[ISN] Linux Advisory Watch - February 3rd 2006

InfoSec News isn at c4i.org
Fri Feb 3 04:29:56 EST 2006


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  February 3rd, 2006                            Volume 7, Number 5a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

Due to several changes in our advisory archiving scripts, Linux
Advisory Watch did not go out last week.  This has caused an
unusually high number of advisories.  The purpose of this week's
newsletter is to 'catch up' and ensure that every advisory has
been published.  We apologize for any inconvenience.

Advisories were released for petris, unzip, tetex-bin, koffice,
fetchmail, gpdf, tuxpaint, albatross, mantis, antiword, smstools,
sudo, ClamAV, kdelibs, crawl, CUPS, trac, libapache-auth-ldap,
flyspray, wine, mailman, lsh-utils, ImageMagick, drupal, hylafax,
libextractor, unalz, limbmail-audit-perl, pdftohtml, mod_auth_pgsql,
poppler, tetex, kdegraphics, ethereal, httpd, openssh, mozilla,
firefox, Gallery, LibAST, Paros, MyDNS, xorg-x11, UUlib, SSLeay,
mdkonline, gthumb, libgphoto, net-snmp, apache2, thunderbird,
bzip2, gzip, libast, gd, and phpMyAdmin.  The distributors include
Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE.

----

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec

----

A Linux Security Look To The Future
By: Pax Dickinson

It's much the same story as last year, Windows worms and viruses
continually propagate, crossbreed, and multiply while Linux
remains above the fray. Sober and the other "newsmaking" viruses
all infect and attack Windows while all Linux admins get out of
it are a few hits to our Snort rulesets. Yes, there are worms
attacking Linux, and Linux, like any other system, is certainly
not immune. Linux is, however, more resistant.

One reason is made clear when the internet is compared to a
biosphere. Linux is a mutt. Every Linux distribution does things
slightly differently, Linux runs on very varied hardware, many
Linux users compile their own software. Things just aren't as
standardized in the Linux world, which is viewed as a flaw by
many pundits, though it has many benefits when it comes to
security. A Linux security flaw may only affect a certain
distribution or application, and most distributions and
applications lack the massive marketshare to provide enough
sustenance for a worm to really get going. Meanwhile, the
applications that do possess large marketshare, such as
Apache, tend to be generally secure due to their source
code availability.

Windows, on the other hand, lacks this genetic diversity.
One copy of Windows XP is exactly like the next, and the
source is closed so previously unknown flaws are discovered
all the time. Yes, Windows does have a greater marketshare
making it a bigger target, but I'd wager that if the
marketshares of Windows and Linux were even Windows would
still have more vulnerabilities. In nature, populations that
lack genetic diversity run the risk of being decimated by
a virulent disease, and the internet is no different.
There's a reason we use biological metaphors like "worm"
and "virus" to describe malware. Linux also benefits by
tending to not be a primary target for malware authors
because they have such a juicy target in Windows. Of
course, keeping systems patched has been and will remain
key, luckily most Linux distributions available today
tend to be very polished in this area, with tools such
as apt-get, yum, and portage providing easy application
and system upgrades.

So much for the good. Looking to the future, things go from
bad to beyond ugly. We Linux users should realize how good we
have it right now and recognize that the current security
situation will not remain so benevolent for us. In an
environment of dumb worms and viruses targeted at the least
common denominator, Linux is well prepared to hold fast and
remain generally secure. However, sinister trends are
developing now that may end this state of complacency and
need to be addressed.

Crime related to spam, spyware, and other online illegalities
is said by some experts to have recently passed international
drug trafficking in dollars earned, and malicious hacking
that used to be performed for fun is now a big business.
Websites once hacked only so the culprit could deface them
and show off are now penetrated in order to steal customer
data and engage in identity theft. Botnets of more than a
million compromised hosts are not unknown, used to send
spam, host child pornography, and perform distributed DoS
attacks. An underground market for botnets has made the
creation of viruses and trojans into a thriving business
opportunity for the unscrupulous.

Read Entire Article:
http://www.linuxsecurity.com/content/view/121230/49/

----------------------

EnGarde Secure Community 3.0.3 Released

 Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.3 (Version 3.0, Release 3). This release
includes several bug fixes and feature enhancements to the
Guardian Digital WebTool, the SELinux policy, and the LiveCD
environment.

http://www.linuxsecurity.com/content/view/121150/65/

---


Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New petris packages fix buffer overflow
  27th, January, 2006

Steve Kemp from the Debian Security Audit project discovered a buffer
overflow in petris, a clone of the Tetris game, which may be
exploited to execute arbitary code with group games privileges.

http://www.linuxsecurity.com/content/view/121285


* Debian: New unzip packages fix unauthorised permissions
modification
  27th, January, 2006

The unzip update in DSA 903 contained a regression so that symbolic
links that are resolved later in a zip archive aren't supported
anymore.  This update corrects this behaviour.

http://www.linuxsecurity.com/content/view/121286


* Debian: New tetex-bin packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in tetex-bin, the binary files of teTeX, and which can
lead to a denial of service by crashing the application or possibly
to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121287


* Debian: New koffice packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in koffice, the KDE Office Suite, and which can lead to
a denial of service by crashing the application or possibly to the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121288


* Debian: New fetchmail packages fix denial of service
  27th, January, 2006

Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3,
APOP, IMAP mail gatherer/forwarder, that can cause a crash when the
program is running in multidrop mode and receives messages without
headers.

