+----------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 26th, 2009 Volume 10, Number 26 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for mahara, amule, xulrunner, vlc, apr-util, kernel, rt3, git, openssl, pcsc-lite, libpng, moin, libpng, gain, libtorrent, kde4, tomcat, java, ruby, logcheck, rpm, kdegraphics, thunderbird, icu, gstreamer, cyrus, seamonkey, and php. The distributors include Debian, Fedora, Mandriva, Red Hat, Slackware, Ubuntu, and Pardus. --- >> Linux+DVD Magazine << In each issue you can find information concerning the best use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. Catch up with what professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software are doing! http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Review: Googling Security: How Much Does Google Know About You -------------------------------------------------------------- If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business and what you can do to protect yourself. http://www.linuxsecurity.com/content/view/145939 --- A Secure Nagios Server ---------------------- Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security. http://www.linuxsecurity.com/content/view/144088 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! (Dec 9) ------------------------------------------------------ Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: New mahara packages fix cross-site scripting (Jun 23) ------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149203 * Debian: New amule packages fix insufficient input sanitising (Jun 22) --------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149197 * Debian: New xulrunner packages fix several vulnerabilities (Jun 18) ------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149177 * Debian: New vlc packages fix several vulnerabilities (Jun 18) ------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149176 ------------------------------------------------------------------------ * Fedora 10 Update: apr-util-1.3.7-1.fc10 (Jun 24) ------------------------------------------------ Update to upstream version 1.3.7, see: http://svn.apache.org/repos/asf/apr /apr-util/tags/1.3.7/CHANGES Security fixes: - CVE-2009-0023 Fix underflow in apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. - CVE-2009-1956 Fix off by one overflow in apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on big-endian architectures. http://www.linuxsecurity.com/content/view/149223 * Fedora 11 Update: apr-util-1.3.7-1.fc11 (Jun 24) ------------------------------------------------ Update to upstream version 1.3.7, see: http://svn.apache.org/repos/asf/apr /apr-util/tags/1.3.7/CHANGES Security fixes: - CVE-2009-0023 Fix underflow in apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. - CVE-2009-1956 Fix off by one overflow in apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on big-endian architectures. http://www.linuxsecurity.com/content/view/149222 * Fedora 9 Update: kernel-2.6.27.25-78.2.56.fc9 (Jun 24) ------------------------------------------------------ Update to linux kernel 2.6.27.25: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25 http://www.linuxsecurity.com/content/view/149221 * Fedora 11 Update: rt3-3.8.2-8.fc11 (Jun 24) ------------------------------------------- http://www.linuxsecurity.com/content/view/149219 * Fedora 9 Update: apr-util-1.2.12-7.fc9 (Jun 24) ----------------------------------------------- Backport security fixes from upstream version 1.3.7: - CVE-2009-0023 Fix underflow in apr_strmatch_precompile. - CVE-2009-1955 Fix a denial of service attack against the apr_xml_* interface using the "billion laughs" entity expansion technique. - CVE-2009-1956 Fix off by one overflow in apr_brigade_vprintf. Note: CVE-2009-1956 is only an issue on big-endian architectures. http://www.linuxsecurity.com/content/view/149220 * Fedora 10 Update: rt3-3.8.2-8.fc10 (Jun 24) ------------------------------------------- http://www.linuxsecurity.com/content/view/149218 * Fedora 10 Update: git-1.6.0.6-4.fc10 (Jun 24) --------------------------------------------- This update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description. http://www.linuxsecurity.com/content/view/149217 * Fedora 11 Update: kernel-2.6.29.5-191.fc11 (Jun 24) --------------------------------------------------- Update to kernel 2.6.29.5: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.5 Includes DRM modesetting bug fixes. Adds driver for VIA SD/MMC controllers and full support for the Nano processor in 64-bit mode. http://www.linuxsecurity.com/content/view/149216 * Fedora 11 Update: git-1.6.2.5-1.fc11 (Jun 24) --------------------------------------------- This update fixes a Denial of Service vulnerability in git-daemon. http://www.linuxsecurity.com/content/view/149215 * Fedora 9 Update: git-1.6.0.6-4.fc9 (Jun 24) ------------------------------------------- This update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description. http://www.linuxsecurity.com/content/view/149213 * Fedora 10 Update: kernel-2.6.27.25-170.2.72.fc10 (Jun 24) --------------------------------------------------------- Update to linux kernel 2.6.27.25: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.25 http://www.linuxsecurity.com/content/view/149214 * Fedora 11 Update: openssl-0.9.8k-5.fc11 (Jun 19) ------------------------------------------------ Security update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 http://www.linuxsecurity.com/content/view/149186 * Fedora 9 Update: openssl-0.9.8g-9.14.fc9 (Jun 19) ------------------------------------------------- Security update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 http://www.linuxsecurity.com/content/view/149185 * Fedora 10 Update: openssl-0.9.8g-14.fc10 (Jun 19) ------------------------------------------------- Security update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 http://www.linuxsecurity.com/content/view/149184 * Fedora 11 Update: pcsc-lite-1.5.2-2.fc11 (Jun 19) ------------------------------------------------- Correct directory with world writeable permissions but no sticky bit set. http://www.linuxsecurity.com/content/view/149183 * Fedora 9 Update: libpng-1.2.37-1.fc9 (Jun 18) --------------------------------------------- Update to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue, but it's been classified as a security issue... http://www.linuxsecurity.com/content/view/149172 * Fedora 11 Update: moin-1.8.4-1.fc11 (Jun 18) -------------------------------------------- This package updates Moin to 1.8.4, http://moinmo.in/MoinMoinRelease1.8 has a list of changes. This package includes a security fix for a hierarchical ACL vulnerability (hierarchical is not the default ACL mode), http://moinmo.in/SecurityFixes has the details of the fix. http://www.linuxsecurity.com/content/view/149171 * Fedora 9 Update: moin-1.6.4-2.fc9 (Jun 18) ------------------------------------------ This update includes a security fix for a hierarchical ACL vulnerability (hierarchical is not the default ACL mode), http://moinmo.in/SecurityFixes has the details of the fix. http://www.linuxsecurity.com/content/view/149170 * Fedora 10 Update: moin-1.6.4-2.fc10 (Jun 18) -------------------------------------------- This update includes a security fix for a hierarchical ACL vulnerability (hierarchical is not the default ACL mode), http://moinmo.in/SecurityFixes has the details of the fix. http://www.linuxsecurity.com/content/view/149169 * Fedora 10 Update: libpng-1.2.37-1.fc10 (Jun 18) ----------------------------------------------- Update to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue, but it's been classified as a security issue... http://www.linuxsecurity.com/content/view/149168 * Fedora 10 Update: giflib-4.1.6-2.fc10 (Jun 18) ---------------------------------------------- - Update to 4.1.6 containing several upstream fixes etc. - Solved multilib problems with documentation (#465208, #474538) - Removed static library from giflib-devel package (#225796 #c1) http://www.linuxsecurity.com/content/view/149167 * Fedora 11 Update: libpng-1.2.37-1.fc11 (Jun 18) ----------------------------------------------- Update to libpng 1.2.37, to fix CVE-2009-2042. This is a pretty low-risk issue, but it's been classified as a security issue... http://www.linuxsecurity.com/content/view/149166 ------------------------------------------------------------------------ * Mandriva: Subject: [Security Announce] [ MDVSA-2009:140 ] gaim (Jun 25) ----------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in gaim: Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information (CVE-2009-1373). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/149234 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:140 ] gaim (Jun 25) ----------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in gaim: Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information (CVE-2009-1373). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/149235 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:140 ] gaim (Jun 25) ----------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in gaim: Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information (CVE-2009-1373). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/149233 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:139 ] libtorrent-rasterbar (Jun 24) --------------------------------------------------------------------------------------- A security vulnerability has been identified and corrected in libtorrent-rasterbar: Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file (CVE-2009-1760). The updated packages have been patched to prevent this. http://www.linuxsecurity.com/content/view/149210 * Mandriva: Subject: [Security Announce] [ MDVA-2009:118 ] kde4 (Jun 23) ---------------------------------------------------------------------- Mandriva Linux 2009 was released with KDE4 version 4.1. This update upgrades KDE4 in Mandriva Linux 2009 to version 4.2, which brings many bugfixes and overall improvements. http://www.linuxsecurity.com/content/view/149202 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:138 ] tomcat5 (Jun 22) -------------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580). The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783). The updated packages have been patched to prevent this. Additionally Apache Tomcat has been upgraded to the latest 5.5.27 version for 2009.0. http://www.linuxsecurity.com/content/view/149201 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:138 ] tomcat5 (Jun 22) -------------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580). The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783). The