+----------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | February 27th, 2009 Volume 10, Number 9 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for proftpd, python-crypto, mingw, libpng, optipng, perl-crypt-openssl, trickle, emacs, ktorrent, valgrind, net-snmp, epiphany, magios, php-smarty, vim, pycrypto, php, libzip, dia, firefox,kernel, gnumeric, samba, cups, imap, git, libpng, and flash-player. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, and Pardus. --- >> Linux+DVD Magazine << In each issue you can find information concerning the best use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. Catch up with what professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software are doing! http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Review: Googling Security: How Much Does Google Know About You -------------------------------------------------------------- If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business and what you can do to protect yourself. http://www.linuxsecurity.com/content/view/145939 --- A Secure Nagios Server ---------------------- Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security. http://www.linuxsecurity.com/content/view/144088 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! (Dec 9) ------------------------------------------------------ Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: New proftpd-dfsg packages fix SQL injection vulnerabilites (Feb 26) --------------------------------------------------------------------------- Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. http://www.linuxsecurity.com/content/view/148072 * Debian: New python-crypto packages fix denial of service (Feb 25) ----------------------------------------------------------------- Mike Wiacek discovered that a buffer overflow in the ARC2 implementation of Python Crypto, a collection of cryptographic algorithms and protocols for Python allows denial of service and potentially the execution of arbitrary code. http://www.linuxsecurity.com/content/view/148067 ------------------------------------------------------------------------ * Fedora 10 Update: mingw32-libpng-1.2.35-1.fc10 (Feb 26) ------------------------------------------------------- Update to libpng 1.2.35, to fix CVE-2009-0040. http://www.linuxsecurity.com/content/view/148079 * Fedora 10 Update: mldonkey-2.9.7-3.fc10 (Feb 26) ------------------------------------------------ Fix remote arbitrary file disclosure via a GET request with more than one leading / (slash) character in the filename. Ver. 2.9.7 http://www.linuxsecurity.com/content/view/148077 * Fedora 9 Update: libpng-1.2.35-1.fc9 (Feb 26) --------------------------------------------- Fixes CVE-2009-0040 http://www.linuxsecurity.com/content/view/148078 * Fedora 9 Update: mldonkey-2.9.7-3.fc9 (Feb 26) ---------------------------------------------- Fix remote arbitrary file disclosure via a GET request with more than one leading / (slash) character in the filename. http://www.linuxsecurity.com/content/view/148075 * Fedora 10 Update: libpng-1.2.35-1.fc10 (Feb 26) ----------------------------------------------- Fixes CVE-2009-0040 http://www.linuxsecurity.com/content/view/148076 * Fedora 9 Update: optipng-0.6.2.1-1.fc9 (Feb 26) ----------------------------------------------- This update fixes an array overflow vulnerability. http://www.linuxsecurity.com/content/view/148073 * Fedora 10 Update: optipng-0.6.2.1-1.fc10 (Feb 26) ------------------------------------------------- This update fixes an array overflow vulnerability. http://www.linuxsecurity.com/content/view/148074 * Fedora 10 Update: perl-Crypt-OpenSSL-DSA-0.13-12.fc10 (Feb 25) -------------------------------------------------------------- Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon error rather than returning a -1 to ensure programmers are not caught by surprise which only checking for non-zero results. http://www.linuxsecurity.com/content/view/148065 * Fedora 10 Update: trickle-1.07-7.fc10 (Feb 24) ---------------------------------------------- New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle: Possibility to load arbitrary code from current working directory http://www.linuxsecurity.com/content/view/148060 * Fedora 10 Update: gstreamer-plugins-good-0.10.13-1.fc10 (Feb 24) ---------------------------------------------------------------- Update to 0.10.13 http://www.linuxsecurity.com/content/view/148058 * Fedora 9 Update: trickle-1.07-7.fc9 (Feb 24) -------------------------------------------- New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle: Possibility to load arbitrary code from current working directory http://www.linuxsecurity.com/content/view/148057 * Fedora 9 Update: gstreamer-plugins-good-0.10.8-10.fc9 (Feb 24) -------------------------------------------------------------- Patch for overflows in the QT demuxer (#481267) http://www.linuxsecurity.com/content/view/148056 * Fedora 9 Update: perl-Crypt-OpenSSL-DSA-0.13-9.fc9 (Feb 19) ----------------------------------------------------------- Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon error rather than returning a -1 to ensure programmers are not caught by surprise which only checking for non-zero results. http://www.linuxsecurity.com/content/view/148027 ------------------------------------------------------------------------ * Gentoo: GNU Emacs, XEmacs Multiple vulnerabilities (Feb 23) ----------------------------------------------------------- Two vulnerabilities were found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. One