http://www.linuxsecurity.com/content/view/121289


* Debian: New gpdf packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is

also present in gpdf, the GNOME version of the Portable Document
Format viewer, and which can lead to a denial of service by crashing
the application or possibly to the execution of arbitrary code.


http://www.linuxsecurity.com/content/view/121290


* Debian: New tuxpaint packages fix insecure temporary file creation
  27th, January, 2006

Javier Fern=EF=BF=BDndez-Sanguino Pe=EF=BF=BDa from the Debian Security Aud=
it
project discovered that a script in tuxpaint, a paint program for young
children, creates a temporary file in an insecure fashion.

http://www.linuxsecurity.com/content/view/121291


* Debian: New albatross packages fix arbitrary code execution
  27th, January, 2006

A design error has been discovered in the Albatross web application
toolkit that causes user supplied data to be used as part of template

execution and hence arbitrary code execution.


http://www.linuxsecurity.com/content/view/121292


* Debian: New Perl packages fix arbitrary code execution
  27th, January, 2006

Jack Louis discovered an integer overflow in Perl, Larry Wall's
Practical Extraction and Report Language, that allows attackers to
overwrite arbitrary memory and possibly execute arbitrary code via
specially crafted content that is passed to vulnerable format strings

of third party software.

http://www.linuxsecurity.com/content/view/121293


* Debian: New mantis packages fix several vulnerabilities
  27th, January, 2006

Several security related problems have been discovered in Mantis, a
web-based bug tracking system. The Common Vulnerabilities and
Exposures project identifies the following problems:

http://www.linuxsecurity.com/content/view/121294


* Debian: New antiword packages fix insecure temporary file creation
  27th, January, 2006

Javier Fern=EF=BF=BDndez-Sanguino Pe=EF=BF=BDa from the Debian Security Aud=
it
project discovered that two scripts in antiword, utilities to convert Word
files to text and Postscript, create a temporary file in an insecure
fashion.

http://www.linuxsecurity.com/content/view/121295


* Debian: New smstools packages fix format string vulnerability
  27th, January, 2006

Ulf Harnhammar from the Debian Security Audit project discovered a
format string attack in the logging code of smstools, which may be
exploited to execute arbitary code with root privileges.

http://www.linuxsecurity.com/content/view/121296


* Debian: New sudo packages fix privilege escalation
  27th, January, 2006

It has been discovered that sudo, a privileged program, that provides
limited super user privileges to specific users, passes several
environment variables to the program that runs with elevated
privileges.  In the case of include paths (e.g. for Perl, Python,
Ruby or other scripting languages) this can cause arbitrary code to
be executed as privileged user if the attacker points to a manipulated
version of a system library.


http://www.linuxsecurity.com/content/view/121297


* Debian: New ClamAV packages fix heap overflow
  27th, January, 2006

A heap overflow has been discovered in ClamAV, a virus scanner, which
could allow an attacker to execute arbitrary code by sending a
carefully crafted UPX-encoded executable to a system runnig ClamAV.
In addition, other potential overflows have been corrected.

http://www.linuxsecurity.com/content/view/121298


* Debian: New kdelibs packages fix buffer overflow
  27th, January, 2006

Maksim Orlovich discovered that the kjs Javascript interpreter, used
in the Konqueror web browser and in other parts of KDE, performs
insufficient bounds checking when parsing UTF-8 encoded Uniform
Resource Identifiers, which may lead to a heap based buffer overflow and
the execution of arbitrary code.


http://www.linuxsecurity.com/content/view/121299


* Debian: New crawl packages fix potential group games execution
  27th, January, 2006

Steve Kemp from the Debian Security Audit project discovered a
security related problem in crawl, another console based dungeon
exploration game in the vein of nethack and rogue.  The program
executes commands insecurely when saving or loading games which can
allow local attackers to gain group games privileges.

http://www.linuxsecurity.com/content/view/121300


* Debian: New CUPS packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in CUPS, the Common UNIX
Printing System, and which can lead to a denial of service by
crashing the application or possibly to the execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/121301


* Debian: New trac packages fix SQL injection and cross-site
scripting
  27th, January, 2006

Several vulnerabilies have been discovered in trac, an enhanced wiki
and issue tracking system for software development projects.  The
Common Vulnerabilities and Exposures project identifie the following
problems:

http://www.linuxsecurity.com/content/view/121302


* Debian: New libapache-auth-ldap packages fix arbitrary code
execution
  27th, January, 2006

"Seregorn" discovered a format string vulnerability in the logging
function of libapache-auth-ldap, an LDAP authentication module for
the Apache webserver, that can lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121303


* Debian: New flyspray packages fix cross-site scripting
  27th, January, 2006

Several cross-site scripting vulnerabilities have been discovered in
flyspray, a lightweight bug tracking system, which allows attackers
to insert arbitary script code into the index page.

http://www.linuxsecurity.com/content/view/121304


* Debian: New wine packages fix arbitrary code execution
  27th, January, 2006

H D Moore that discovered that Wine, a free implemention of the
Microsoft Windows APIs, inherits a design flaw from the Windows GDI API,
which may lead to the execution of code through GDI escape functions in
WMF files.


http://www.linuxsecurity.com/content/view/121305


* Debian: New clamav packages fix heap overflow
  27th, January, 2006

A heap overflow has been discovered in ClamAV, a virus scanner, which
could allow an attacker to execute arbitrary code by sending a
carefully crafted UPX-encoded executable to a system runnig ClamAV. In
addition, other potential overflows have been corrected.


