[ISN] Linux Advisory Wath - February 10th 2006

InfoSec News isn at c4i.org
Mon Feb 13 01:48:55 EST 2006


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  February 10th, 2006                           Volume 7, Number 6a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week advisories were released for mydns, gnocatan, ipsec-tools,
adzapper, mozilla, firefox, audit, unzip, Fedora kernel, GPdf,
libextractor, LibAST, gallery, ADOdb, apache, poppler, kdegraphics,
xpdf, openoffice, openssh php, and groff.  The distributors include
Debian, Fedora, Gentoo, Mandriva, and Red Hat.

----

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec

----

EnGarde Secure Community 3.0.4 Released

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.4 (Version 3.0, Release 4). This release includes several
bug fixes and feature enhancements to the Guardian Digital WebTool
and the SELinux policy, and several new packages available for
installation.

The following reported bugs from bugs.engardelinux.org are fixed in
this release:

    #0000048 The WebTool 'named' module does not check for duplicate zones
    #0000047 Nagios localhost ping test bug
    #0000045 SSH cannot create /root/.ssh directory as sysadm_r
    #0000042 Postfix-2.2.7's broken firewall workaround has problems - ...
    #0000041 Apache cannot talk to the MySQL socket.
    #0000039 Unable to mount /home at boot in EnGarde 3.0.3
    #0000038 Webtool automatically sets SELinux to Enforcing, even if ...
    #0000037 Support for PgSQL via WebTool
    #0000036 UPS - fails to work with selinux enabled
    #0000035 "postfix reload" fails when run by sysadm_r with selinux ...
    #0000034 tcpdump fails with selinux enabled

Several other bugs are fixed in this release as well.

New features include:

    * A new GDSN Package Management Interface in the Guardian Digital
       WebTool which allows you to easily browse and install packages
       from the EnGarde Secure Linux package archives.

    * A new Spanish (Espa=F1ol) translation of the Guardian Digital
      WebTool, courtesy of Joe Rodiguez Jr. To use this translation go
      into to the WebTool Configuration module, click on your username
      (normally 'admin'), and select Espa=F1ol from the drop-down.

    * New Guardian Digital WebTool modules for DHCP and UPS services.
      The DHCP (Dynamic Host Configuration Protocol) module allows you
      to run a DHCP server on your EnGarde Secure Linux machine. The
      UPS (Uninterruptible Power Supply) module allows you to configure
      and monitor a UPS connected to your EnGarde Secure Linux machine
      and to act as a server for other machines connected to the same UPS.

    * The latest stable versions of MySQL (5.0.18), fetchmail (6.3.2),
      iptables (1.3.5), mrtg (2.13.1), nmap (4.00), openssh (4.3p1),
       php (4.4.2), and postfix (2.2.8).

    * Several new installable packages such as amavisd-new (2.3.3),
      clamav (0.88), nagios (1.3), nagios-plugins (1.4.2), nrpe (2.0),
      postgresql (8.1.1), spamassassin, and many, many new Perl modules.

We're also happy to announce the availability of the following HOWTOs:

    * Installing Joomla! on EnGarde Secure Linux HOWTO
    * Installing PHPMyAdmin on EnGarde Secure Linux HOWTO
    * Installing PHP Applications on EnGarde Secure Linux HOWTO
    * Installing SpamAssassin, ClamAV and Amavisd-new on EnGarde HOWTO
    * Installing Squirrelmail on EnGarde Secure Linux HOWTO

All new users downloading EnGarde Secure Linux for the first time or users
who use the LiveCD environment should download this release.

Users who are currently using EnGarde Secure Linux do not need to download
this release -- they can update their machines via the Guardian Digital
Secure Network WebTool module.

Read Entire Article:
http://www.linuxsecurity.com/content/view/121560/65/

----------------------

EnGarde Secure Community 3.0.3 Released

Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.3 (Version 3.0, Release 3). This release
includes several bug fixes and feature enhancements to the
Guardian Digital WebTool, the SELinux policy, and the LiveCD
environment.

http://www.linuxsecurity.com/content/view/121150/65/

---

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New mydns packages fix denial of service
  2nd, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121475


* Debian: New gnocatan packages fix denial of service
  3rd, February, 2006

A problem has been discovered in gnocatan, the computer version of
the settlers of Catan boardgame, that can lead the server an other
clients to exit via an assert, and hence does not permit the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121506


* Debian: New ipsec-tools packages fix denial of service
  6th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121534


* Debian: New adzapper packages fix denial of service
  9th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121573


* Fedora Core 4 Update: mozilla-1.7.12-1.5.2
  2nd, February, 2006

Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.
Igor Bukanov discovered a bug in the way Mozilla's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Mozilla could crash or execute
arbitrary code as the user running Mozilla. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.

http://www.linuxsecurity.com/content/view/121496


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: firefox-1.0.7-1.2.fc4
  2nd, February, 2006

Mozilla Firefox is an open source Web browser.
Igor Bukanov discovered a bug in the way Firefox's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Firefox could crash or execute
arbitrary code as the user running Firefox. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.

http://www.linuxsecurity.com/content/view/121497


* Fedora Core 4 Update: audit-1.0.13-1.fc4
  3rd, February, 2006

This release backports some bugfixes and enhancements from the
current devel branch.

http://www.linuxsecurity.com/content/view/121530


* Fedora Core 4 Update: unzip-5.51-13.fc4
  6th, February, 2006

This update fixes several vulnerabilities in the unzip utility.