updated packages have been patched to prevent this. Additionally Apache Tomcat has been upgraded to the latest 5.5.27 version for 2009.0. http://www.linuxsecurity.com/content/view/149200 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:138 ] tomcat5 (Jun 22) -------------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580). The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783). The updated packages have been patched to prevent this. Additionally Apache Tomcat has been upgraded to the latest 5.5.27 version for 2009.0. http://www.linuxsecurity.com/content/view/149199 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:136 ] tomcat5 (Jun 22) -------------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in tomcat5: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580). The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781). Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783). The updated packages have been patched to prevent this. Additionally Apache Tomcat has been upgraded to the latest 5.5.27 version for 2009.0. http://www.linuxsecurity.com/content/view/149198 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:137 ] java-1.6.0-openjdk (Jun 19) ------------------------------------------------------------------------------------- Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK: A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). Further security fixes in the JRE and in the Java API of OpenJDK: A flaw in handling temporary font files by the Java Virtual Machine (JVM) allows remote attackers to cause denial of service (CVE-2006-2426). An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service (CVE-2009-0794). A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service (CVE-2009-1093). A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response (CVE-2009-1094). Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet (CVE-2009-1095, CVE-2009-1096). A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code (CVE-2009-1097). A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image (CVE-2009-1098). A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling allows remote attackers to cause a denial of service on the service endpoint's server side (CVE-2009-1101). A flaw in the Java Runtime Environment Virtual Machine code generation allows remote attackers to execute arbitrary code via a crafted applet (CVE-2009-1102). This update provides fixes for these issues. Update: java-1.6.0-openjdk requires rhino packages and these has been further updated. http://www.linuxsecurity.com/content/view/149188 * Mandriva: Subject: [Security Announce] [ MDVA-2009:117 ] ruby-RubyGems (Jun 18) ------------------------------------------------------------------------------- On x86_64, rubygems assumes that the gem installation path is in /usr/lib64/ruby. This is problematic because all of the Mandriva ruby-* packages install their rb files under /usr/lib/ruby regardless of the machine architecture; rubygems consequently cannot find any of the installed gems. This update fixes this issue. http://www.linuxsecurity.com/content/view/149179 * Mandriva: Subject: [Security Announce] [ MDVA-2009:116 ] glibc (Jun 18) ----------------------------------------------------------------------- New glibc release to fix some issues found in glibc 2.8 present in Mandriva 2009.0: - ulimit(UL_SETFSIZE) does not return the integer part of the new file size limit divided by 512 (http://linuxtesting.org/results/report?num=S0167, Mandriva bug #51685) - When including pthread.h and using pthread_cleanup_pop or pthread_cleanup_pop_restore_np macros, a compiler warning is issued or build error happens if -Werror is used (http://sourceware.org/bugzilla/show_bug.cgi?id=7056, Mandriva bug #49142) http://www.linuxsecurity.com/content/view/149178 * Mandriva: Subject: [Security Announce] [ MDVA-2009:115 ] webkit (Jun 18) ------------------------------------------------------------------------ Webkit shipped in 2009.1 has a bug that closes The Gimp help-browser plugin, this update fixes this issue. http://www.linuxsecurity.com/content/view/149175 * Mandriva: Subject: [Security Announce] [ MDVA-2009:114 ] logcheck (Jun 18) -------------------------------------------------------------------------- The logcheck package shipped in mandriva 2009.1 had two issues, preventing it to run properly: - its configuration directory (/etc/logcheck) is not readable with the identity used for running logcheck - it uses run-parts utility with unsupported --list option http://www.linuxsecurity.com/content/view/149174 * Mandriva: Subject: [Security Announce] [ MDVA-2009:113 ] rpm (Jun 18) --------------------------------------------------------------------- This update fixes a minor issue with rpm: - mdvsys mass-update can segfault when parsing the %apply_patches macros through librpm (bug #50579) http://www.linuxsecurity.com/content/view/149173 ------------------------------------------------------------------------ * RedHat: Critical: kdelibs security update (Jun 25) -------------------------------------------------- Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149236 * RedHat: Important: kdelibs security update (Jun 