http://www.linuxsecurity.com/content/view/121306


* Debian: New xpdf packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, that can
lead to a denial of service by crashing the application or possibly
to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121307


* Debian: New mailman packages fix denial of service
  27th, January, 2006

Two denial of service bugs were found in the mailman list server. In
one, attachment filenames containing UTF8 strings were not properly
parsed, which could cause the server to crash. In another, a message
containing a bad date string could cause a server crash.


http://www.linuxsecurity.com/content/view/121308


* Debian: New lsh-utils packages fix local vulnerabilities
  27th, January, 2006

Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2)
protocol server, leaks a couple of file descriptors, related to the
randomness generator, to user shells which are started by lshd.  A
local attacker can truncate the server's seed file, which may prevent

the server from starting, and with some more effort, maybe also crack

session keys.

http://www.linuxsecurity.com/content/view/121309


* Debian: New ImageMagick packages fix arbitrary command execution
  27th, January, 2006

Florian Weimer discovered that delegate code in ImageMagick is
vulnerable to shell command injection using specially crafted file
names.=09This allows attackers to encode commands inside of graphic
commands.  With some user interaction, this is exploitable through
Gnus and Thunderbird.

http://www.linuxsecurity.com/content/view/121310


* Debian: New drupal packages fix several vulnerabilities
  27th, January, 2006

Several security related problems have been discovered in drupal, a
fully-featured content management/discussion engine.  The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:

http://www.linuxsecurity.com/content/view/121311


* Debian: New kpdf packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, that can
lead to a denial of service by crashing the application or possibly
to the execution of arbitrary code.  The same code is present in kpdf
which is part of the kdegraphics package.

http://www.linuxsecurity.com/content/view/121312


* Debian: New hylafax packages fix arbitrary command execution
  27th, January, 2006

Patrice Fournier found that hylafax passes unsanitized user data in
the notify script, allowing users with the ability to submit jobs to
run arbitrary commands  with the privileges of the hylafax server.

http://www.linuxsecurity.com/content/view/121313


* Debian: New pound packages fix multiple vulnerabilities
  27th, January, 2006

Two vulnerabilities have been discovered in Pound, a reverse proxy
and load balancer for HTTP. The Common Vulnerabilities and Exposures
project identifies the following problems:

http://www.linuxsecurity.com/content/view/121314


* Debian: New smstools packages fix format string vulnerability
  27th, January, 2006

Ulf Harnhammar from the Debian Security Audit project discovered a
format string attack in the logging code of smstools, which may be
exploited to execute arbitary code with root privileges.


http://www.linuxsecurity.com/content/view/121315


* Debian: New libapache2-mod-auth-pgsql packages fix arbitrary code
execution
  27th, January, 2006

iDEFENSE reports that a format string vulnerability in
mod_auth_pgsql, a library used to authenticate web users against
a PostgreSQL database, could be used to execute arbitrary code with
the privileges of the httpd user.

http://www.linuxsecurity.com/content/view/121316


* Debian: New libextractor packages fix arbitrary code execution
  27th, January, 2006


"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in libextractor, a library to extract arbitrary
meta-data from files, and which can lead to a denial of service by
crashing the application or possibly to the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/121317


* Debian: New trac packages fix SQL injection and cross-site
scripting
  30th, January, 2006

This update corrects the search feature in trac, an enhanced wiki
and issue tracking system for software development projects, which
broke with the last security update.

http://www.linuxsecurity.com/content/view/121444


* Debian: New unalz packages fix arbitrary code execution
  30th, January, 2006

Ulf H=EF=BF=BDrnhammer from the Debian Audit Project discovered that
unalz, a decompressor for ALZ archives, performs insufficient bounds
checking when parsing file names.  This can lead to arbitrary code
execution if an attacker provides a crafted ALZ archive.

http://www.linuxsecurity.com/content/view/121446


* Debian: New ImageMagick packages fix arbitrary command execution
  31st, January, 2006

Florian Weimer discovered that delegate code in ImageMagick is
vulnerable to shell command injection using specially crafted file
names.=09This allows attackers to encode commands inside of graphic
commands.  With some user interaction, this is exploitable through
Gnus and Thunderbird.  This update filters out the '$' character as
well, which was forgotton in the former update.

http://www.linuxsecurity.com/content/view/121451


* Debian: New libmail-audit-perl packages fix insecure temporary file
use
  31st, January, 2006

Niko Tyni discovered that the Mail::Audit module, a Perl library for
creating simple mail filters, logs to a temporary file with a
predictable filename in an insecure fashion when logging is turned
on,
which is not the case by default.

http://www.linuxsecurity.com/content/view/121452


* Debian: New libmail-audit-perl packages fix insecure temporary file
use
  31st, January, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121461


* Debian: New pdfkit.framework packages fix arbitrary code execution
  1st, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121462


* Debian: New pdftohtml packages fix arbitrary code execution
  1st, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121463


* Debian: New mydns packages fix denial of service
  2nd, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121475


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: cups-1.1.23-15.3
  27th, January, 2006

This update fixes the pdftops filter's handling of some
incorrectly-formed PDF files.  Issues fixed are
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.

http://www.linuxsecurity.com/content/view/121373


* Fedora Core 3 Update: cups-1.1.22-0.rc1.8.9
  27th, January, 2006

This update fixes the pdftops filter's handling of some
incorrectly-formed PDF files.  Issues fixed are
CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.

