+----------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 19th, 2008 Volume 9, Number 38 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for openssh, git-core, clamav, koffice, wordnet, mplayer, apache, kolab-server, vpnc, libxml2, rsh, bzip2, and freetype. The distributors include Debian, Mandriva, Red Hat, and Ubuntu. --- >> Linux+DVD Magazine << In each issue you can find information concerning the best use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. Catch up with what professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software are doing! http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Review: Hacking Exposed Linux, Third Edition -------------------------------------------- "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack. http://www.linuxsecurity.com/content/view/141165 --- Security Features of Firefox 3.0 -------------------------------- Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security. Read on for more security features of Firefox 3.0. http://www.linuxsecurity.com/content/view/138972 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.20 Now Available (Aug 19) ------------------------------------------------------ Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.20 (Version 3.0, Release 20). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce. http://www.linuxsecurity.com/content/view/141173 ------------------------------------------------------------------------ * Debian: New openssh packages fix denial of service (Sep 16) ----------------------------------------------------------- It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109). http://www.linuxsecurity.com/content/view/142094 * Debian: New git-core packages fix buffer overflow (Sep 15) ---------------------------------------------------------- Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code. http://www.linuxsecurity.com/content/view/142083 ------------------------------------------------------------------------ * Mandriva: Subject: [Security Announce] [ MDVSA-2008:189-1 ] clamav (Sep 17) --------------------------------------------------------------------------- Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). http://www.linuxsecurity.com/content/view/142225 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:197-1 ] koffice (Sep 17) ---------------------------------------------------------------------------- Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693). http://www.linuxsecurity.com/content/view/142220 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:198 ] R-base (Sep 16) ------------------------------------------------------------------------- A symlink vulnerability was found in the javareconf script in R that allows local users to overwrite arbitrary files (CVE-2008-3931). The updated packages have been patched to prevent this issue. http://www.linuxsecurity.com/content/view/142095 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:197 ] koffice (Sep 15) -------------------------------------------------------------------------- Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693). http://www.linuxsecurity.com/content/view/142090 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:182-1 ] wordnet (Sep 15) ---------------------------------------------------------------------------- Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149, CVE-2008-3908). http://www.linuxsecurity.com/content/view/142089 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:196 ] mplayer (Sep 15) -------------------------------------------------------------------------- Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. http://www.linuxsecurity.com/content/view/142088 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:195 ] apache (Sep 13) ------------------------------------------------------------------------- A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364). http://www.linuxsecurity.com/content/view/142036 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:194 ] apache2 (Sep 13) -------------------------------------------------------------------------- A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). http://www.linuxsecurity.com/content/view/142035 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:193 ] kolab-server (Sep 13) ------------------------------------------------------------------------------- Gavin McCullagh of Griffith College Dublin reported an issue in Kolab v1 where user passwords were being recorded in the Apache log files due to Kolab using HTTP GET requests rather than HTTP POST requests. This would allow any users with access to the Apache log files to harvest user passwords and possibly other sensitive data. The patch to fix this problem also corrects and issue where non-alphanumeric characters in passwords, set via the Kolab web interface, did not work. http://www.linuxsecurity.com/content/view/142034 * Mandriva: Subject: [Security Announce] [ MDVA-2008:122 ] vpnc (Sep 11) ---------------------------------------------------------------------- The vpnc package that shipped with Mandriva Linux 2008.1 was missing the cisco-decrypt binary, which is used for converting Cisco VPN client profile files encrypted passwords. As a result, any call to pcf2vpnc failed due to the missing binary. This update provides the missing binary. http://www.linuxsecurity.com/content/view/142010 * Mandriva: Subject: [Security Announce] [ MDVA-2008:120 ] draksnapshot (Sep 11) ------------------------------------------------------------------------------ This update fixes several minor issues with draksnapshot, such as backups not being completed due to bad permissions. A number of fixes were done to the applet as well, including notifications showing as information instead of warnings. Draksnapshot now no longer auto-disables after configuring, and it only pops up if a USB disk is mounted. Finally, it now prevents showing the panel icon before the bubble, so the latter is correctly placed. http://www.linuxsecurity.com/content/view/142008 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:192 ] libxml2 (Sep 11) -------------------------------------------------------------------------- A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code (CVE-2008-3529). http://www.linuxsecurity.com/content/view/142007 * Mandriva: Subject: [Security Announce] [ MDVSA-2008:191 ] rsh (Sep 11) ---------------------------------------------------------------------- A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server (CVE-2004-0175). http://www.linuxsecurity.com/content/view/142006 ------------------------------------------------------------------------ * RedHat: Critical: RealPlayer security update (Sep 17) ----------------------------------------------------- RealPlayer 10.0.9 as shipped in Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary, contains a security flaw and should not be used. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 17 September 2008] http://www.linuxsecurity.com/content/view/142221 * RedHat: Moderate: bzip2 security update (Sep 16) ------------------------------------------------ Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/142093 * RedHat: Important: libxml2 security update (Sep 11) --------------------------------------------------- A denial of service flaw was found in the way libxml2 processed certain content. If an application linked against libxml2 processed malformed XML content, it could cause the application to use an excessive amount of CPU time and memory, and stop responding. (CVE-2003-1564) http://www.linuxsecurity.com/content/view/141784 * RedHat: Important: libxml2 security update (Sep 11) --------------------------------------------------- Updated libxml2 packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/141783 ------------------------------------------------------------------------ * Ubuntu: libxml2 vulnerabilities (Sep 11) ----------------------------------------- It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2008-3529) http://www.linuxsecurity.com/content/view/142004 * Ubuntu: FreeType vulnerabilities (Sep 11) ------------------------------------------ Multiple flaws were discovered in the PFB and TTF font handling code in freetype. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges or cause the application linked against freetype to crash, leading to a denial of service. http://www.linuxsecurity.com/content/view/142005 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------