25) --------------------------------------------------- Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149237 * RedHat: Critical: kdegraphics security update (Jun 25) ------------------------------------------------------ Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149238 * RedHat: Moderate: net-snmp security update (Jun 25) --------------------------------------------------- Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149230 * RedHat: Moderate: thunderbird security update (Jun 25) ------------------------------------------------------ An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149231 * RedHat: Moderate: thunderbird security update (Jun 25) ------------------------------------------------------ An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149232 * RedHat: Moderate: icu security update (Jun 25) ---------------------------------------------- Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149228 * RedHat: Moderate: gstreamer-plugins-good security update (Jun 25) ----------------------------------------------------------------- Updated gstreamer-plugins-good packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149229 * RedHat: Important: cyrus-imapd security update (Jun 18) ------------------------------------------------------- Updated cyrus-imapd packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149181 ------------------------------------------------------------------------ * Slackware: seamonkey (Jun 25) ------------------------------- New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found on the Mozilla web site: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm l http://www.linuxsecurity.com/content/view/149225 * Slackware: libpng (Jun 19) ---------------------------- New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. Jeff Phillips discovered an uninitialized-memory-read bug affecting interlaced images that may have security implications. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 http://www.linuxsecurity.com/content/view/149191 * Slackware: ruby (Jun 19) -------------------------- New ruby packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1904 http://www.linuxsecurity.com/content/view/149190 ------------------------------------------------------------------------ * Ubuntu: Moodle vulnerabilities (Jun 24) ---------------------------------------- Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215) Nigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003) It was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669) It was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153) Mike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022) It was discovered that the HTML sanitizer, "Login as" feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007) It was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010) Kevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user's configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023) Daniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006) Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009) Johannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003) Hanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004) Debbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002) Lars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021) It was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806) It was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (MDL-11857) http://www.linuxsecurity.com/content/view/149224 * Ubuntu: GStreamer Good Plugins vulnerability (Jun 22) ------------------------------------------------------ Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. http://www.linuxsecurity.com/content/view/149193 ------------------------------------------------------------------------ * Pardus: Php: Denial of Service (Jun 25) --------------------------------------- exploited by malicious people to cause a DoS (Denial of Service). http://www.linuxsecurity.com/content/view/149227 * Pardus: Compress::Raw::Zlib: Denial of (Jun 25) ----------------------------------------------- Perl, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the module. http://www.linuxsecurity.com/content/view/149226 * Pardus: Firefox: Multiple Vulnerabilities (Jun 24) -------------------------------------------------- exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a vulnerable system. http://www.linuxsecurity.com/content/view/149209 * Pardus: Git: Denial of Service (Jun 24) --------------------------------------- malicious people to cause a DoS (Denial of Service). http://www.linuxsecurity.com/content/view/149207 * Pardus: Ruby: Denial of Service (Jun 24) ---------------------------------------- malicious people to cause a DoS (Denial of Service). http://www.linuxsecurity.com/content/view/149208 * Pardus: Imagemagick: Multiple (Jun 24) -------------------------------------- exploited by malicious people to potentially compromise a user's system. http://www.linuxsecurity.com/content/view/149205 * Pardus: Gst-plugins-good: Multiple Integer (Jun 24) --------------------------------------------------- can be exploited by malicious people to potentially compromise an application using the library. http://www.linuxsecurity.com/content/view/149206 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
