Linux Advisory Watch: February 19th, 2010

vuln-newsletter-admins@xxxxxxxxxxxxxxxxx · Sat, 20 Feb 2010 04:07:33 -0500 (EST)

+----------------------------------------------------------------------+
| LinuxSecurity.com                               Linux Advisory Watch |
| February 19th, 2010                              Volume 11, Number 8 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |
+----------------------------------------------------------------------+

Thank you for reading the Linux Advisory Watch Security Newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's vendor security bulletins and pointers on
methods to improve the security posture of your open source system.

Vulnerabilities affect nearly every vendor virtually every week, so be
sure to read through to find the updates your distributor have made
available.

Would you like a summary list just for your vendor, or another
configuration? Let us know! contribute@xxxxxxxxxxxxxxxxx

Measuring Security IT Success
-----------------------------
In a time where budgets are constrained and Internet threats are on the
rise, it is important for organizations to invest in network security
applications that will not only provide them with powerful
functionality but also a rapid return on investment.

http://www.linuxsecurity.com/content/view/118817

Buffer Overflow Basics
----------------------
A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold.
Since buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or
overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.22 Now Available!
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.22 (Version 3.0, Release 22).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  http://www.linuxsecurity.com/content/view/145668

------------------------------------------------------------------------

* Debian: polipo denial of service (Feb 19)
  -----------------------------------------
  Several denial of service vulnerabilities have been discovered in
  polipo, a small, caching web proxy. The Common Vulnerabilities and
  Exposures project identifies the following problems:

  http://www.linuxsecurity.com/content/view/151740

* Debian: php5 multiple vulnerabilities (Feb 19)
  ----------------------------------------------
  Several remote vulnerabilities have been discovered in PHP 5, an
  hypertext preprocessor. The Common Vulnerabilities and Exposures
  project identifies the following problems:

  http://www.linuxsecurity.com/content/view/151739

* Debian: ffmpeg several vulnerabilities (Feb 18)
  -----------------------------------------------
  Several vulnerabilities have been discovered in ffmpeg, a multimedia
  player, server and encoder, which also provides a range of multimedia
  libraries used in applications like MPlayer:

  http://www.linuxsecurity.com/content/view/151736

* Debian: xulrunner several vulnerabilities (Feb 18)
  --------------------------------------------------
  Several remote vulnerabilities have been discovered in Xulrunner, a
  runtime environment for XUL applications, such as the Iceweasel web
  browser. The Common Vulnerabilities and Exposures project identifies
  the following problems:

  http://www.linuxsecurity.com/content/view/151734

* Debian: kdelibs arbitrary code execution (Feb 17)
  -------------------------------------------------
  Maksymilian Arciemowicz discovered a buffer overflow in the internal
  string routines of the KDE core libraries, which could lead to the
  execution of arbitrary code.

  http://www.linuxsecurity.com/content/view/151715

* Debian: mysql-dfsg-5.0 several (Feb 14)
  ---------------------------------------
  Several vulnerabilities have been discovered in the MySQL database
  server. The Common Vulnerabilities and Exposures project identifies
  the following problems:

  http://www.linuxsecurity.com/content/view/151677

* Debian: Linux 2.6.26 several vulnerabilities (Feb 12)
  -----------------------------------------------------
  Several vulnerabilities have been discovered in the Linux kernel that
  may lead to a denial of service, sensitive memory leak or privilege
  escalation.  The Common Vulnerabilities and Exposures project
  identifies the following problems:

  http://www.linuxsecurity.com/content/view/151672

* Debian: openoffice.org several (Feb 12)
  ---------------------------------------
  Several vulnerabilities have been discovered in the OpenOffice.org
  office suite. The Common Vulnerabilities and Exposures project
  identifies the following problems:

  http://www.linuxsecurity.com/content/view/151669

* Debian: ajaxterm session hijacking (Feb 11)
  -------------------------------------------
  It was discovered that ajaxterm, a web-based terminal, generates weak
  and predictable session IDs, which might be used to hijack a session
  or cause a denial of service attack on a system that uses ajaxterm.

