+----------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 15th, 2008 Volume 9, Number 33 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for powerdns, thunderbird, httpd, uudeview, openldap, stunnel, clamav, cups, hplip, perl, python, rxvt, postfix, tum-rhn-plugin, condor, and opensman. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE. --- >> Linux+DVD Magazine << In each issue you can find information concerning the best use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. Catch up with what professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software are doing! http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Security Features of Firefox 3.0 -------------------------------- Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security. Read on for more security features of Firefox 3.0. http://www.linuxsecurity.com/content/view/138972 --- Review: The Book of Wireless ---------------------------- "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks. http://www.linuxsecurity.com/content/view/136167 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.19 Now Available! (Apr 15) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/136174 ------------------------------------------------------------------------ * Debian: New PowerDNS packages reduce DNS spoofing risk (Aug 10) --------------------------------------------------------------- Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing (CVE-2008-3337). This update changes PowerDNS to respond with SERVFAIL responses instead. http://www.linuxsecurity.com/content/view/141041 ------------------------------------------------------------------------ * Fedora 8 Update: thunderbird-2.0.0.16-1.fc8 (Aug 7) --------------------------------------------------- Updated thunderbird packages that fix several security issues are now available for Fedora 8. Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) http://www.linuxsecurity.com/content/view/140991 * Fedora 8 Update: httpd-2.2.9-1.fc8 (Aug 7) ------------------------------------------ This update includes the latest release of httpd 2.2. A security issue is fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. http://www.linuxsecurity.com/content/view/140998 * Fedora 9 Update: httpd-2.2.9-1.fc9 (Aug 7) ------------------------------------------ This update includes the latest release of httpd 2.2. Two security issues are fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. A remote attacker enabling compression in an SSL handshake could cause a memory leak in the server, leading to a denial of service. http://www.linuxsecurity.com/content/view/140899 ------------------------------------------------------------------------ * Gentoo: UUDeview Insecure temporary file creation (Aug 11) ---------------------------------------------------------- A vulnerability in UUDeview may allow local attackers to conduct symlink attacks. http://www.linuxsecurity.com/content/view/141046 * Gentoo: Adobe Reader User-assisted execution of arbitrary code (Aug 9) ---------------------------------------------------------------------- Adobe Reader is vulnerable to execution of arbitrary code via a crafted PDF. http://www.linuxsecurity.com/content/view/141040 * Gentoo: OpenLDAP Denial of Service vulnerability (Aug 8) -------------------------------------------------------- A flaw in OpenLDAP allows remote unauthenticated attackers to cause a Denial of Service. http://www.linuxsecurity.com/content/view/141038 * Gentoo: stunnel Security bypass (Aug 8) --------------------------------------- stunnel does not properly prevent the authentication of a revoked certificate which would be published by OCSP. http://www.linuxsecurity.com/content/view/141037 * Gentoo: ClamAV Multiple Denials of Service (Aug 8) -------------------------------------------------- Multiple vulnerabilities in ClamAV may result in a Denial of Service. http://www.linuxsecurity.com/content/view/141036 ------------------------------------------------------------------------ * Mandriva: Subject: [Security Announce] [ MDVSA-2008:170 ] cups (Aug 14) ----------------------------------------------------------------------- Thomas Pollet discovered an integer overflow vulnerability in the PNG image handling filter in CUPS. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a denial of service by sending a specially crafted PNG image to the print server (CVE-2008-1722). http://www.linuxsecurity.com/content/view/141154 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:169 ] hplip (Aug 14) ------------------------------------------------------------------------ Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account (CVE-2008-2940). http://www.linuxsecurity.com/content/view/141153 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:168 ] stunnel (Aug 14) -------------------------------------------------------------------------- A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel (CVE-2008-2420). This flaw only concerns users who have enabled OCSP validation http://www.linuxsecurity.com/content/view/141152 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:166 ] clamav (Aug 12) ------------------------------------------------------------------------- An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a denial of service via a malformed Petite file that triggered an out-of-bounds memory access (CVE-2008-3215). This issue is corrected with the 0.93.3 release which is being provided. http://www.linuxsecurity.com/content/view/141150 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:167 ] kernel (Aug 12) ------------------------------------------------------------------------- Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. (CVE-2008-2136) T http://www.linuxsecurity.com/content/view/141149 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:165 ] perl (Aug 11) ----------------------------------------------------------------------- The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack. The updated packages have been patched to fix this. http://www.linuxsecurity.com/content/view/141047 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:164 ] python (Aug 7) ------------------------------------------------------------------------ Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). http://www.linuxsecurity.com/content/view/141031 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:163 ] python (Aug 7) ------------------------------------------------------------------------ Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). http://www.linuxsecurity.com/content/view/141030 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:161 ] rxvt (Aug 7) ---------------------------------------------------------------------- A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections (CVE-2008-1142). http://www.linuxsecurity.com/content/view/140887 ------------------------------------------------------------------------ * RedHat: Moderate: postfix security update (Aug 14) -------------------------------------------------- Updated postfix packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/141159 * RedHat: Moderate: yum-rhn-plugin security update (Aug 14) --------------------------------------------------------- Updated yum-rhn-plugin packages that fix a security issue are now available for Red Hat Enterprise Linux 5. It was discovered that yum-rhn-plugin did not verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/141157 * RedHat: Moderate: hplip security update (Aug 12) ------------------------------------------------ Updated hplip packages that fix various security issues are now available for Red Hat Enterprise Linux 5.A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/141148 * RedHat: Moderate: condor security and bug fix update (Aug 11) ------------------------------------------------------------- Updated condor packages that fix a security issue and several bugs are now available for Red Hat Enterprise MRG. A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs, even when such access should have been denied. http://www.linuxsecurity.com/content/view/141044 * RedHat: Moderate: condor security and bug fix update (Aug 11) ------------------------------------------------------------- Updated condor packages that fix a security issue and several bugs are now available for Red Hat Enterprise MRG. A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs, even when such access should have been denied. http://www.linuxsecurity.com/content/view/141045 * RedHat: Moderate: dnsmasq security update (Aug 11) -------------------------------------------------- An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/141043 ------------------------------------------------------------------------ * SuSE: openwsman (SUSE-SA:2008:041) (Aug 14) ------------------------------------------- The SuSE Security-Team has found two critical issues in the code: - two remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234) - a possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233) http://www.linuxsecurity.com/content/view/141158 * SuSE: postfix (SUSE-SA:2008:040) (Aug 14) ----------------------------------------- Postfix is a well known MTA. During a source code audit the SuSE Security-Team discovered a local privilege escalation bug (CVE-2008-2936) as well as a mailbox ownership problem (CVE-2008-2937) in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail http://www.linuxsecurity.com/content/view/141156 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