http://www.linuxsecurity.com/content/view/121374


* Fedora Core 4 Update: kernel-2.6.14-1.1656_FC4
  27th, January, 2006

This update fixes several low-priority security problems
that were discovered during the development of 2.6.15, and
backported.
Notably, CVE-2005-4605.

http://www.linuxsecurity.com/content/view/121377


* Fedora Core 3 Update: mod_auth_pgsql-2.0.1-6.2
  27th, January, 2006

Several format string flaws were found in the way
mod_auth_pgsql logs information. It may be possible for a
remote attacker to execute arbitrary code as the 'apache'
user if mod_auth_pgsql is used for user authentication. The
Common Vulnerabilities and Exposures project assigned the
name CVE-2005-3656 to this issue.
Please note that this issue only affects servers which have
mod_auth_pgsql installed and configured to perform user
authentication against a PostgreSQL database.
Red Hat would like to thank iDefense for reporting this issue.

http://www.linuxsecurity.com/content/view/121378


* Fedora Core 4 Update: mod_auth_pgsql-2.0.1-8.1
  27th, January, 2006

Several format string flaws were found in the way
mod_auth_pgsql logs information. It may be possible for a
remote attacker to execute arbitrary code as the 'apache'
user if mod_auth_pgsql is used for user authentication. The
Common Vulnerabilities and Exposures project assigned the
name CVE-2005-3656 to this issue.
Please note that this issue only affects servers which have
mod_auth_pgsql installed and configured to perform user
authentication against a PostgreSQL database.
Red Hat would like to thank iDefense for reporting this issue.

http://www.linuxsecurity.com/content/view/121379


* Fedora Core 3 Update: gpdf-2.8.2-7.2
  27th, January, 2006

Chris Evans discovered several flaws in the way CUPS
processes PDF files. An attacker could construct a carefully
crafted PDF file that could cause CUPS to crash or possibly
execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names
CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and
CVE-2005-3627 to these issues.

http://www.linuxsecurity.com/content/view/121392


* Fedora Core 4 Update: poppler-0.4.4-1.1
  27th, January, 2006

Chris Evans discovered several flaws in the way poppler
processes PDF files. An attacker could construct a carefully
crafted PDF file that could cause poppler to crash or possibly
execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project assigned the names
CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and
CVE-2005-3627 to these issues.

http://www.linuxsecurity.com/content/view/121393


* Fedora Core 4 Update: xpdf-3.01-0.FC4.6
  27th, January, 2006

Several flaws were discovered in Xpdf. An attacker could
construct a carefully crafted PDF file that could cause xpdf
to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project assigned the
name CAN-2005-3193 to these issues.
Users of xpdf should upgrade to this updated package, which
contains a patch to resolve these issues.

http://www.linuxsecurity.com/content/view/121395


* Fedora Core 4 Update: tetex-3.0-9.FC4
  27th, January, 2006

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.
The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to
these issues.
This package also updates bindings in texdoc and causes the
local texmf tree to be searched first.

http://www.linuxsecurity.com/content/view/121396


* Fedora Core 3 Update: tetex-2.0.2-21.7.FC3
  27th, January, 2006

Several flaws were discovered in the way teTeX processes PDF
files. An attacker could construct a carefully crafted PDF
file that could cause poppler to crash or possibly execute
arbitrary code when opened.
The Common Vulnerabilities and Exposures project assigned
the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and
CVE-2005-3627 to these issues.

http://www.linuxsecurity.com/content/view/121397


* Fedora Core 4 Update: kdegraphics-3.5.0-0.2.fc4
  27th, January, 2006

Several flaws were discovered in Xpdf. An attacker could
construct a carefully crafted PDF file that could cause xpdf
to crash or possibly execute arbitrary code when opened. The
Common Vulnerabilities and Exposures project assigned the
name CAN-2005-3193 to these issues.
Users of kdegraphics should upgrade to this updated package,
which contains a patch to resolve these issues.

http://www.linuxsecurity.com/content/view/121404


* Fedora Core 3 Update: ethereal-0.10.14-1.FC3.1
  27th, January, 2006

This update fixes a DoS in Ethereal.

http://www.linuxsecurity.com/content/view/121408


* Fedora Core 4 Update: kdelibs-3.5.0-0.4.fc4
  27th, January, 2006

A heap overflow flaw was discovered affecting kjs, the
JavaScript interpreter engine used by Konqueror and other
parts of KDE. An attacker could create a malicious web site
containing carefully crafted JavaScript code that would
trigger this flaw and possibly lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0019 to this issue.
Users of KDE should upgrade to these updated packages, which
contain a backported patch from the KDE security team
correcting this issue

http://www.linuxsecurity.com/content/view/121415


* Fedora Core 4 Update: httpd-2.0.54-10.3
  27th, January, 2006

This update includes fixes for three security issues in the
Apache HTTP Server.

http://www.linuxsecurity.com/content/view/121420


* Fedora Core 4 Update: openssh-4.2p1-fc4.10
  27th, January, 2006

This is a minor security update which fixes double shell
expansion in local to local and remote to remote copy with
scp. It also fixes a few other minor non-security issues.

http://www.linuxsecurity.com/content/view/121421


* Fedora Core 4 Update: mozilla-1.7.12-1.5.2
  2nd, February, 2006

Mozilla is an open source Web browser, advanced email and
newsgroup client, IRC chat client, and HTML editor.
Igor Bukanov discovered a bug in the way Mozilla's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Mozilla could crash or execute
arbitrary code as the user running Mozilla.