  http://www.linuxsecurity.com/content/view/151648

------------------------------------------------------------------------

* Mandriva: mysql (Feb 19)
  ------------------------
  A vulnerabilitiy has been found and corrected in mysql: MySQL is
  vulnerable to a symbolic link attack when the data home directory
  contains a symlink to a different filesystem which allows remote
  authenticated users to bypass intended access restrictions
  (CVE-2008-7247). The updated packages have been patched to correct
  these issues.

  http://www.linuxsecurity.com/content/view/151748

* Mandriva: blogtk (Feb 19)
  -------------------------
  The blogtk package in 2010.0 was crashing on start. This update fixes
  the problem by updating blogtk to the latest version. Additionally
  the python-gdata packages are being provided as well due to
  requirements.

  http://www.linuxsecurity.com/content/view/151747

* Mandriva: libtheora (Feb 19)
  ----------------------------
  A vulnerability have been discovered and corrected in libtheora:
  Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows
  remote attackers to cause a denial of service (application crash) or
  possibly execute arbitrary code via a video with large dimensions
  (CVE-2009-3389). The updated packages have been patched to correct
  this issue.

  http://www.linuxsecurity.com/content/view/151746

* Mandriva: firefox (Feb 19)
  --------------------------
  Security issues were identified and fixed in firefox 3.0.x and 3.5.x:
  Mozilla developers identified and fixed several stability bugs in the
  browser engine used in Firefox and other Mozilla-based products. Some
  of these crashes showed evidence of memory corruption under certain

  http://www.linuxsecurity.com/content/view/151741

* Mandriva: xdg-utils (Feb 18)
  ----------------------------
  This update enables files to be properly attached when xdg-email is
  used with Thunderbird as the default mail client.

  http://www.linuxsecurity.com/content/view/151735

* Mandriva: dhcp (Feb 18)
  -----------------------
  The DHCP client ignores the interface-mtu option set by server. This
  update fixes the issue.

  http://www.linuxsecurity.com/content/view/151733

* Mandriva: kernel (Feb 18)
  -------------------------
  Some vulnerabilities were discovered and corrected in the Linux 2.6
  kernel: Array index error in the gdth_read_event function in
  drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows
  local users to cause a denial of service or possibly gain privileges

  http://www.linuxsecurity.com/content/view/151732

* Mandriva: mdkonline (Feb 18)
  ----------------------------
  The new mdkonline packages adds the extended maintenance support to
  mdkonline. Packages for 2008.0 are provided for Corporate Desktop
  2008.0 customers as well as for official 2008.0 updates.

  http://www.linuxsecurity.com/content/view/151731

* Mandriva: kernel (Feb 18)
  -------------------------
  Some vulnerabilities were discovered and corrected in the Linux 2.6
  kernel: Array index error in the gdth_read_event function in
  drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows
  local users to cause a denial of service or possibly gain privileges

  http://www.linuxsecurity.com/content/view/151728

* Mandriva: pidgin (Feb 18)
  -------------------------
  Multiple security vulnerabilities has been identified and fixed in
  pidgin: Certain malformed SLP messages can trigger a crash because
  the MSN protocol plugin fails to check that all pieces of the message
  are set correctly (CVE-2010-0277). In a user in a multi-user chat

  http://www.linuxsecurity.com/content/view/151727

* Mandriva: gnome-screensaver (Feb 17)
  ------------------------------------
  Multiple vulnerabilities has been discovered and corrected in
  gnome-screensaver: gnome-screensaver 2.28.0 does not resume adherence
  to its activation settings after an inhibiting application becomes
  unavailable on the session bus, which allows physically proximate

  http://www.linuxsecurity.com/content/view/151717

* Mandriva: netpbm (Feb 17)
  -------------------------
  A vulnerability have been discovered and corrected in netpbm:
  Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm
  before 10.47.07 allows context-dependent attackers to cause a denial

  http://www.linuxsecurity.com/content/view/151716

* Mandriva: maildrop (Feb 16)
  ---------------------------
  A vulnerability have been discovered and corrected in maildrop:
  main.C in maildrop 2.3.0 and earlier, when run by root with the -d
  option, uses the gid of root for execution of the .mailfilter file in

  http://www.linuxsecurity.com/content/view/151706

* Mandriva: mandriva-doc (Feb 16)
  -------------------------------
  Update documentation for MES 5.1 release: - KVM chapter added -
  Virt-manager chapter added - MMC-Wizard chapter recast - Samba
  backend warning added - MX configuration in Mandriva Directory Server
  added

  http://www.linuxsecurity.com/content/view/151705

* Mandriva: eject (Feb 16)
  ------------------------
  The eject package shipped in Mandriva Linux 2009.0, 2009.1, 2010.0
  contains a bug which will lead to a failure when ejecting a DVD which
  has space characters within its name. The updated package fixes this
  problem. Packages for 2008.0 are provided for Corporate Desktop
  2008.0 customers.

