+----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 8th, 2011 Volume 12, Number 15 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the Linux Advisory Watch Security Newsletter. The purpose of this document is to provide our readers with a quick summary of each week's vendor security bulletins and pointers on methods to improve the security posture of your open source system. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available. Book Review: Linux Kernel Programming ------------------------------------- As Linux is implemented on increasingly wider number of devices, the number of people responsible for developing and maintaining Linux on those platforms have increased. As the level of maturity of the kernel increases, so does the complexity, capabilities, and size. This book provides the Linux programmer the tools necessary to understand the core aspects of the kernel and how to interface with it. http://www.linuxsecurity.com/content/view/154775 ------------------------------------------------------------------------ * Debian: 2214-1: ikiwiki: missing input validation (Apr 8) --------------------------------------------------------- Tango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate [More...] http://www.linuxsecurity.com/content/view/154834 * Debian: 2213-1: x11-xserver-utils: missing input sanitization (Apr 8) --------------------------------------------------------------------- Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames. This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or [More...] http://www.linuxsecurity.com/content/view/154833 * Debian: 2212-1: tmux: privilege escalation (Apr 7) -------------------------------------------------- Daniel Danner discovered that tmux, a terminal multiplexer, is not properly dropping group privileges. Due to a patch introduced by Debian, when invoked with the -S option, tmux is not dropping permissions obtained through its setgid installation. [More...] http://www.linuxsecurity.com/content/view/154815 * Debian: 2211-1: vlc: missing input sanitising (Apr 6) ----------------------------------------------------- Ricardo Narvaja discovered that missing input sanitising in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file. [More...] http://www.linuxsecurity.com/content/view/154804 * Debian: 2210-1: tiff: Multiple vulnerabilities (Apr 3) ------------------------------------------------------ Several vulnearbilities were discovered in the TIFF manipulation and conversion library: CVE-2011-0191 [More...] http://www.linuxsecurity.com/content/view/154772 * Debian: 2209-1: tgt: double free (Apr 2) ---------------------------------------- Emmanuel Bouillon discovered a double free in tgt, the Linux SCSI target user-space tools, which could lead to denial of service. The oldstable distribution (lenny) doesn't include tgt. [More...] http://www.linuxsecurity.com/content/view/154771 * Debian: 2208-2: bind9: denial of service (Mar 31) ------------------------------------------------- The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when [More...] http://www.linuxsecurity.com/content/view/154752 ------------------------------------------------------------------------ * Mandriva: 2011:072: gwenhywfar (Apr 8) -------------------------------------- It was discovered that gwenhywfar was using an old private copy of the ca-bundle.crt file containing the root CA certs, this has now been resolved so that it uses the system wide and up to date /etc/pki/tls/certs/ca-bundle.crt file last updated with the MDVSA-2011:068 advisory. [More...] http://www.linuxsecurity.com/content/view/154828 * Mandriva: 2011:071: kdelibs4 (Apr 8) ------------------------------------ A vulnerability has been found and corrected in kdelibs4: kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle [More...] http://www.linuxsecurity.com/content/view/154826 * Mandriva: 2011:070: gdm (Apr 8) ------------------------------- A vulnerability has been found and corrected in gdm: GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/ (CVE-2011-0727). [More...] http://www.linuxsecurity.com/content/view/154825 * Mandriva: 2011:069: php (Apr 8) ------------------------------- It was discovered that the /etc/cron.d/php cron job for php-session allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php (CVE-2011-0441). Packages for 2009.0 are provided as of the Extended Maintenance [More...] http://www.linuxsecurity.com/content/view/154824 * Mandriva: 2011:068: firefox (Apr 7) ----------------------------------- Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate [More...] http://www.linuxsecurity.com/content/view/154814 * Mandriva: 2011:067: subversion (Apr 6) -------------------------------------- A vulnerability was discovered and corrected in subversion: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a [More...] http://www.linuxsecurity.com/content/view/154796 * Mandriva: 2011:066: rsync (Apr 5) --------------------------------- A vulnerability wase discovered and corrected in rsync: rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly [More...] http://www.linuxsecurity.com/content/view/154791 * Mandriva: 2011:065: logrotate (Apr 5) ------------------------------------- Multiple vulnerabilities were discovered and corrected in