http://www.linuxsecurity.com/content/view/121496


* Fedora Core 4 Update: firefox-1.0.7-1.2.fc4
  2nd, February, 2006

Mozilla Firefox is an open source Web browser.
Igor Bukanov discovered a bug in the way Firefox's
JavaScript interpreter dereferences objects. If a user
visits a malicious web page, Firefox could crash or execute
arbitrary code as the user running Firefox. The Common
Vulnerabilities and Exposures project assigned the name
CVE-2006-0292 to this issue.

http://www.linuxsecurity.com/content/view/121497


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: HylaFAX Multiple vulnerabilities
  27th, January, 2006

HylaFAX is vulnerable to arbitrary code execution and unauthorized
access vulnerabilities.

http://www.linuxsecurity.com/content/view/121318


* Gentoo: KPdf, KWord Multiple overflows in included Xpdf code
  27th, January, 2006

KPdf and KWord both include vulnerable Xpdf code to handle PDF files,

making them vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121319


* Gentoo: xine-lib, FFmpeg Heap-based buffer overflow
  27th, January, 2006

xine-lib and FFmpeg are vulnerable to a buffer overflow that may be
exploited by attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121320


* Gentoo: ClamAV Remote execution of arbitrary code
  27th, January, 2006

ClamAV is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121321


* Gentoo: HylaFAX Multiple vulnerabilities
  27th, January, 2006

HylaFAX is vulnerable to arbitrary code execution and unauthorized
access vulnerabilities.

http://www.linuxsecurity.com/content/view/121322


* Gentoo: Blender Heap-based buffer overflow
  27th, January, 2006

Blender is vulnerable to a buffer overflow that may be exploited by
attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121323


* Gentoo: Wine Windows Metafile SETABORTPROC vulnerability
  27th, January, 2006

Fixed packages were issued to fix this vulnerability in Wine, but
some of the fixed packages were missing the correct patch. All Wine users
should re-emerge Wine to make sure they are safe. The corrected
sections appear below.

http://www.linuxsecurity.com/content/view/121324


* Gentoo: KDE kjs URI heap overflow vulnerability
  27th, January, 2006

KDE fails to properly validate URIs when handling javascript,
potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121325


* Gentoo: Trac Cross-site scripting vulnerability
  27th, January, 2006

Trac is vulnerable to a cross-site scripting attack that could allow
arbitrary JavaScript code execution.

http://www.linuxsecurity.com/content/view/121326


* Gentoo: Gallery Cross-site scripting vulnerability
  27th, January, 2006

Gallery is possibly vulnerable to a cross-site scripting attack that
could allow arbitrary JavaScript code execution.

http://www.linuxsecurity.com/content/view/121327


* Gentoo: mod_auth_pgsql Multiple format string vulnerabilities
  27th, January, 2006

Format string vulnerabilities in mod_auth_pgsql may lead to the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121328


* Gentoo: xine-lib, FFmpeg Heap-based buffer overflow
  27th, January, 2006

xine-lib and FFmpeg are vulnerable to a buffer overflow that may be
exploited by attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121329


* Gentoo: VMware Workstation Vulnerability in NAT networking
  27th, January, 2006

VMware guest operating systems can execute arbitrary code with
elevated privileges on the host operating system through a flaw in
NAT networking.

http://www.linuxsecurity.com/content/view/121330


* Gentoo: ClamAV Remote execution of arbitrary code
  27th, January, 2006

ClamAV is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121331


* Gentoo: Blender Heap-based buffer overflow
  27th, January, 2006

Blender is vulnerable to a buffer overflow that may be exploited by
attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121332


* Gentoo: Wine Windows Metafile SETABORTPROC vulnerability
  27th, January, 2006

There is a flaw in Wine in the handling of Windows Metafiles (WMF)
files, which could possibly result in the execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/121333


* Gentoo: Sun and Blackdown Java Applet privilege escalation
  27th, January, 2006

Sun's and Blackdown's JDK or JRE may allow untrusted applets to
elevate their privileges.

http://www.linuxsecurity.com/content/view/121334


* Gentoo: Wine Windows Metafile SETABORTPROC vulnerability
  27th, January, 2006

There is a flaw in Wine in the handling of Windows Metafiles (WMF)
files, which could possibly result in the execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/121335


* Gentoo: LibAST Privilege escalation
  29th, January, 2006

A buffer overflow in LibAST may result in execution of arbitrary code

with escalated privileges.

http://www.linuxsecurity.com/content/view/121434


* Gentoo: Paros Default administrator password
  29th, January, 2006

Paros's database component is installed without a password, allowing
execution of arbitrary system commands.

http://www.linuxsecurity.com/content/view/121435


* Gentoo: MyDNS Denial of Service
  30th, January, 2006

MyDNS contains a vulnerability that may lead to a Denial of Service
attack.

http://www.linuxsecurity.com/content/view/121447


* Gentoo: Xpdf, Poppler, GPdf, libextractor, pdftohtml Heap overflows
  30th, January, 2006

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to
integer overflows that may be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121449


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated koffice packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier, allow user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted  PDF
file with an out-of-range number of components (numComps), which is used
as an array index. (CVE-2005-3191)


http://www.linuxsecurity.com/content/view/121337


* Mandriva: Updated poppler packages fix several vulnerabilities
  27th, January, 2006


Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier, allow user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted  PDF
file with an out-of-range number of components (numComps), which is used
as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121338


