May 21) --------------------------------------------------- Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. http://www.linuxsecurity.com/content/view/137477 * Gentoo: ClamAV Multiple vulnerabilities (May 20) ------------------------------------------------ Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/137250 * Gentoo: Mozilla products Multiple vulnerabilities (May 20) ---------------------------------------------------------- Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. http://www.linuxsecurity.com/content/view/137249 * Gentoo: Perl Execution of arbitrary code (May 20) ------------------------------------------------- A double free vulnerability was discovered in Perl, possibly resulting in the execution of arbitrary code and a Denial of Service. http://www.linuxsecurity.com/content/view/137248 -------------------------------------------------------------------------- * Mandriva: Updated kernel packages fix vulnerabilities (May 21) -------------------------------------------------------------- The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. (CVE-2007-3740) The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851) http://www.linuxsecurity.com/content/view/137462 * Mandriva: Updated kernel packages fix vulnerabilities (May 20) -------------------------------------------------------------- A race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. (CVE-2008-1375) The Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain re-ordered access to the descriptor table. (CVE-2008-1669) Additionaly, the updated kernel for Mandriva Linux 2008.0 has bug fixes for sound on NEC S970 systems, an oops in module rt73, and the -devel package fixes DKMS builds. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate http://www.linuxsecurity.com/content/view/137251 * Mandriva: Updated libid3tag packages fix denial of service (May 19) ------------------------------------------------------------------- field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. The updated packages have been patched to correct this. http://www.linuxsecurity.com/content/view/137233 * Mandriva: Updated libvorbis packages fix vulnerabilities (May 16) ----------------------------------------------------------------- Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefuly crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423). http://www.linuxsecurity.com/content/view/137085 * Mandriva: Updated rdesktop packages fix vulnerabilities (May 16) ---------------------------------------------------------------- Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service (crash) and possibly execute arbitrary code with the privileges of the logged-in user (CVE-2008-1801). http://www.linuxsecurity.com/content/view/137084 -------------------------------------------------------------------------- * RedHat: Moderate: bind security, bug fix, (May 21) -------------------------------------------------- Updated bind packages that fix two security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/137469 * RedHat: Low: mysql security and bug fix update (May 21) ------------------------------------------------------- Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/137470 * RedHat: Low: nss_ldap security and bug fix update (May 21) ---------------------------------------------------------- An updated nss_ldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/137471 * RedHat: Low: compiz security update (May 21) -------------------------------------------- Updated compiz packages that prevent Compiz from breaking screen saver grabs are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/137472 * RedHat: Low: vsftpd security and bug fix update (May 21) -------------------------------------------------------- An updated vsftpd package that fixes a security issue and several bugs is now available for Red Hat Enterprise Linux 5. A memory leak was discovered in the vsftpd daemon. An attacker who is able to connect to an FTP service, either as an authenticated or anonymous user, could cause vsftpd to allocate all available memory if the "deny_file" option was enabled in vsftpd.conf. (CVE-2007-5962) http://www.linuxsecurity.com/content/view/137467 * RedHat: Low: dovecot security and bug fix update (May 21) --------------------------------------------------------- An updated dovecot package that fixes several security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/137468 * RedHat: Moderate: setroubleshoot security and bug fix (May 21) -------------------------------------------------------------- Updated setroubleshoot packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The setroubleshoot packages provide tools to help diagnose SELinux problems. When AVC messages occur, an alert is generated that gives information about the problem, and how to create a resolution. http://www.linuxsecurity.com/content/view/137466 * RedHat: Important: libxslt security update (May 21) --------------------------------------------------- Updated libxslt packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/137252 * RedHat: Critical: gnutls security update (May 20) ------------------------------------------------- Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) http://www.linuxsecurity.com/content/view/137241 * RedHat: Important: gnutls security update (May 20) -------------------------------------------------- Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) http://www.linuxsecurity.com/content/view/137242 * RedHat: Important: kernel security and bug fix update (May 20) -------------------------------------------------------------- Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/137238 * RedHat: Critical: java-1.6.0-ibm security update (May 19) --------------------------------------------------------- Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) http://www.linuxsecurity.com/content/view/137231 -------------------------------------------------------------------------- * Ubuntu: openssl-blacklist update (May 21) ------------------------------------------ USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check X.509 certificates as well, and provides the corresponding update for Ubuntu 6.06. While the OpenSSL in Ubuntu 6.06 was not vulnerable, openssl-blacklist is now provided for Ubuntu 6.06 for checking certificates and keys that may have been imported on these systems. http://www.linuxsecurity.com/content/view/137474 * Ubuntu: GnuTLS vulnerabilities (May 21) ---------------------------------------- Multiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application's user. http://www.linuxsecurity.com/content/view/137464 * Ubuntu: OpenSSH update (May 20) -------------------------------- USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details: http://www.linuxsecurity.com/content/view/137240 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