  http://www.linuxsecurity.com/content/view/151703

* Mandriva: blogtk (Feb 16)
  -------------------------
  The blogtk package in 2010.0 was crashing on start. This update fixes
  the problem by updating blogtk to the latest version. Additionally
  the python-gdata packages are being provided as well due to
  requirements.

  http://www.linuxsecurity.com/content/view/151699

* Mandriva: mandriva-release (Feb 16)
  -----------------------------------
  The new mandriva-release packages adds extended maintainance access
  support. Packages for 2008.0 are provided for Corporate Desktop
  2008.0 customers.

  http://www.linuxsecurity.com/content/view/151698

* Mandriva: drakconf (Feb 16)
  ---------------------------
  The new drakconf packages adds extended maintainance access support
  to drakconf. Packages for 2008.0 are provided for Corporate Desktop
  2008.0 customers as well as for official 2008.0 updates.

  http://www.linuxsecurity.com/content/view/151692

* Mandriva: mdkonline (Feb 16)
  ----------------------------
  The new mdkonline packages adds the extended maintenance support to
  mdkonline. Packages for 2008.0 are provided for Corporate Desktop
  2008.0 customers.

  http://www.linuxsecurity.com/content/view/151691

* Mandriva: drakxtools (Feb 16)
  -----------------------------
  Some bugs were found in drakxtools code dropping privileges to
  display help or other web pages. This updates make it more reliable
  on 2009.0 and 2009.1, and make it actually drop privileges on 2008.0.

  http://www.linuxsecurity.com/content/view/151690

* Mandriva: fetchmail (Feb 16)
  ----------------------------
  A vulnerability have been discovered and corrected in fetchmail: The
  sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13,
  when running in verbose mode on platforms for which char is signed,
  allows remote attackers to cause a denial of service (application

  http://www.linuxsecurity.com/content/view/151689

* Mandriva: drakxtools (Feb 16)
  -----------------------------
  Allow to use ddf1 raid and to manage unpartitionned dmraid. It also
  offers to install onto dmraid or existing lvm without using manual
  partitionning.

  http://www.linuxsecurity.com/content/view/151688

* Mandriva: mandriva-release (Feb 15)
  -----------------------------------
  Add the extended maintainance access support for 2008.0

  http://www.linuxsecurity.com/content/view/151687

* Mandriva: pptp-linux (Feb 15)
  -----------------------------
  The pptp-linux packages in Mandriva Linux 2009.0, MES5, 2009.1 and
  2010.0 try to call /bin/ip instead of /sbin/ip. The updated packages
  fix this issue.

  http://www.linuxsecurity.com/content/view/151684

* Mandriva: totem (Feb 15)
  ------------------------
  The youtube plugin in totem has stopped working. This was caused by
  changes on the youtube web site. This new version updates to those
  changes to make youtube playback in totem work again.

  http://www.linuxsecurity.com/content/view/151683

* Mandriva: drakxtools (Feb 15)
  -----------------------------
  Allow to use ddf1 raid and to manage unpartitionned dmraid. It also
  offers to install onto dmraid or existing lvm without using manual
  partitionning.

  http://www.linuxsecurity.com/content/view/151682

* Mandriva: xfig (Feb 15)
  -----------------------
  The predrawn figure library in xfig could not be accessed by non-root
  users because of incorrect permissions making the contents of
  /usr/lib/X11/xfig/Libraries readable only by root. This update
  corrects the problematic permissions.

  http://www.linuxsecurity.com/content/view/151681

* Mandriva: openoffice.org-voikko (Feb 14)
  ----------------------------------------
  The previous update of openoffice.org missed openoffice.org-voikko,
  causing upgrade problems for Finnish users. This update provides
  openoffice.org-voikko for openoffice.org 3.1.1.

