+----------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 21st, 2009 Volume 10, Number 34 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for pidin, curl, kde4libs, kdegraphics, zope, libxml, kernel, squid, mingw32, thunderbird, wordpress-mu, dhcp, dillo, CDF, iptables, perl, wget, kernel, wxgtk, memcached, samba, libvorbis, and apache. This the distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu. --- >> Linux+DVD Magazine << In each issue you can find information concerning the best use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. Catch up with what professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software are doing! http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Review: Googling Security: How Much Does Google Know About You -------------------------------------------------------------- If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business and what you can do to protect yourself. http://www.linuxsecurity.com/content/view/145939 --- A Secure Nagios Server ---------------------- Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security. http://www.linuxsecurity.com/content/view/144088 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! (Dec 9) ------------------------------------------------------ Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: New pidgin packages fix arbitrary code execution (Aug 19) ----------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149810 * Debian: New curl packages fix SSL certificate verification weakness (Aug 19) ---------------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149808 * Debian: New kde4libs packages fix several vulnerabilities (Aug 19) ------------------------------------------------------------------ http://www.linuxsecurity.com/content/view/149801 * Debian: New kdegraphics packages fix several vulnerabilities (Aug 19) --------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149800 * Debian: New kdelibs packages fix several vulnerabilities (Aug 19) ----------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149799 * Debian: New Linux 2.6.18 packages fix several vulnerabilities (Aug 16) ---------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149775 * Debian: New Linux 2.6.24 packages fix privilege escalation (Aug 16) ------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149774 * Debian: New zope2.10/zope2.9 packages fix arbitrary code execution (Aug 15) --------------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149770 * Debian: New Linux 2.6.26 packages fix privilege escalation (Aug 14) ------------------------------------------------------------------- http://www.linuxsecurity.com/content/view/149762 * Debian: New libxml packages fix several issues (Aug 13) ------------------------------------------------------- http://www.linuxsecurity.com/content/view/149756 ------------------------------------------------------------------------ * Fedora 11 Update: kernel-2.6.29.6-217.2.8.fc11 (Aug 17) ------------------------------------------------------- Fix oops in clock_nanosleep syscall which allows an ordinary user to cause a null ptr dereference in the kernel. CVE-2009-2767. Fixes BUG_ON() in the intel gem page fault code breaking GNOME Shell. http://www.linuxsecurity.com/content/view/149783 * Fedora 10 Update: squid-3.0.STABLE18-1.fc10 (Aug 17) ---------------------------------------------------- Fixes several denial of service issues which could allow an attacker to stop the Squid service. CVE-2009-2621, CVE-2009-2622 http://www.linuxsecurity.com/content/view/149782 * Fedora 11 Update: squid-3.0.STABLE18-1.fc11 (Aug 17) ---------------------------------------------------- Fixes several denial of service issues which could allow an attacker to stop the Squid service. CVE-2009-2621, CVE-2009-2622 http://www.linuxsecurity.com/content/view/149781 * Fedora 10 Update: kernel-2.6.27.29-170.2.79.fc10 (Aug 15) --------------------------------------------------------- Fix sock_sendpage null pointer dereference. CVE-2009-2692. http://www.linuxsecurity.com/content/view/149772 * Fedora 11 Update: kernel-2.6.29.6-217.2.7.fc11 (Aug 15) ------------------------------------------------------- Fix sock_sendpage null pointer dereference. CVE-2009-2692. http://www.linuxsecurity.com/content/view/149773 * Fedora 10 Update: libxml-1.8.17-24.fc10 (Aug 15) ------------------------------------------------ This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) http://www.linuxsecurity.com/content/view/149769 * Fedora 11 Update: mingw32-libxml2-2.7.3-2.fc11 (Aug 15) ------------------------------------------------------- two patches for parsing problems raised by Ficora http://www.linuxsecurity.com/content/view/149767 * Fedora 11 Update: libxml-1.8.17-24.fc11 (Aug 15) ------------------------------------------------ This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) http://www.linuxsecurity.com/content/view/149768 * Fedora 11 Update: thunderbird-3.0-2.6.b3.fc11 (Aug 15) ------------------------------------------------------ Update to upstream version 3.0 Beta3. It includes security fixes recently fixed in stable Thunderbird 2.x and Firefox/Gecko security fixes: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.h tml http://www.mozilla.org/security/known-vulnerabilities/firefox30.html http://www.linuxsecurity.com/content/view/149765 * Fedora 10 Update: wordpress-mu-2.8.4a-1.fc10 (Aug 