+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | June 18th, 2010 Volume 11, Number 25 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Only one Gentoo security advisory for unrealircd this week? Understand: Fork Bombing Attack ------------------------------- Thanks to Anand Jahagirdar for this feature!As the variety of attacks and threats grow, you need to be prepared. In this HOWTO, get a feeling for the Fork Bombing Attack, what it is, how it works, where it comes from, how to deal with it and more. http://www.linuxsecurity.com/content/view/129220 Review: Hacking: The Art of Exploitation, Second Edition -------------------------------------------------------- If you've ever wondered what a "buffer overflow" was, or how a "denial of service" attack works beyond just a basic understanding, then there is no better book that will help you to delve into the nitty-gritty than Hacking: The Art of Exploitation, Second Edition, by Jon Erickson. http://www.linuxsecurity.com/content/view/152556 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! ---------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: 2062-1: sudo: missing input sanitization (Jun 17) --------------------------------------------------------- Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to [More...] http://www.linuxsecurity.com/content/view/152627 * Debian: 2061-1: samba: memory corruption (Jun 16) ------------------------------------------------- Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to [More...] http://www.linuxsecurity.com/content/view/152625 * Debian: : bind9: DNS cache poisoning (Jun 15) --------------------------------------------- This update restores the PID file location for bind to the location before the last security update. For reference, here is the original advisory text that explains the security problems fixed: [More...] http://www.linuxsecurity.com/content/view/152613 * Debian: 2060-1: cacti: insufficient input sanitiza (Jun 13) ----------------------------------------------------------- Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to [More...] http://www.linuxsecurity.com/content/view/152591 * Debian: 2059-1: pcsc-lite: buffer overflow (Jun 10) --------------------------------------------------- It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root. [More...] http://www.linuxsecurity.com/content/view/152571 * Debian: 2058-1: glibc, eglibc: Multiple vulnerabilities (Jun 10) ---------------------------------------------------------------- Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: [More...] http://www.linuxsecurity.com/content/view/152566 ------------------------------------------------------------------------ * Gentoo: 201006-21: UnrealIRCd: Multiple vulnerabilities (Jun 14) ---------------------------------------------------------------- Multiple vulnerabilities in UnrealIRCd might allow remote attackers tocompromise the "unrealircd" account, or cause a Denial of Service. http://www.linuxsecurity.com/content/view/152599 ------------------------------------------------------------------------ * Mandriva: 2010:119: samba (Jun 17) ---------------------------------- A vulnerability has been discovered and corrected in samba: Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the [More...] http://www.linuxsecurity.com/content/view/152636 * Mandriva: 2010:118: sudo (Jun 17) --------------------------------- A vulnerability has been discovered and corrected in sudo: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users [More...] http://www.linuxsecurity.com/content/view/152628 * Mandriva: 2010:117: cacti (Jun 16) ---------------------------------- A vulnerability has been discovered and corrected in cacti: SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id [More...] http://www.linuxsecurity.com/content/view/152624 * Mandriva: 2010:116: perl (Jun 11) --------------------------------- Multiple vulnerabilities has been discovered and corrected in Path.pm and Safe.pm which could lead to escalated privilegies (CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, CVE-2010-1447). The updated packages have been patched to correct these issues. [More...] _____________________________________________________________________ http://www.linuxsecurity.com/content/view/152580 * Mandriva: 2010:115: perl (Jun 11) --------------------------------- Multiple vulnerabilities has been discovered and corrected in Safe.pm which could lead to escalated privilegies (CVE-2010-1168, CVE-2010-1447). The updated packages have been patched to correct these issues. [More...] _____________________________________________________________________ http://www.linuxsecurity.com/content/view/152579 * Mandriva: 2010:114: dhcp (Jun 11) --------------------------------- A vulnerability has been found and corrected in dhcp: ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID (CVE-2010-2156). [More...] http://www.linuxsecurity.com/content/view/152572 * Mandriva: 2010:113: wireshark (Jun 10) -------------------------------------- This advisory updates wireshark to the latest version(s), fixing several security issues: * The SMB dissector could dereference a NULL pointer. (Bug 4734) * J. Oquendo discovered that the ASN.1 BER dissector could overrun [More...] http://www.linuxsecurity.com/content/view/152570 ------------------------------------------------------------------------ * Red Hat: 2010:0488-01: samba and samba3x: Critical Advisory (Jun 16) -------------------------------------------------------------------- Updated samba and samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.3, and 5.4 Extended Update Support. [More...] http://www.linuxsecurity.com/content/view/152626 * Red Hat: 2010:0475-01: sudo: Moderate Advisory (Jun 15) ------------------------------------------------------- An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/152615 * Red Hat: 2010:0474-01: kernel: Important Advisory (Jun 15) ---------------------------------------------------------- Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/152614 * Red Hat: 2010:0470-01: flash-plugin: Critical Advisory (Jun 14) --------------------------------------------------------------- An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3 and 4 Extras. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/152600 * Red Hat: 2010:0464-01: flash-plugin: Critical Advisory (Jun 11) --------------------------------------------------------------- An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/152578 ------------------------------------------------------------------------ * SuSE: Weekly Summary 2010:013 (Jun 14) -------------------------------------- To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. List of vulnerabilities in this summary include: apache2-mod_php5/php5, bytefx-data-mysql/mono, flash-player, fuse, java-1_4_2-ibm, krb5, libcmpiutil/libvirt, libmozhelper-1_0-0/mozilla-xulrunner190, libopenssl-devel, libpng12-0, libpython2_6-1_0, libtheora, memcached, ncpfs, pango, puppet, python, seamonkey, te_ams, texlive. http://www.linuxsecurity.com/content/view/152592 * SuSE: 2010-024: flash player (Jun 11) ------------------------------------- Adobe Flash Player was updated to fix multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The Flash Plugin was upgraded to version 10.1.53.64. The following CVE numbers have been assigned: [More...] http://www.linuxsecurity.com/content/view/152573 ------------------------------------------------------------------------ * Ubuntu: 951-1: Samba vulnerability (Jun 16) ------------------------------------------- Jun Mao discovered that Samba did not correctly validate SMB1 packetcontents. An unauthenticated remote attacker could send specially craftednetwork traffic that could execute arbitrary code as the root user. [More...] http://www.linuxsecurity.com/content/view/152623 ------------------------------------------------------------------------ * Pardus: 2010-81: Tiff: Integer Overflow (Jun 15) ------------------------------------------------ Multiple integer overflows have been fixed in tiff which can be used by malicious people to execute arbitrary code. http://www.linuxsecurity.com/content/view/152602 * Pardus: 2010-79: Mono: Cross Site Scripting (Jun 15) ---------------------------------------------------- A default configuration of ASP.NET in Mono which allows Cross Site Scripting (XSS) attacks have been fixed. http://www.linuxsecurity.com/content/view/152603 * Pardus: 2010-80: Sudo: Privilege Escalation (Jun 15) ---------------------------------------------------- A vulnerability has been fixed in sudo which can be exploited to allow local users to gain privileges. http://www.linuxsecurity.com/content/view/152604 * Pardus: 2010-78: Samba: Denial of Service (Jun 15) -------------------------------------------------- A vulnerability has been fixed within in the Samba Smbd daemon which allows an attacker to trigger an uninitialized variable read by sending a specific 'Sessions Setup AndX' query. Successful exploitation of the issue will result in a denial of service. http://www.linuxsecurity.com/content/view/152605 * Pardus: 2010-76: Python: Multiple Vulnerabilities (Jun 15) ---------------------------------------------------------- Multiple incorrect buffer overflow checks which can be used to cause denial of service in audioop module have been fixed. http://www.linuxsecurity.com/content/view/152606 * Pardus: 2010-77: OpenSSL: Invalid ASN1 Module (Jun 15) ------------------------------------------------------ An error when handling CMS (Cryptographic Message Syntax) structures which can be exploited to potentially execute arbitrary code have been fixed http://www.linuxsecurity.com/content/view/152607 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