  http://www.linuxsecurity.com/content/view/151678

* Mandriva: msec (Feb 12)
  -----------------------
  msec in Mandriva Linux 2009.1 and 2010.0 would not carry out the
  chkrootkit check correctly if the chkrootkit package was uninstalled
  after the test has been run at least once. This update fixes the
  issue.

  http://www.linuxsecurity.com/content/view/151671

* Mandriva: webmin (Feb 12)
  -------------------------
  This advisory updates webmin to the latest version 1.500, fixing
  several bugs and a cross-site scripting issue which allows remote
  attackers to inject arbitrary web script or HTML via unspecified
  vectors (CVE-2009-4568). Packages for 2008.0 are provided for
  Corporate Desktop 2008.0 customers.

  http://www.linuxsecurity.com/content/view/151670

* Mandriva: mandriva-release (Feb 12)
  -----------------------------------
  Update for mandriva-release for 5.1 release of Mandriva Enterprise
  Server 5.

  http://www.linuxsecurity.com/content/view/151658

* Mandriva: nuface (Feb 11)
  -------------------------
  Update to new version. Fix many bugs and add functionalities for
  nuface interface.

  http://www.linuxsecurity.com/content/view/151650

* Mandriva: openoffice.org (Feb 11)
  ---------------------------------
  This updates provides a new OpenOffice.org version 3.1.1. It holds
  security and bug fixes described as follow: An integer underflow
  might allow remote attackers to execute arbitrary code via crafted
  records in the document table of a Word document, leading to a
  heap-based buffer overflow (CVE-2009-0200). A heap-based buffer

  http://www.linuxsecurity.com/content/view/151647

* Mandriva: samba (Feb 11)
  ------------------------
  This is a maintenance update of samba in order to support Windows 7
  hosts integration in Samba domain. Additionally on 2009.0 and MES5
  samba has been upgraded from 3.2.15 to 3.3.10 which brings many
  upstream fixes besides those that mainly conserns Windows 7
  interoperabilities.

  http://www.linuxsecurity.com/content/view/151646

------------------------------------------------------------------------

* RedHat: acroread security and bug fix update (Feb 18)
  -----------------------------------------------------
  Updated acroread packages that fix two security issues and a bug are
  now available for Red Hat Enterprise Linux 4 Extras and Red Hat
  Enterprise Linux 5 Supplementary. This update has been rated as
  having critical security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/151729

* RedHat: pidgin (Feb 18)
  -----------------------
  Updated pidgin packages that fix three security issues are now
  available for Red Hat Enterprise Linux 4 and 5. This update has been
  rated as having moderate security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/151730

* RedHat: firefox (Feb 17)
  ------------------------
  Updated firefox packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4 and 5. This update has been
  rated as having critical security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/151720

* RedHat: seamonkey (Feb 17)
  --------------------------
  Updated seamonkey packages that fix several security issues are now
  available for Red Hat Enterprise Linux 3 and 4. This update has been
  rated as having critical security impact by the Red Hat Security
  Response Team.

  http://www.linuxsecurity.com/content/view/151721

* RedHat: mysql (Feb 16)
  ----------------------
  Updated mysql packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4. This update has been rated
  as having moderate security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/151704

* RedHat: mysql (Feb 16)
  ----------------------
  Updated mysql packages that fix multiple security issues are now
  available for Red Hat Enterprise Linux 5. This update has been rated
  as having moderate security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/151702

* RedHat: kernel (Feb 16)
  -----------------------
  Updated kernel packages that fix multiple security issues are now
  available for Red Hat Enterprise Linux 4.7 Extended Update Support.
  This update has been rated as having important security impact by the
  Red Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/151701

* RedHat: NetworkManager (Feb 16)
  -------------------------------
  Updated NetworkManager packages that fix two security issues are now
  available for Red Hat Enterprise Linux 5. This update has been rated
  as having moderate security impact by the Red Hat Security Response
  Team.

  http://www.linuxsecurity.com/content/view/151700

* RedHat: flash-plugin (Feb 12)
  -----------------------------
  An updated Adobe Flash Player package that fixes a security issue is
  now available for Red Hat Enterprise Linux 3 and 4 Extras. This
  update has been rated as having important security impact by the Red
  Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/151661