15) ----------------------------------------------------- Update spans MU-versions for the following security releases from upstream: http://wordpress.org/development/2009/08/2-8-4-security-release/ http://wordpress.org/development/2009/08/wordpress-2-8-3-security-rel ease/ * Backport of XSS fixes from WordPress 2.8.2 * Backport of security fixes for admin.php?page= bugs (CVE-2009-2334) Backport of security fixes for admin.php?page= bugs (CVE-2009-2334) Backport of security fixes for admin.php?page= bugs (CVE-2009-2334) http://www.linuxsecurity.com/content/view/149766 * Fedora 11 Update: wordpress-mu-2.8.4a-1.fc11 (Aug 15) ----------------------------------------------------- Update spans MU-versions for the following security releases from upstream: http://wordpress.org/development/2009/08/2-8-4-security-release/ http://wordpress.org/development/2009/08/wordpress-2-8-3-security-rel ease/ * Backport of XSS fixes from WordPress 2.8.2 * Backport of security fixes for admin.php?page= bugs (CVE-2009-2334) Backport of security fixes for admin.php?page= bugs (CVE-2009-2334) Backport of security fixes for admin.php?page= bugs (CVE-2009-2334) http://www.linuxsecurity.com/content/view/149764 ------------------------------------------------------------------------ * Gentoo: ISC DHCP dhcpd Denial of Service (Aug 18) ------------------------------------------------- =3D=3D=3D=3D=3D=3D=3D=3D dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service. http://www.linuxsecurity.com/content/view/149794 * Gentoo: DokuWiki Local file inclusion (Aug 18) ---------------------------------------------- =3D=3D=3D=3D=3D=3D=3D=3D An input sanitation error in DokuWiki might lead to the dislosure of local files or even the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/149795 * Gentoo: Dillo User-assisted execution of arbitrary code (Aug 18) ---------------------------------------------------------------- =3D=3D=3D=3D=3D=3D=3D=3D An integer overflow in the PNG handling of Dillo might result in the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/149796 * Gentoo: Subversion Remote execution of arbitrary code (Aug 18) -------------------------------------------------------------- =3D=3D=3D=3D=3D=3D=3D=3D Multiple integer overflows, leading to heap-based buffer overflows in the Subversion client and server might allow remote attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/149791 * Gentoo: CDF User-assisted execution of arbitrary code (Aug 18) -------------------------------------------------------------- =3D=3D=3D=3D=3D=3D=3D=3D Multiple heap-based buffer overflows in CDF might result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/149792 * Gentoo: Perl Compress:Raw modules: Denial of Service (Aug 18) ------------------------------------------------------------- =3D=3D=3D=3D=3D=3D=3D=3D An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service. http://www.linuxsecurity.com/content/view/149793 ------------------------------------------------------------------------ * Mandriva: Subject: [Security Announce] [ MDVA-2009:153 ] kde4-style-iaora (Aug 20) ---------------------------------------------------------------------------------- Iaora window decoration style has a bug when using compiz, it is noted when a window is maximised, the decoration goes off. You need to restore (unmaximize) to have the decorations back. This update fixes this problem. http://www.linuxsecurity.com/content/view/149816 * Mandriva: Subject: [Security Announce] [ MDVA-2009:152 ] iptables (Aug 20) -------------------------------------------------------------------------- This is a version update of iptables 1.4.1.1 to 1.4.2 and is provided to support all new features of the 2.6.27 kernel. http://www.linuxsecurity.com/content/view/149813 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:207 ] perl-Compress-Raw-Bzip2 (Aug 19) ------------------------------------------------------------------------------------------ A vulnerability has been found and corrected in perl-Compress-Raw-Bzip: Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391 (CVE-2009-1884). This update provides a solution to this vulnerability. http://www.linuxsecurity.com/content/view/149809 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:206 ] wget (Aug 18) ----------------------------------------------------------------------- A vulnerability has been found and corrected in wget: SUSE discovered a security issue in wget related to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 This update provides a solution to this vulnerability. http://www.linuxsecurity.com/content/view/149797 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:205 ] kernel (Aug 17) ------------------------------------------------------------------------- A vulnerability was discovered and corrected in the Linux 2.6 kernel: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation on a PF_PPPOX socket. (CVE-2009-2692) To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate http://www.linuxsecurity.com/content/view/149784 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:204 ] wxgtk (Aug 16) ------------------------------------------------------------------------ A vulnerability has been found and corrected in wxgtk: Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information (CVE-2009-2369). This update provides a solution to this vulnerability. http://www.linuxsecurity.com/content/view/149776 