* Mandriva: Updated cups packages fix several vulnerabilities
  27th, January, 2006


Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier, allow user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted  PDF
file with an out-of-range number of components (numComps), which is used
as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121340


* Mandriva: Updated tetex packages fix several vulnerabilities
  27th, January, 2006


Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01
and earlier, allow user-complicit attackers to cause a denial of
service (heap corruption) and possibly execute arbitrary code via a
crafted  PDF file with an out-of-range number of components (numComps),
which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121341


* Mandriva: Updated xorg-x11 packages to address several bugs.
  27th, January, 2006

Issues have been reported with display corruption for various cards,
including several ATI and Nvidia cards when using the free drivers.
There was also an issue with the Greek keyboard layout.
These should be corrected by the upstream 6.9.0 final, which this
package is based on. Updated packages should correct these issues.

http://www.linuxsecurity.com/content/view/121342


* Mandriva: Updated kdegraphics packages fix several vulnerabilities
  27th, January, 2006


Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier, allow user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted  PDF
file with an out-of-range number of components (numComps), which is used
as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121343


* Mandriva: Updated kolab packages fix vulnerability
  27th, January, 2006


A problem exists in how the Kolab Server transports emails bigger
than 8KB in size and if a dot (".") character exists in the wrong place.
If these conditions are met, kolabfilter will double this dot and a
modified email will be delivered, which could lead to broken
clear-text signatures or broken attachments. The updated packages have
been patched to correct these problems.

http://www.linuxsecurity.com/content/view/121344


* Mandriva: Updated pdftohtml packages fix several vulnerabilities
  27th, January, 2006


Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier, allow user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted  PDF
file with an out-of-range number of components (numComps), which is used
as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121345


* Mandriva: Updated wine packages fix WMF vulnerability
  27th, January, 2006


A vulnerability was discovered by H D Moore in Wine which implements
the SETABORTPROC GDI Escape function for Windows Metafile (WMF)
files. This could be abused by an attacker who is able to entice a
user to open a specially crafted WMF file from within a Wine-execute
Windows application, possibly resulting in the execution of arbitrary
code with the privileges of the user runing Wine. The updated packages
have been patched to correct these problems.

http://www.linuxsecurity.com/content/view/121346


* Mandriva: Updated hylafax packages fix eval injection
vulnerabilities
  27th, January, 2006


Patrice Fournier discovered the faxrcvd/notify scripts
(executed as the uucp/fax user) run user-supplied input through
eval without any attempt at sanitising it first.  This would
allow any user who could submit jobs to HylaFAX, or through
telco manipulation control the representation of callid
information presented to HylaFAX to run arbitrary commands as
the uucp/fax user. (CVE-2005-3539, only 'notify' in the covered
versions) Updated packages were also reviewed for vulnerability to
an issue where if PAM is disabled, a user could log in with no
password. (CVE-2005-3538) In addition, some fixes to the packages
for permissions, and the %pre/%post scripts were backported from
cooker. (#19679) The updated packages have been patched to correct
these issues.

http://www.linuxsecurity.com/content/view/121348


* Mandriva: Updated clamav packages fix vulnerability
  27th, January, 2006


A heap-based buffer overflow was discovered in ClamAV versions prior
to 0.88 which allows remote attackers to cause a crash and possibly
execute arbitrary code via specially crafted UPX files.
This update provides ClamAV 0.88 which corrects this issue and also
fixes some other bugs.

http://www.linuxsecurity.com/content/view/121349


* Mandriva: Updated mod_auth_ldap packages fix vulnerability
  27th, January, 2006


A format string flaw was discovered in the way that auth_ldap logs
information which may allow a remote attacker to execute arbitrary
code as the apache user if auth_ldap is used for authentication.
This update provides version 1.6.1 of auth_ldap which corrects the
problem.  Only Corporate Server 2.1 shipped with a supported
auth_ldap
package.

http://www.linuxsecurity.com/content/view/121355


* Mandriva: Updated kernel packages fix several vulnerabilities
  27th, January, 2006

A number of vulnerabilites have been corrected in the Linux kernel.

http://www.linuxsecurity.com/content/view/121356


* Mandriva: Updated kdelibs packages fix vulnerability
  27th, January, 2006


A heap overflow vulnerability was discovered in kjs, the KDE
JavaScript interpretter engine.  An attacker could create a malicious
web site that contained carefully crafted JavaScript code that could
trigger the flaw and potentially lead to the arbitrary execution of code
as the user visiting the site. The updated packages have been patched
to correct this problem.

http://www.linuxsecurity.com/content/view/121357


* Mandriva: Subject: [Security Announce] Updated ipsec-tools packages
fix vulnerability
  27th, January, 2006


The Internet Key Exchange version 1 (IKEv1) implementation
(isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in
aggressive mode, allows remote attackers to cause a denial of
service (null dereference and crash) via crafted IKE packets, as
demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
The updated packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/121359


* Mandriva: Updated xpdf packages fix several vulnerabilities
  27th, January, 2006


Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functionsin the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier,allow user-complicit attackers to cause a denial of service
(heap corruption) and possibly execute arbitrary code via a crafted
PDF file with an out-of-range number of components (numComps), which
is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121360


* Mandriva: Subject: [Security Announce] Updated mozilla-thunderbird
packages fix vulnerability
  27th, January, 2006


GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2,
1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary
code via an attachment with a filename containing a large number of
spaces ending with a dangerous extension that is not displayed by
Thunderbird, along with an inconsistent Content-Type header, which
could be used to trick a user into downloading dangerous content by
dragging or saving the attachment. The updated packages have been
patched to correct this problem.

http://www.linuxsecurity.com/content/view/121361


* Mandriva: Updated perl-Convert-UUlib packages fix vulnerability
  27th, January, 2006


A buffer overflow was discovered in the perl Convert::UUlib module in

versions prior to 1.051, which could allow remote attackers to
execute arbitrary code via a malformed parameter to a read operation.
This update provides version 1.051 which is not vulnerable to this
flaw.

http://www.linuxsecurity.com/content/view/121362


* Mandriva: Updated perl-Net_SSLeay packages fix vulnerability
  27th, January, 2006


Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay
module used the file /tmp/entropy as a fallback entropy source if a
proper source was not set via the environment variable EGD_PATH.
This could potentially lead to weakened cryptographic operations if an
attacker was able to provide a /tmp/entropy file with known content.
The updated packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/121363


* Mandriva: Updated ImageMagick packages fix vulnerabilities
  27th, January, 2006


The delegate code in ImageMagick 6.2.4.x allows remote attackers to
execute arbitrary commands via shell metacharacters in a filename
that is processed by the display command.

http://www.linuxsecurity.com/content/view/121364


* Mandriva: Updated mdkonline package provides url fixes
  27th, January, 2006


The mdkonline package for MNF2 was incorrectly connecting to
mandrivaonline.net rather than mandrivaonline.com.  This update
corrects the problem.

http://www.linuxsecurity.com/content/view/121365


* Mandriva: Updated dynamic packages fix USB device and Palm
detection issues
  27th, January, 2006


Dynamic was not calling scripts correctly when hardware was
plugged/unplugged. Plugging a digital camera (not usb mass storage,
like a Canon camera) was not creating an icon on Desktop (for GNOME)
or in the Devices window (for KDE).

http://www.linuxsecurity.com/content/view/121366


* Mandriva: Update gthumb packages to fix corrupted UI after photo
import
  27th, January, 2006


A bug was discovered in gthumb were the UI (User Interface) can
get corrupted when importing photos in some non-UTF8 locales (such
as French). Some text strings (returned from libgphoto) where not
converted into UTF-8 before being used by GTK+.
Updated packages have been patched to correct the issue.

http://www.linuxsecurity.com/content/view/121367


* Mandriva: Updated libgphoto packages fix bug on disconnection of
digital camera
  27th, January, 2006


A bug was discovered with libgphoto which was preventing the removal
of icons on the desktop (in GNOME) or in the Devices window (in KDE)
when a digital camera was unplugged. Updated packages have been patched
to correct the issue.

http://www.linuxsecurity.com/content/view/121368


* Mandriva: Updated gpdf packages fix several vulnerabilities
  27th, January, 2006


Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01
and earlier, allow user-complicit attackers to cause a denial of
service (heap corruption) and possibly execute arbitrary code via
a crafted  PDF file with an out-of-range number of components (numComps),
which is used as an array index. (CVE-2005-3191)


http://www.linuxsecurity.com/content/view/121369


* Mandriva: Updated net-snmp packages fix vulnerabilities
  27th, January, 2006

The fixproc application in Net-SNMP creates temporary files with
predictable file names which could allow a malicious local attacker
to change the contents of the temporary file by exploiting a race
condition, which could possibly lead to the execution of arbitrary
code.  As well, a local attacker could create symbolic links in the
/tmp directory that point to a valid file that would then be
overwritten when fixproc is executed (CVE-2005-1740).
A remote Denial of Service vulnerability was also discovered in the
SNMP library that could be exploited by a malicious SNMP server to
crash the agent, if the agent uses TCP sockets for communication
(CVE-2005-2177). The updated packages have been patched to correct
these problems.

http://www.linuxsecurity.com/content/view/121370


* Mandriva: Updated apache2 packages fix vulnerabilities
  27th, January, 2006


A flaw was discovered in mod_imap when using the Referer directive
with image maps that could be used by a remote attacker to perform a
cross-site scripting attack, in certain site configurations, if a
victim could be forced to visit a malicious URL using certain web
browsers (CVE-2005-3352).

http://www.linuxsecurity.com/content/view/121371


* Mandriva: Updated mozilla-thunderbird packages merge dropped
changes
  27th, January, 2006

Recent security updates to mozilla-thunderbird did not include
some changes made to the build from the community branch of 2006.0.
The changes include corrections to the packaging of language files
and some corrections to the uninstall scripts. New builds of the
enigmail-es and enigmail-it packages are also included.
Updated packages merge both of these builds.

http://www.linuxsecurity.com/content/view/121433


* Mandriva: Updated bzip2 packages fix bzgrep vulnerabilities
  30th, January, 2006

 A bug was found in the way that bzgrep processed file names.  If a
user could be tricked into running bzgrep on a file with a special
file name, it would be possible to execute arbitrary code with the
privileges of the user running bzgrep.
As well, the bzip2 package provided with Mandriva Linux 2006 did not
the patch applied to correct CVE-2005-0953 which was previously fixed

by MDKSA-2005:091; those packages are now properly patched.
The updated packages have been patched to correct these problems.

http://www.linuxsecurity.com/content/view/121448


* Mandriva: Updated gzip packages fix zgrep vulnerabilities
  30th, January, 2006