logrotate: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place [More...] http://www.linuxsecurity.com/content/view/154790 * Mandriva: 2011:064: libtiff (Apr 4) ----------------------------------- Multiple vulnerabilities were discovered and corrected in libtiff: Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding (CVE-2011-0191). [More...] http://www.linuxsecurity.com/content/view/154777 * Mandriva: 2011:063: xmlsec1 (Apr 4) ----------------------------------- A vulnerability was discovered and corrected in xmlsec1: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors [More...] http://www.linuxsecurity.com/content/view/154773 * Mandriva: 2011:062: ffmpeg (Apr 1) ---------------------------------- Multiple vulnerabilities has been identified and fixed in ffmpeg: FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636) [More...] http://www.linuxsecurity.com/content/view/154770 * Mandriva: 2011:061: ffmpeg (Apr 1) ---------------------------------- Multiple vulnerabilities has been identified and fixed in ffmpeg: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted [More...] http://www.linuxsecurity.com/content/view/154769 * Mandriva: 2011:060: ffmpeg (Apr 1) ---------------------------------- Multiple vulnerabilities has been identified and fixed in ffmpeg: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted [More...] http://www.linuxsecurity.com/content/view/154767 * Mandriva: 2011:059: ffmpeg (Apr 1) ---------------------------------- Multiple vulnerabilities has been identified and fixed in ffmpeg: Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c [More...] http://www.linuxsecurity.com/content/view/154766 * Mandriva: 2011:058: quagga (Apr 1) ---------------------------------- Multiple vulnerabilities has been identified and fixed in quagga: The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute [More...] http://www.linuxsecurity.com/content/view/154761 * Mandriva: 2011:057: apache (Mar 31) ----------------------------------- The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module (apache-mpm-itk) for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk [More...] http://www.linuxsecurity.com/content/view/154758 ------------------------------------------------------------------------ * Red Hat: 2011:0428-01: dhcp: Important Advisory (Apr 8) ------------------------------------------------------- Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154829 * Red Hat: 2011:0421-01: kernel: Important Advisory (Apr 7) --------------------------------------------------------- Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154819 * Red Hat: 2011:0427-01: spice-xpi: Moderate Advisory (Apr 7) ----------------------------------------------------------- An updated spice-xpi package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154817 * Red Hat: 2011:0426-01: spice-xpi: Moderate Advisory (Apr 7) ----------------------------------------------------------- An updated spice-xpi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154816 * Red Hat: 2011:0423-01: postfix: Moderate Advisory (Apr 6) --------------------------------------------------------- Updated postfix packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154805 * Red Hat: 2011:0422-01: postfix: Moderate Advisory (Apr 6) --------------------------------------------------------- Updated postfix packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154806 * Red Hat: 2011:0414-01: policycoreutils: Important Advisory (Apr 4) ------------------------------------------------------------------ Updated policycoreutils packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154784 * Red Hat: 2011:0413-01: glibc: Important Advisory (Apr 4) -------------------------------------------------------- Updated glibc packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154783 * Red Hat: 2011:0412-01: glibc: Important Advisory (Apr 4) -------------------------------------------------------- Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...] http://www.linuxsecurity.com/content/view/154782 * Red Hat: 2011:0407-01: logrotate: Moderate Advisory (Mar 31) ------------------------------------------------------------ An updated logrotate package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154757 * Red Hat: 2011:0406-01: quagga: Moderate Advisory (Mar 31) --------------------------------------------------------- Updated quagga packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...] http://www.linuxsecurity.com/content/view/154756 ------------------------------------------------------------------------ * Slackware: 2011-097-01: dhcp: Security Update (Apr 7) ----------------------------------------------------- New dhcp packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. [More Info...] http://www.linuxsecurity.com/content/view/154807 * Slackware: 2011-095-01: proftpd: Security Update (Apr 5) -------------------------------------------------------- New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. [More Info...] http://www.linuxsecurity.com/content/view/154785 ------------------------------------------------------------------------ * SuSE: Weekly Summary 2011:006 (Apr 5) ------------------------------------- To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. List of vulnerabilities in this