also affects edit-utils in XEmacs. http://www.linuxsecurity.com/content/view/148050 * Gentoo: KTorrent Multiple vulnerabilitites (Feb 23) --------------------------------------------------- Two vulnerabilities in the web interface plugin in KTorrent allow for remote execution of code and arbitrary torrent uploads. http://www.linuxsecurity.com/content/view/148049 ------------------------------------------------------------------------ * Mandriva: [ MDVSA-2009:057 ] valgrind (Feb 26) ---------------------------------------------- A vulnerability has been identified and corrected in valgrind: Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario. (CVE-2008-4865) The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148080 * Mandriva: [ MDVSA-2009:056 ] net-snmp (Feb 25) ---------------------------------------------- A vulnerability has been identified and corrected in net-snmp: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. (CVE-2008-6123) http://www.linuxsecurity.com/content/view/148071 * Mandriva: [ MDVSA-2009:048-2 ] epiphany (Feb 25) ------------------------------------------------ Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory (CVE-2008-5985). http://www.linuxsecurity.com/content/view/148068 * Mandriva: [ MDVSA-2009:055 ] audacity (Feb 25) ---------------------------------------------- A vulnerability has been identified and corrected in audacity: Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string (CVE-2009-0490). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148066 * Mandriva: [ MDVA-2009:030 ] wxGTK2.5 (Feb 25) --------------------------------------------- A required development package was missing when trying to build audacity updates. New wxGTK2.5 packages has been built to correct this. http://www.linuxsecurity.com/content/view/148064 * Mandriva: [ MDVA-2009:029 ] nagios-plugins (Feb 24) --------------------------------------------------- This update provides the latest bugfixes in the nagios-plugins suite. http://www.linuxsecurity.com/content/view/148062 * Mandriva: [ MDVSA-2009:054 ] nagios (Feb 24) -------------------------------------------- A vulnerability has been identified and corrected in nagios: Cross-site scripting (XSS) vulnerability in Nagios allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2007-5624 and CVE-2008-1360 (CVE-2007-5803). http://www.linuxsecurity.com/content/view/148061 * Mandriva: [ MDVSA-2009:053 ] squirrelmail (Feb 24) -------------------------------------------------- A vulnerability has been identified and corrected in squirrelmail: Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie (CVE-2008-3663). http://www.linuxsecurity.com/content/view/148059 * Mandriva: [ MDVSA-2009:052 ] php-smarty (Feb 24) ------------------------------------------------ A vulnerability has been identified and corrected in php-smarty: The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka php executed in templates http://www.linuxsecurity.com/content/view/148055 * Mandriva: [ MDVSA-2009:047-1 ] vim (Feb 24) ------------------------------------------- Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory (CVE-2009-0316). This update provides fix for that vulnerability. http://www.linuxsecurity.com/content/view/148054 * Mandriva: [ MDVSA-2009:047-1 ] vim (Feb 24) ------------------------------------------- Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory (CVE-2009-0316). This update provides fix for that vulnerability. http://www.linuxsecurity.com/content/view/148053 * Mandriva: [ MDVSA-2009:048-1 ] epiphany (Feb 24) ------------------------------------------------ Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory (CVE-2008-5985). This update provides fix for that vulnerability. http://www.linuxsecurity.com/content/view/148052 * Mandriva: [ MDVSA-2009:049-1 ] pycrypto (Feb 23) ------------------------------------------------ A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). http://www.linuxsecurity.com/content/view/148051 * Mandriva: [ MDVSA-2009:051 ] libpng (Feb 23) -------------------------------------------- A number of vulnerabilities have been found and corrected in libpng: Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was allready fixed in Mandriva Linux 2009.0. Fix the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0 (CVE-2008-5907). Fix a potential DoS (Denial of Service) or to potentially compromise an application using the library (CVE-2009-0040). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148048 * Mandriva: [ MDVSA-2009:050-1 ] python-pycrypto (Feb 23) ------------------------------------------------------- A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544) http://www.linuxsecurity.com/content/view/148047 * Mandriva: [ MDVSA-2009:050 ] python-pycrypto (Feb 20) ----------------------------------------------------- A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148042 * Mandriva: [ MDVSA-2009:049 ] pycrypto (Feb 20) ---------------------------------------------- A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length (CVE-2009-0544). