+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 23rd, 2010 Volume 11, Number 17 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. SSH: Best Practices ------------------- If you're reading LinuxSecurity.com then it's a safe bet that you are already using SSH, but are you using it in the best way possible? Have you configured it to be as limited and secure as possible?<BR/>Read on for my best practices for using Secure Shell. http://www.linuxsecurity.com/content/view/133312 Review: Linux Firewalls ----------------------- Security is at the forefront of everyone's mind and a firewall can be an integral part of your Linux defense. But is Michael's Rash's "Linux Firewalls," the newest release from NoStarchPress, up for the challenge? Eckie S. here at Linuxsecurity.com gives you the low-down on this newest addition to the Linux security resource library and how it's one of the best ways to crack down on attacks to your Linux network. http://www.linuxsecurity.com/content/view/130392 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! ---------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: 2038-1: pidgin: Multiple vulnerabilities (Apr 18) --------------------------------------------------------- Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/152175 * Debian: 2037-1: kdm (kdebase): race condition (Apr 17) ------------------------------------------------------ Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root. [More...] http://www.linuxsecurity.com/content/view/152174 * Debian: 2036-1: jasper: programming error (Apr 17) -------------------------------------------------- It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. [More...] http://www.linuxsecurity.com/content/view/152173 * Debian: 2035-1: apache2: multiple issues (Apr 17) ------------------------------------------------- Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 [More...] http://www.linuxsecurity.com/content/view/152172 * Debian: 2034-1: phpmyadmin: Multiple vulnerabilities (Apr 17) ------------------------------------------------------------- Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/152166 * Debian: 2033-1: ejabberd: heap overflow (Apr 15) ------------------------------------------------ It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s (client2server) messages; that triggers an overload of the [More...] http://www.linuxsecurity.com/content/view/152149 ------------------------------------------------------------------------ * Mandriva: 2010:070-1: firefox (Apr 20) -------------------------------------- Security issues were identified and fixed in firefox: Security researcher regenrecht reported (via TippingPoint's Zero Day Initiative) a potential reuse of a deleted image frame in Firefox 3.6's handling of multipart/x-mixed-replace images. Although no exploit was [More...] http://www.linuxsecurity.com/content/view/152204 * Mandriva: 2010:083: emacs (Apr 20) ---------------------------------- A vulnerability has been found and corrected in emacs: lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks (CVE-2010-0825). [More...] http://www.linuxsecurity.com/content/view/152196 * Mandriva: 2010:076-1: openssl (Apr 19) -------------------------------------- This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection (CVE-2010-0740) - OpenSSL before 0.9.8m does not check for a NULL return value [More...] http://www.linuxsecurity.com/content/view/152184 * Mandriva: 2010:076-1: openssl (Apr 19) -------------------------------------- This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection (CVE-2010-0740) - OpenSSL before 0.9.8m does not check for a NULL return value [More...] http://www.linuxsecurity.com/content/view/152183 * Mandriva: 2010:082: clamav (Apr 18) ----------------------------------- Multiple vulnerabilities has been found and corrected in clamav: ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities [More...] http://www.linuxsecurity.com/content/view/152177 * Mandriva: 2010:081: apache-mod_auth_shadow (Apr 18) --------------------------------------------------- A vulnerability has been found and corrected in apache-mod_auth_shadow: A race condition was found in the way mod_auth_shadow used an external helper binary to validate user credentials (username / password pairs). A remote attacker could use this flaw to bypass intended [More...] http://www.linuxsecurity.com/content/view/152176 * Mandriva: 2010:080: brltty (Apr 17) ----------------------------------- A vulnerability has been found and corrected in brltty: Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting (CVE-2008-3279). [More...] http://www.linuxsecurity.com/content/view/152171 * Mandriva: 2010:079: irssi (Apr 17) ---------------------------------- Multiple vulnerabilities has been found and corrected in irssi: Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, [More...] http://www.linuxsecurity.com/content/view/152170 * Mandriva: 2010:076: openssl (Apr 17) ------------------------------------ This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection (CVE-2010-0740) - OpenSSL before 0.9.8m does not check for a NULL return value [More...] http://www.linuxsecurity.com/content/view/152169 * Mandriva: 2010:078: sudo (Apr 17) --------------------------------- A vulnerability has been found and corrected in sudo: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH [More...] http://www.linuxsecurity.com/content/view/152168 * Mandriva: 2010:077: nss_db (Apr 17) ----------------------------------- A vulnerability has been found and corrected in nss_db: The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information [More...] http://www.linuxsecurity.com/content/view/152167 * Mandriva: 2010:075: openoffice.org (Apr 15) ------------------------------------------- This updates provides a security update to the OpenOffice.org described as follow: OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain [More...] http://www.linuxsecurity.com/content/view/152152 * Mandriva: 2010:074: kdebase (Apr 15) ------------------------------------ A vulnerability has been found and corrected in kdm (kdebase/kdebase4-workspace): KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen [More...] http://www.linuxsecurity.com/content/view/152150 ------------------------------------------------------------------------ * Red Hat: 2010:0362-01: scsi-target-utils: Important Advisory (Apr 20) --------------------------------------------------------------------- An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/152202 * Red Hat: 2010:0361-01: sudo: Moderate Advisory (Apr 20) ------------------------------------------------------- An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/152201 * Red Hat: 2010:0360-01: wireshark: Moderate Advisory (Apr 20) ------------------------------------------------------------ Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/152200 * Red Hat: 2010:0356-02: java-1.6.0-sun: Critical Advisory (Apr 19) ----------------------------------------------------------------- Updated java-1.6.0-sun packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/152186 ------------------------------------------------------------------------ * Slackware: 2010-110-01: sudo: Security Update (Apr 20) ------------------------------------------------------ New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/152206 * Slackware: 2010-110-02: kdebase-workspace: Security Update (Apr 20) ------------------------------------------------------------------- New kdebase-workspace packages are available for Slackware 13.0 and -current to fix a security issue with KDM. [More Info...] http://www.linuxsecurity.com/content/view/152205 ------------------------------------------------------------------------ * SuSE: 2010-022: acroread (Apr 21) --------------------------------- Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code. http://www.linuxsecurity.com/content/view/152212 ------------------------------------------------------------------------ * Ubuntu: 929-2: irssi regression (Apr 20) ---------------------------------------- USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced aregression when using irssi with SSL and an IRC proxy. This update fixesthe problem. [More...] http://www.linuxsecurity.com/content/view/152203 * Ubuntu: 932-1: KDM vulnerability (Apr 19) ----------------------------------------- Sebastian Krahmer discovered a race condition in the KDE Display Manager(KDM). A local attacker could exploit this to change the permissions onarbitrary files, thus allowing privilege escalation. [More...] http://www.linuxsecurity.com/content/view/152185 * Ubuntu: 931-1: FFmpeg vulnerabilities (Apr 19) ---------------------------------------------- It was discovered that FFmpeg contained multiple security issues whenhandling certain multimedia files. If a user were tricked into opening acrafted multimedia file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program. [More...] http://www.linuxsecurity.com/content/view/152182 * Ubuntu: 929-1: irssi vulnerabilities (Apr 15) --------------------------------------------- It was discovered that irssi did not perform certificate host validationwhen using SSL connections. An attacker could exploit this to perform a manin the middle attack to view sensitive information or alter encryptedcommunications. (CVE-2010-1155) [More...] http://www.linuxsecurity.com/content/view/152153 * Ubuntu: 890-6: CMake vulnerabilities (Apr 15) --------------------------------------------- USN-890-1 fixed vulnerabilities in Expat. This update provides thecorresponding updates for CMake. [More...] http://www.linuxsecurity.com/content/view/152151 * Ubuntu: 928-1: Sudo vulnerability (Apr 15) ------------------------------------------ Valerio Costamagna discovered that sudo did not properly validate the pathfor the 'sudoedit' pseudo-command when the PATH contained only a dot ('.').If secure_path and ignore_dot were disabled, a local attacker could exploitthis to execute arbitrary code as root if sudo was configured to allow theattacker to use sudoedit. By default, secure_path is used and the sudoedit [More...] http://www.linuxsecurity.com/content/view/152148 ------------------------------------------------------------------------ * Pardus: 2010-55: ClamAV: Multiple Vulnerabilities (Apr 20) ---------------------------------------------------------- A weakness and a vulnerability have been fixed in ClamAV, which can be exploited by malicious people to bypass the scanning functionality or potentially compromise a vulnerable system. http://www.linuxsecurity.com/content/view/152193 * Pardus: 2010-51: Qemu: Denial of Service (Apr 20) ------------------------------------------------- A vulnerability has been fixed in Qemu, which could be exploited by attackers to cause a denial of service. http://www.linuxsecurity.com/content/view/152194 * Pardus: 2010-56: Libnids: Denial of Service (Apr 20) ---------------------------------------------------- A vulnerability has been reported in Libnids, which can be exploited by malicious people to cause a DoS (Denial of Service). http://www.linuxsecurity.com/content/view/152195 * Pardus: 2010-53: Mit-kerberos: Denial of Service (Apr 20) --------------------------------------------------------- A vulnerability has been fixed in mit-kerberos, which could be exploited by attackers to cause a denial of service. http://www.linuxsecurity.com/content/view/152189 * Pardus: 2010-52: Memcached: Denial of Service (Apr 20) ------------------------------------------------------ A vulnerability has been fixed in memcached, which could be exploited by attackers to cause a denial of service. http://www.linuxsecurity.com/content/view/152190 * Pardus: 2010-50: KDM: Privilege Escalation (Apr 20) --------------------------------------------------- A security issue has been fixed in KDE, which can be exploited by malicious, local users to gain escalated privileges. http://www.linuxsecurity.com/content/view/152191 * Pardus: 2010-54: Cups: Privilege Escalation (Apr 20) ---------------------------------------------------- A vulnerability has been fixed in Cups, which can be exploited by malicious people to bypass certain privileges. http://www.linuxsecurity.com/content/view/152192 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