summary include: apache2-mod_php5/php5, cobbler, evince, gdm, kdelibs4, otrs, quagga. http://www.linuxsecurity.com/content/view/154786 * SuSE: Weekly Summary 2011:005 (Apr 1) ------------------------------------- To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. http://www.linuxsecurity.com/content/view/154762 ------------------------------------------------------------------------ * Ubuntu: 1107-1: x11-xserver-utils vulnerability (Apr 6) ------------------------------------------------------- Sebastian Krahmer discovered that the xrdb utility incorrectly filteredcrafted hostnames. An attacker could use this flaw with a maliciousDHCP server or with a remote xdmcp login and execute arbitrary code,resulting in root privilege escalation. [More...] http://www.linuxsecurity.com/content/view/154803 * Ubuntu: 1106-1: NSS vulnerabilities (Apr 6) ------------------------------------------- It was discovered that several invalid HTTPS certificates were issued andrevoked. An attacker could exploit these to perform a man in the middleattack to view sensitive information or alter encrypted communications.These certificates were marked as explicitly not trusted to prevent theirmisuse. [More...] http://www.linuxsecurity.com/content/view/154802 * Ubuntu: 1105-1: Linux kernel vulnerabilities (Apr 5) ---------------------------------------------------- Dan Rosenberg discovered that multiple terminal ioctls did not correctlyinitialize structure memory. A local attacker could exploit this to readportions of kernel stack memory, leading to a loss of privacy.(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077) [More...] http://www.linuxsecurity.com/content/view/154795 * Ubuntu: 1104-1: FFmpeg vulnerabilities (Apr 4) ---------------------------------------------- Cesar Bernardini and Felipe Andres Manzano discovered that FFmpegincorrectly handled certain malformed flic files. If a user were trickedinto opening a crafted flic file, an attacker could cause a denial ofservice via application crash, or possibly execute arbitrary code with theprivileges of the user invoking the program. This issue only affected [More...] http://www.linuxsecurity.com/content/view/154778 * Ubuntu: 1103-1: tex-common vulnerability (Apr 4) ------------------------------------------------ Mathias Svensson discovered that the tex-common package contains aninsecure shell_escape_commands configuration item. If a user or automatedsystem were tricked into opening a specially crafted TeX file, a remoteattacker could execute arbitrary code with user privileges. [More...] http://www.linuxsecurity.com/content/view/154779 * Ubuntu: 1102-1: tiff vulnerability (Apr 4) ------------------------------------------ Martin Barbella discovered that the thunder (aka ThunderScan) decoder inthe TIFF library incorrectly handled an unexpected BitsPerSample value. Ifa user or automated system were tricked into opening a specially craftedTIFF image, a remote attacker could execute arbitrary code with userprivileges, or crash the application, leading to a denial of service. [More...] http://www.linuxsecurity.com/content/view/154780 * Ubuntu: 1101-1: Qt vulnerabilities (Apr 1) ------------------------------------------ It was discovered that several invalid HTTPS certificates were issued andrevoked. An attacker could exploit these to perform a man in the middleattack to view sensitive information or alter encrypted communications.These were placed on the certificate blacklist to prevent their misuse. [More...] http://www.linuxsecurity.com/content/view/154768 * Ubuntu: 1100-1: OpenLDAP vulnerabilities (Mar 31) ------------------------------------------------- It was discovered that OpenLDAP did not properly check forwardedauthentication failures when using a slave server and chain overlay. IfOpenLDAP were configured in this manner, an attacker could bypassauthentication checks by sending an invalid password to a slave server.(CVE-2011-1024) [More...] http://www.linuxsecurity.com/content/view/154754 ------------------------------------------------------------------------ * Pardus: 2011-66: Subversion: Denial of Service (Apr 8) ------------------------------------------------------ A vulnerabillity has been fixed in Subversion, which allows remote attackers to cause a denial of service. http://www.linuxsecurity.com/content/view/154823 * Pardus: 2011-65: Bind: Denial of Service (Apr 8) ------------------------------------------------ A vulnerability has been fixed in bind, which allows remote attackers to cause a denial of service. http://www.linuxsecurity.com/content/view/154822 * Pardus: 2011-64: Libcgroup: Multible Vulnerability (Apr 8) ---------------------------------------------------------- Multiple vulnerabilities have been fixed in libcgroup which can be used by malicious people to execute code or lead to privilege escalation. http://www.linuxsecurity.com/content/view/154821 * Pardus: 2011-63: Php: Multiple Vulnerabilities (Apr 8) ------------------------------------------------------ Multible vulnerabilities have been fixed in php, which allow attackers to cause a denial of service, obtain sensitive information or possibly execute arbitrary code. http://www.linuxsecurity.com/content/view/154820 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------