http://www.linuxsecurity.com/content/view/121547


* Fedora Core 4 Update: kernel-2.6.15-1.1831_FC4
  7th, February, 2006

This update fixes a remotely exploitable denial of service attack in
the icmp networking code (CVE-2006-0454).  An information leak has
also been fixed (CVE-2006-0095), and some debugging patches that had
accidentally been left applied in the previous update have been
removed, restoring the functionality of the 'quiet' argument.<P>

http://www.linuxsecurity.com/content/view/121561


* Fedora Core 4 Update: audit-1.0.14-1.fc4
  8th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121571


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: GStreamer FFmpeg plugin Heap-based buffer overflow
  5th, February, 2006

The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that
may be exploited by attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121532


* Gentoo: Paros Default administrator password
  6th, February, 2006

Paros's database component is installed without a password, allowing
execution of arbitrary system commands.

http://www.linuxsecurity.com/content/view/121541


* Gentoo: Xpdf, Poppler, GPdf, libextractor, pdftohtml Heap overflows
  6th, February, 2006

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to
integer overflows that may be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121542


* Gentoo: MyDNS Denial of Service
  6th, February, 2006

MyDNS contains a vulnerability that may lead to a Denial of Service
attack.

http://www.linuxsecurity.com/content/view/121543


* Gentoo: LibAST Privilege escalation
  6th, February, 2006

A buffer overflow in LibAST may result in execution of arbitrary code

with escalated privileges.

http://www.linuxsecurity.com/content/view/121544


* Gentoo: Gallery Cross-site scripting vulnerability
  6th, February, 2006

Gallery is possibly vulnerable to a cross-site scripting attack that
could allow arbitrary JavaScript code execution.

http://www.linuxsecurity.com/content/view/121545


* Gentoo: ADOdb PostgresSQL command injection
  6th, February, 2006

ADOdb is vulnerable to SQL injections if used in conjunction with a
PostgreSQL database.

http://www.linuxsecurity.com/content/view/121548


* Gentoo: Apache Multiple vulnerabilities
  6th, February, 2006

Apache can be exploited for cross-site scripting attacks and is
vulnerable to a Denial of Service attack.

http://www.linuxsecurity.com/content/view/121549


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated libast packages fixes buffer overflow
vulnerability
  2nd, February, 2006


Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1
and earlier, as used in Eterm and possibly other software, allows
local users to execute arbitrary code as the utmp user via a long -X
argument. The updated packages have been patched to correct this
issue.

http://www.linuxsecurity.com/content/view/121491


* Mandriva: Updated poppler packages fixes heap-based buffer overflow
vulnerability
  2nd, February, 2006

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
cause a denial of service and possibly execute arbitrary code via
crafted splash images that produce certain values that exceed the
width or height of the associated bitmap. Poppler uses a copy of
the xpdf code and as such has the same issues. The updated
packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121492


* Mandriva: Updated kdegraphics packages fixes heap-based buffer
overflow vulnerability
  2nd, February, 2006


Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
cause a denial of service and possibly execute arbitrary code via
crafted splash images that produce certain values that exceed the
width or height of the associated bitmap. Kdegraphics-kpdf uses a
copy of the xpdf code and as such has the same issues. The updated
packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121493


* Mandriva: Updated xpdf packages fixes heap-based buffer overflow
vulnerability
  2nd, February, 2006


Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
cause a denial of service and possibly execute arbitrary code via
crafted splash images that produce certain values that exceed the
width or height of the associated bitmap. The updated packages have
been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121494


* Mandriva: Updated OpenOffice.org packages fix issue with disabled
hyperlinks
  2nd, February, 2006


OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled,
does not prevent the user from clicking the WWW-browser button in the
Hyperlink dialog, which makes it easier for attackers to trick the
user into bypassing intended security settings. Updated packages are
patched to address this issue.

http://www.linuxsecurity.com/content/view/121495


* Mandriva: Updated openssh packages fix vulnerability
  6th, February, 2006

 A flaw was discovered in the scp local-to-local copy implementation
where filenames that contain shell metacharacters or spaces are
expanded twice, which could lead to the execution of arbitrary
commands if a local user could be tricked into a scp'ing a specially
crafted filename.

http://www.linuxsecurity.com/content/view/121550


* Mandriva: Updated php packages fix vulnerability
  7th, February, 2006

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
a remote attacker to bypass safe_mode and open_basedir restrictions
via unknown attack vectors. The updated packages have been patched to
correct this issue.

http://www.linuxsecurity.com/content/view/121562


* Mandriva: Updated mozilla packages to address DoS vulnerability
  7th, February, 2006

Mozilla and Mozilla Firefox allow remote attackers to cause a denial
of service (CPU consumption and delayed application startup) via a
web site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134) The Javascript
interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not
properly dereference objects, which allows remote attackers to cause
a denial of service (crash) or execute arbitrary code via unknown
attack vectors related to garbage collection.

http://www.linuxsecurity.com/content/view/121563


* Mandriva: Updated mozilla-firefox packages to address DoS
vulnerability
  7th, February, 2006

Mozilla and Mozilla Firefox allow remote attackers to cause a denial
of service (CPU consumption and delayed application startup) via a
web site with a large title, which is recorded in history.dat but not
processed efficiently during startup.

http://www.linuxsecurity.com/content/view/121564


* Mandriva: Updated groff packages fix temporary file vulnerabilities
  8th, February, 2006

The Trustix Secure Linux team discovered a vulnerability in the
groffer utility, part of the groff package.  It created a temporary
directory in an insecure way which allowed for the exploitation of a
race condition to create or overwrite files the privileges of the
user invoking groffer.

http://www.linuxsecurity.com/content/view/121572



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Critical: mozilla security update
  2nd, February, 2006

Updated mozilla packages that fix several security bugs are now
available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121482


* RedHat: Critical: firefox security update
  2nd, February, 2006

An updated firefox package that fixes several security bugs is now
available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121483


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list