* RedHat: openoffice.org (Feb 12)
  -------------------------------
  Updated openoffice.org packages that correct multiple security issues
  are now available for Red Hat Enterprise Linux 3, 4, and 5. This
  update has been rated as having important security impact by the Red
  Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/151660

* RedHat: flash-plugin (Feb 12)
  -----------------------------
  An updated Adobe Flash Player package that fixes two security issues
  is now available for Red Hat Enterprise Linux 5 Supplementary. This
  update has been rated as having important security impact by the Red
  Hat Security Response Team.

  http://www.linuxsecurity.com/content/view/151659

------------------------------------------------------------------------

* SuSE: Linux kernel (Feb 18)
  ---------------------------
  http://www.linuxsecurity.com/content/view/151737

* SuSE: Linux kernel (Feb 15)
  ---------------------------
  http://www.linuxsecurity.com/content/view/151680

* SuSE: postfix (Feb 15)
  ----------------------
  http://www.linuxsecurity.com/content/view/151679

------------------------------------------------------------------------

* Ubuntu:  XML-RPC for C and C++ vulnerabilities (Feb 18)
  -------------------------------------------------------
  USN-890-1 fixed vulnerabilities in Expat. This update provides the
  corresponding updates for XML-RPC for C and C++. Original advisory
  details:  Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered
  that Expat did  not properly process malformed XML. If a user or

  http://www.linuxsecurity.com/content/view/151738

* Ubuntu:  Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities (Feb 17)
  -----------------------------------------------------------------
  Several flaws were discovered in the browser engine of Firefox. If a
  user were tricked into viewing a malicious website, a remote attacker
  could cause a denial of service or possibly execute arbitrary code
  with the privileges of the user invoking the program. (CVE-2010-0159)

  http://www.linuxsecurity.com/content/view/151718

* Ubuntu:  Firefox 3.0 and Xulrunner 1.9 vulnerabilities (Feb 17)
  ---------------------------------------------------------------
  Several flaws were discovered in the browser engine of Firefox. If a
  user were tricked into viewing a malicious website, a remote attacker
  could cause a denial of service or possibly execute arbitrary code
  with the privileges of the user invoking the program. (CVE-2010-0159)

  http://www.linuxsecurity.com/content/view/151719

* Ubuntu:  Squid vulnerabilities (Feb 16)
  ---------------------------------------
  It was discovered that Squid incorrectly handled certain auth
  headers. A remote attacker could exploit this with a
  specially-crafted auth header and cause Squid to go into an infinite
  loop, resulting in a denial of service. This issue only affected

  http://www.linuxsecurity.com/content/view/151694

* Ubuntu:  Ruby vulnerabilities (Feb 16)
  --------------------------------------
  Emmanouel Kellinis discovered that Ruby did not properly handle
  certain string operations. An attacker could exploit this issue and
  possibly execute arbitrary code with application privileges.
  (CVE-2009-4124) Giovanni Pellerano, Alessandro Tanasi, and Francesco

  http://www.linuxsecurity.com/content/view/151693

* Ubuntu:  Tomcat vulnerabilities (Feb 11)
  ----------------------------------------
  It was discovered that Tomcat did not correctly validate WAR
  filenames or paths when deploying. A remote attacker could send a
  specially crafted WAR file to be deployed and cause arbitrary files
  and directories to be created, overwritten, or deleted.

  http://www.linuxsecurity.com/content/view/151649

------------------------------------------------------------------------

* Pardus: Samba: Insecure wide links Default (Feb 14)
  ---------------------------------------------------
  Kingcope has discovered a weakness in Samba, which can be exploited
  by  malicious people to bypass certain security restrictions	and
  disclose  sensitive information.

  http://www.linuxsecurity.com/content/view/151674

* Pardus: Qemu: Multiple Vulnerabilities (Feb 14)
  -----------------------------------------------
  Multiple vulnerabilities have been fixed in Qemu, which can be
  exploited by malicious people to cause denial of service (application
  crash)  or  potentially compromise a vulnerable system.

  http://www.linuxsecurity.com/content/view/151675

* Pardus: Sun-Java: Insecure Directory (Feb 14)
  ---------------------------------------------
  A vulnerability has been fixed in Sun-java, which can be  exploited
  by  malicious people to  execute  arbitrary  code  via  changing  sun
  java  binaries.

  http://www.linuxsecurity.com/content/view/151676
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------