+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | June 25th, 2010 Volume 11, Number 26 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Understand: Fork Bombing Attack ------------------------------- As the variety of attacks and threats grow, you need to be prepared. In this HOWTO, get a feeling for the Fork Bombing Attack, what it is, how it works, where it comes from, how to deal with it and more. http://www.linuxsecurity.com/content/view/129220 Review: Hacking: The Art of Exploitation, Second Edition -------------------------------------------------------- If you've ever wondered what a "buffer overflow" was, or how a "denial of service" attack works beyond just a basic understanding, then there is no better book that will help you to delve into the nitty-gritty than Hacking: The Art of Exploitation, Second Edition, by Jon Erickson. http://www.linuxsecurity.com/content/view/152556 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.22 Now Available! ---------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668 ------------------------------------------------------------------------ * Debian: 2063-1: pmount: insecure temporary file (Jun 17) -------------------------------------------------------- Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. [More...] http://www.linuxsecurity.com/content/view/152637 * Debian: 2062-1: sudo: missing input sanitization (Jun 17) --------------------------------------------------------- Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to [More...] http://www.linuxsecurity.com/content/view/152627 ------------------------------------------------------------------------ * Mandriva: 2010:126: mozilla-thunderbird (Jun 24) ------------------------------------------------ Multiple vulnerabilities has been found and corrected in mozilla-thunderbird: Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory [More...] http://www.linuxsecurity.com/content/view/152683 * Mandriva: 2010:125: firefox (Jun 24) ------------------------------------ Security issues were identified and fixed in firefox: An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a web site, which makes it easier for remote [More...] http://www.linuxsecurity.com/content/view/152675 * Mandriva: 2010:124: pulseaudio (Jun 23) --------------------------------------- The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file (CVE-2009-1299). [More...] http://www.linuxsecurity.com/content/view/152674 * Mandriva: 2010:123: libneon0.27 (Jun 23) ---------------------------------------- This update fixes a reported buffer overflow found with ntlm authentication (MDV #59779). This advisory obsoletes MDVA-2010:172 [More...] _____________________________________________________________________ http://www.linuxsecurity.com/content/view/152669 * Mandriva: 2010:122: fastjar (Jun 22) ------------------------------------ A vulnerability has been discovered and corrected in fastjar: Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial [More...] http://www.linuxsecurity.com/content/view/152665 * Mandriva: 2010:121: pango (Jun 22) ---------------------------------- A vulnerability has been discovered and corrected in pango: Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application [More...] http://www.linuxsecurity.com/content/view/152664 * Mandriva: 2010:120: squirrelmail (Jun 21) ----------------------------------------- A vulnerability was reported in the SquirrelMail Mail Fetch plugin, wherein (when the plugin is activated by the administrator) a user is allowed to specify (without restriction) any port number for their external POP account settings. While the intention is to allow users to access POP3 servers using non-standard ports, this also allows [More...] http://www.linuxsecurity.com/content/view/152656 * Mandriva: 2010:119: samba (Jun 17) ---------------------------------- A vulnerability has been discovered and corrected in samba: Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the [More...] http://www.linuxsecurity.com/content/view/152636 * Mandriva: 2010:118: sudo (Jun 17) --------------------------------- A vulnerability has been discovered and corrected in sudo: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users [More...] http://www.linuxsecurity.com/content/view/152628 ------------------------------------------------------------------------ * Red Hat: 2010:0501-01: firefox: Critical Advisory (Jun 22) ---------------------------------------------------------- Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. [More...] http://www.linuxsecurity.com/content/view/152668 * Red Hat: 2010:0500-01: firefox: Critical Advisory (Jun 22) ---------------------------------------------------------- An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. [More...] http://www.linuxsecurity.com/content/view/152666 * Red Hat: 2010:0499-01: seamonkey: Critical Advisory (Jun 22) ------------------------------------------------------------ Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/152667 * Red Hat: 2010:0490-01: cups: Important Advisory (Jun 17) -------------------------------------------------------- Updated cups packages that fix three security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/152639 * Red Hat: 2010:0489-01: java-1.5.0-ibm: Critical Advisory (Jun 17) ----------------------------------------------------------------- Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...] http://www.linuxsecurity.com/content/view/152638 ------------------------------------------------------------------------ * Slackware: 2010-169-01: samba: Security Update (Jun 18) ------------------------------------------------------- New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and 13.0 to fix a security issue. [More Info...] http://www.linuxsecurity.com/content/view/152646 ------------------------------------------------------------------------ * Ubuntu: 954-1: tiff vulnerabilities (Jun 21) -------------------------------------------- Kevin Finisterre discovered that the TIFF library did not correctly handlecertain image structures. If a user or automated system were trickedinto opening a specially crafted TIFF image, a remote attacker couldexecute arbitrary code with user privileges, or crash the application,leading to a denial of service. (CVE-2010-1411) [More...] http://www.linuxsecurity.com/content/view/152659 * Ubuntu: 955-1: OPIE vulnerability (Jun 21) ------------------------------------------ Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectlyhandled long usernames. A remote attacker could exploit this with a craftedusername and make applications linked against libopie crash, leading to adenial of service. [More...] http://www.linuxsecurity.com/content/view/152657 * Ubuntu: 952-1: CUPS vulnerabilities (Jun 21) -------------------------------------------- Adrian Pastor and Tim Starling discovered that the CUPS web interfaceincorrectly protected against cross-site request forgery (CSRF) attacks. Ifan authenticated user were tricked into visiting a malicious website whilelogged into CUPS, a remote attacker could modify the CUPS configuration andpossibly steal confidential data. (CVE-2010-0540) [More...] http://www.linuxsecurity.com/content/view/152658 ------------------------------------------------------------------------ * Pardus: 2010-82: texlive-core: Integer Overflow (Jun 24) -------------------------------------------------------- An integer overflow has been fixed in texlive-core which can be used by malicious people to execute arbitrary code. http://www.linuxsecurity.com/content/view/152676 * Pardus: 2010-85: perl-libwww: Unexpected Download (Jun 24) ---------------------------------------------------------- A vulnerability has been fixed in perl-libwww which can allow malicious users to overwrite existing files (such as .bashrc) http://www.linuxsecurity.com/content/view/152677 * Pardus: 2010-86: ncompress: Integer Underflow (Jun 24) ------------------------------------------------------ An integer underflow vulnerability has been fixed which can be used by malicious people to cause denial of service. http://www.linuxsecurity.com/content/view/152678 * Pardus: 2010-87: dhcp: Denial of Service (Jun 24) ------------------------------------------------- A vulnerability has been fixed in dhcp which can be used by malicious people to cause denial of service http://www.linuxsecurity.com/content/view/152679 * Pardus: 2010-88: perl: Multiple Vulnerabilities (Jun 24) -------------------------------------------------------- Multiple vulnerabilities in Safe.pm module in perl have been fixed. http://www.linuxsecurity.com/content/view/152680 * Pardus: 2010-84: dvipng: Denial of Service (Jun 24) --------------------------------------------------- Multiple array index errors have been fixed which can allow malicious users to cause denial of service. http://www.linuxsecurity.com/content/view/152681 * Pardus: 2010-83: flashplugin: Multiple (Jun 24) ----------------------------------------------- Multiple vulnerabilities have been fixed in flashplugin. http://www.linuxsecurity.com/content/view/152682 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