Zgrep in gzip before 1.3.5 does not properly sanitize arguments,
which allows local users to execute arbitrary commands via filenames
that are injected into a sed script. This was previously corrected in
MDKSA-2005:092, however the fix was incomplete.  These updated
packages provide a more comprehensive fix to the problem.

http://www.linuxsecurity.com/content/view/121450


* Mandriva: Updated php packages fix XSS and response splitting
vulnerabilities
  1st, February, 2006

Multiple response splitting vulnerabilities in PHP allow remote
attackers to inject arbitrary HTTP headers via unknown attack
vectors, possibly involving a crafted Set-Cookie header, related to
the (1) session extension (aka ext/session) and the (2) header
function. (CVE-2006-0207) Multiple cross-site scripting (XSS)
vulnerabilities in PHP allow remote attackers to inject arbitrary web
script or HTML via unknown attack vectors in  "certain error
conditions." (CVE-2006-0208).

http://www.linuxsecurity.com/content/view/121474


* Mandriva: Updated libast packages fixes buffer overflow
vulnerability
  2nd, February, 2006


Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1
and earlier, as used in Eterm and possibly other software, allows
local users to execute arbitrary code as the utmp user via a long -X
argument. The updated packages have been patched to correct this
issue.

http://www.linuxsecurity.com/content/view/121491


* Mandriva: Updated poppler packages fixes heap-based buffer overflow
vulnerability
  2nd, February, 2006


Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
cause a denial of service and possibly execute arbitrary code via
crafted splash images that produce certain values that exceed the
width or height of the associated bitmap. Poppler uses a copy of the
xpdf code and as such has the same issues.

The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121492


* Mandriva: Updated kdegraphics packages fixes heap-based buffer
overflow vulnerability
  2nd, February, 2006


Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
cause a denial of service and possibly execute arbitrary code via
crafted splash images that produce certain values that exceed the
width or height of the associated bitmap. Kdegraphics-kpdf uses a
copy of the xpdf code and as such has the same issues. The updated
packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121493


* Mandriva: Updated xpdf packages fixes heap-based buffer overflow
vulnerability
  2nd, February, 2006

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to
cause a denial of service and possibly execute arbitrary code via
crafted splash images that produce certain values that exceed the
width or height of the associated bitmap. The updated packages have
been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121494


* Mandriva: Updated OpenOffice.org packages fix issue with disabled
hyperlinks
  2nd, February, 2006

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled,
does not prevent the user from clicking the WWW-browser button in the
Hyperlink dialog, which makes it easier for attackers to trick the
user into bypassing intended security settings. Updated packages are
patched to address this issue.

http://www.linuxsecurity.com/content/view/121495


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: kernel security update
  27th, January, 2006

Updated kernel packages that fix several security issues in the
Red Hat Enterprise Linux 3 kernel are now available.

http://www.linuxsecurity.com/content/view/121279


* RedHat: Moderate: tetex security update
  27th, January, 2006

Updated tetex packages that fix several integer overflows are now
available.

http://www.linuxsecurity.com/content/view/121280


* RedHat: Critical: kdelibs security update
  27th, January, 2006

Updated kdelibs packages are now available for Red Hat Enterprise
Linux 4.

http://www.linuxsecurity.com/content/view/121281


* RedHat: Important: kernel security update
  1st, February, 2006

Updated kernel packages that fix a number of security issues as well
as other bugs are now available for Red Hat Enterprise Linux 2.1 (64 bit
architectures). This security advisory has been rated as having important
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121471


* RedHat: Important: kernel security update
  1st, February, 2006

Updated kernel packages that fix a number of security issues as well
as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit
architectures) This security advisory has been rated as having important
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121472


* RedHat: Moderate: gd security update
  1st, February, 2006

Updated gd packages that fix several buffer overflow flaws are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121473


* RedHat: Critical: mozilla security update
  2nd, February, 2006

Updated mozilla packages that fix several security bugs are now
available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121482


* RedHat: Critical: firefox security update
  2nd, February, 2006

An updated firefox package that fixes several security bugs is now
available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121483



+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: xpdf,kpdf,gpdf,kword
  27th, January, 2006

"infamous41md", Chris Evans and Dirk Mueller discovered multiple
places in xpdf code where integer variables are insufficiently
checked for range or overflow. Specially crafted PDF files could
lead to executing arbitrary code.

http://www.linuxsecurity.com/content/view/121427


* SuSE: novell-nrm remote heap overflow
  27th, January, 2006

iDEFENSE reported a security problem with the Novell Remote Manager.

http://www.linuxsecurity.com/content/view/121428


* SuSE: kdelibs3 (SUSE-SA:2006:003)
  27th, January, 2006

Maksim Orlovich discovered a bug in the JavaScript interpreter used
by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow
that causes the browser to crash or execute arbitrary code.
Attackers could trick users into visiting specially crafted web
sites that exploit this bug (CVE-2006-0019).

http://www.linuxsecurity.com/content/view/121429


* SuSE: phpMyAdmin (SUSE-SA:2006:004)
  27th, January, 2006

Stefan Esser discovered a bug in in the register_globals emulation
of phpMyAdmin that allowes to overwrite variables. An attacker
could exploit the bug to ultimately execute code (CVE-2005-4079).

http://www.linuxsecurity.com/content/view/121430


* SuSE: nfs-server/rpc.mountd remote code
  27th, January, 2006

An remotely exploitable problem exists in the rpc.mountd service in
the user space NFS server package "nfs-server".


http://www.linuxsecurity.com/content/view/121431


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list