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:203 ] curl (Aug 15) ----------------------------------------------------------------------- A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. http://www.linuxsecurity.com/content/view/149771 * Mandriva: Subject: [Security Announce] [ MDVSA-2009:202 ] memcached (Aug 14) ---------------------------------------------------------------------------- A vulnerability has been found and corrected in memcached: Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows (CVE-2009-2415). This update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well. http://www.linuxsecurity.com/content/view/149761 * Mandriva: Subject: [Security Announce] [ MDVA-2009:151 ] samba (Aug 14) ----------------------------------------------------------------------- This is the last upstream maintenance release of the Samba 3.2 series. Major enhancements in 3.2.14 include: o Fix SAMR access checks (e.g. bugs #6089 and #6112). o Fix 'force user' (bug #6291). o Improve Win7 support (bug #6099). o Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). http://www.linuxsecurity.com/content/view/149759 ------------------------------------------------------------------------ * RedHat: Critical: pidgin security update (Aug 18) ------------------------------------------------- Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149789 * RedHat: Important: libvorbis security update (Aug 18) ----------------------------------------------------- Updated libvorbis packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149790 * RedHat: Moderate: curl security update (Aug 13) ----------------------------------------------- Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149749 * RedHat: Important: kernel security and bug fix update (Aug 13) -------------------------------------------------------------- Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/149750 ------------------------------------------------------------------------ * Slackware: kernel [updated] (Aug 19) -------------------------------------- This is a followup to the SSA:2009-230-01 advisory noting some errata. The generic SMP kernel update for Slackware 12.2 was built using the .config for a huge kernel, not a generic one. The kernel previously published as kernel-generic-smp and in the gemsmp.s directory works and is secure, but is larger than it needs to be. It has been replaced in the Slackware 12.2 patches with a generic SMP kernel. A new svgalib_helper package (compiled for a 2.6.27.31 kernel) was added to the Slackware 12.2 /patches. An error was noticed in the SSA:2009-230-01 advisory concerning the packages for Slackware -current 32-bit. The http links given refer to packages with a -1 build version. The actual packages have a build number of -2. http://www.linuxsecurity.com/content/view/149811 * Slackware: pidgin (Aug 19) ---------------------------- New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694 http://www.linuxsecurity.com/content/view/149812 * Slackware: kernel (Aug 19) ---------------------------- New Linux kernel packages are available for Slackware 12.2 and -current to address a security issue. A kernel bug discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team could allow a local user to fill memory page zero with arbitrary code and then use the kernel sendpage operation to trigger a NULL pointer dereference, executing the code in the context of the kernel. If successfully exploited, this bug can be used to gain root access. At this time we have prepared fixed kernels for the stable version of Slackware (12.2), as well as for both 32-bit x86 and x86_64 -current versions. Additionally, we have added a package to the /patches directory for Slackware 12.1 and 12.2 that will set the minimum memory page that can be mmap()ed from userspace without additional privileges to 4096. The package will work with any kernel supporting the vm.mmap_min_addr tunable, and should significantly reduce the potential harm from this bug, as well as future similar bugs that might be found in the kernel. More updated kernels may follow. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://www.linuxsecurity.com/content/view/149798 * Slackware: curl (Aug 14) -------------------------- New curl packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. For more information, see: http://curl.haxx.se/docs/security.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 http://www.linuxsecurity.com/content/view/149763 ------------------------------------------------------------------------ * SuSE: Linux kernel (SUSE-SA:2009:045) (Aug 20) ---------------------------------------------- http://www.linuxsecurity.com/content/view/149815 * SuSE: subversion (SUSE-SA:2009:044) (Aug 14) -------------------------------------------- http://www.linuxsecurity.com/content/view/149757 ------------------------------------------------------------------------ * Ubuntu: Pidgin vulnerability (Aug 20) -------------------------------------- Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. http://www.linuxsecurity.com/content/view/149814 * Ubuntu: Apache regression (Aug 19) ----------------------------------- USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1890) It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption. (CVE-2009-1891) http://www.linuxsecurity.com/content/view/149807 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