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/148041 * Mandriva: [ MDVSA-2009:048 ] epiphany (Feb 20) ---------------------------------------------- Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory (CVE-2008-5985). This update provides fix for that vulnerability. http://www.linuxsecurity.com/content/view/148040 * Mandriva: MDVSA-2009:047 ] vim (Feb 20) ---------------------------------------- Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory (CVE-2009-0316). This update provides fix for that vulnerability. http://www.linuxsecurity.com/content/view/148039 * Mandriva: [ MDVSA-2009:045 ] php (Feb 20) ----------------------------------------- A number of vulnerabilities have been found and corrected in PHP. http://www.linuxsecurity.com/content/view/148038 * Mandriva: [ MDVA-2009:028 ] libzip (Feb 20) ------------------------------------------- Some problems were discovered and corrected with php-zip in CS4: PHP complains about a missing zip_add_dir symbol that is present in libzip-0.8+. New packages has been built to correct this problem. http://www.linuxsecurity.com/content/view/148037 * Mandriva: [ MDVSA-2009:046 ] dia (Feb 20) ----------------------------------------- Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory (CVE-2008-5984). This update provides fix for that vulnerability. http://www.linuxsecurity.com/content/view/148036 * Mandriva:[ MDVSA-2009:044 ] firefox (Feb 20) -------------------------------------------- Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. http://www.linuxsecurity.com/content/view/148034 * Mandriva: [ MDVA-2009:027 ] kernel (Feb 20) ------------------------------------------- Some problems were discovered and corrected in the Linux 2.6 kernel: Support was added for Intel 82567LM-3/82567LF-3/82567LM-4 network adapters, a bug in sunrpc causing oops when restarting nfsd was fixed, a bug in Walkman devices was workarounded, the sound drivers got some fixes, and a few more things were fixed. Check the package changelog for details. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate http://www.linuxsecurity.com/content/view/148033 * Mandriva: [ MDVSA-2009:043 ] gnumeric (Feb 19) ---------------------------------------------- Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Gnumeric working directory (CVE-2009-0318). This update provides fix for that vulnerability. http://www.linuxsecurity.com/content/view/148032 * Mandriva: [ MDVA-2009:026-1 ] samba (Feb 19) -------------------------------------------- This update fixes two minor issues with samba. Package does not install from update because of missing dependency (#47979). Fix dependencies because /usr/include/tdb.h was moved from libsmbclient0-devel to libtdb-devel and this led to a file conflict and prevented a smooth upgrade. This update fixes both issues. http://www.linuxsecurity.com/content/view/148029 * Mandriva: [ MDVA-2009:026-1 ] samba (Feb 19) -------------------------------------------- This update fixes two minor issues with samba. Package does not install from update because of missing dependency (#47979). Fix dependencies because /usr/include/tdb.h was moved from libsmbclient0-devel to libtdb-devel and this led to a file conflict and prevented a smooth upgrade. This update fixes both issues. http://www.linuxsecurity.com/content/view/148028 * Mandriva: [ MDVA-2009:026 ] samba (Feb 19) ------------------------------------------ This update fixes two minor issues with samba. Package does not install from update because of missing dependency (#47979). Fix dependencies because /usr/include/tdb.h was moved from libsmbclient0-devel to libtdb-devel and this led to a file conflict and prevented a smooth upgrade. This update fixes both issues. http://www.linuxsecurity.com/content/view/148026 ------------------------------------------------------------------------ * RedHat: Critical: flash-plugin security update (Feb 25) ------------------------------------------------------- An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148069 * RedHat: Critical: flash-plugin security update (Feb 25) ------------------------------------------------------- An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148070 * RedHat: Important: kernel security update (Feb 24) -------------------------------------------------- Updated kernel packages that resolve several security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148063 * RedHat: Moderate: imap security update (Feb 19) ----------------------------------------------- Updated imap packages to fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148030 * RedHat: Important: cups security update (Feb 19) ------------------------------------------------ Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/148031 ------------------------------------------------------------------------ * Slackware: git (Feb 20) ----------------------- New git packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database. http://www.linuxsecurity.com/content/view/148044 * Slackware: libpng (Feb 20) -------------------------- New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database. http://www.linuxsecurity.com/content/view/148043 ------------------------------------------------------------------------ * SuSE: flash-player (SUSE-SA:2009:011) (Feb 26) ---------------------------------------------- Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0521). http://www.linuxsecurity.com/content/view/148082 * SuSE: Linux kernel (SUSE-SA:2009:010) (Feb 26) ---------------------------------------------- This update fixes several security issues and lots of bugs in the openSUSE 11.1 kernel. http://www.linuxsecurity.com/content/view/148081 ------------------------------------------------------------------------ * Pardus: Libpng: Denial of Service (Feb 23) ------------------------------------------ A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. http://www.linuxsecurity.com/content/view/148046 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------