Information Security News mailing list archives

Linux Advisory Watch: November 9th, 2007

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 12 Nov 2007 00:04:53 -0600 (CST)

|                                    Weekly Newsletter |
| November 9th, 2007                                 Volume 8, Number 45 |
|                                                                        |
| Editorial Team:                Dave Wreski <dwreski () linuxsecurity com> |
|                         Benjamin D. Thomas <bthomas () linuxsecurity com> |

Thank you for reading the weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week advisories were released for gallery2, phpmyadmin, gforge,
perl, iceape, pcre3, perdition, mono, glib2, xfs, autofs, netpbm,
ghostscript, perl, pwlib, opal, xen, openldap, poppler, tetex, xpdf,
cups, conga, wireshark, httpd, mcstrans, tcpdump, openssh, pam, coolkey,
jboss, cups, and compiz. The distributors include Debian, Fedora,
Mandriva, Red Hat, and Ubuntu.


Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.


Review: Linux Firewalls
Security is at the forefront of everyone's mind and a firewall can be an
integral part of your Linux defense. But is Michael's Rash's "Linux
Firewalls," the newest release from NoStarchPress, up for the challenge?
Eckie S. here at gives you the low-down on this newest
addition to the Linux security resource library and how it's one of the
best ways to crack down on attacks to your Linux network.


State of Linux Security Survey
It is customary for communities of every sphere to stand up occasionally,
and take a good, long look at what=92s going on in the world around them.
For us here at, we felt it was a great opportunity to
put it all together.

Since 1996, has been bringing open source news,
HOW-TOs, Feature stories and more to the open source community with
comprehensive coverage.  As one of the veterans in this area, we=92d like
to see you chime in.  With so much going on in Linux and security, what
does the community really care about?

-->  Take advantage of the Quick Reference Card!  <--
-->             <--


* EnGarde Secure Community v3.0.17 Now Available (Oct 9)
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.17 (Version 3.0, Release 17).  This release includes many
  updated packages and bug fixes, some feature enhancements to Guardian
  Digital WebTool and the SELinux policy, and a few new features.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source, and
  has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database,
  e-mail security and even e-commerce.


* Debian: New gallery2 packages fix privilege escalation (Nov 8)
  Nicklous Roberts discovered that the Reupload module of Gallery 2, a
  web based photo management application, allowed unauthorized users to
  edit Gallery's data file.

* Debian: New phpmyadmin packages fix cross-site scripting (Nov 8)
  Omer Singer of the DigiTrust Group discovered several vulnerabilities
  in phpMyAdmin, an application to administrate MySQL over the WWW. The
  Common Vulnerabilities and Exposures project identifies, phpMyAdmin
  allows a remote attacker to inject arbitrary web script or HTML in the
  context of a logged in user's session (cross site scripting).

* Debian: New gforge packages fix several vulnerabilities (Nov 7)
  Steve Kemp from the Debian Security Audit project discovered that
  gforge, a collaborative development tool, used temporary files
  insecurely which could allow local users to truncate files upon the
  system with the privileges of the gforge user, or create a denial of
  service attack.

* Debian: New perl packages fix arbitrary code execution (Nov 6)
  Will Drewry and Tavis Ormandy of the Google Security Team have
  discovered a UTF-8 related heap overflow in Perl's regular expression
  compiler, probably allowing attackers to execute arbitrary code by
  compiling specially crafted regular expressions.

* Debian: New iceape packages fix several vulnerabilities (Nov 5)
  Several remote vulnerabilities have been discovered in the Iceape
  internet suite, an unbranded version of the Seamonkey Internet Suite.
  The Common Vulnerabilities and Exposures project identifies the
  following problems: Michal Zalewski discovered that the unload event
  handler had access to the address of the next page to be loaded, which
  could allow information disclosure or spoofing.

* Debian: New pcre3 packages fix arbitrary code execution (Nov 5)
  Tavis Ormandy of the Google Security Team has discovered several
  security issues in PCRE, the Perl-Compatible Regular Expression
  library, which potentially allow attackers to execute arbitrary code by
  compiling specially crafted regular expressions.f

* Debian: New perdition packages fix arbitrary code execution (Nov 5)
  Bernhard Mueller of SEC Consult has discovered a format string
  vulnerability in perdition, an IMAP proxy.  This vulnerability could
  allow an unauthenticated remote user to run arbitrary code on the
  perdition server by providing a specially formatted IMAP tag.

* Debian: New mono packages fix integer overflow (Nov 3)
  An integer overflow in the BigInteger data type implementation has been
  discovered in the free .NET runtime Mono.


* Fedora 8 Update: glib2-2.14.3-1.fc8 (Nov 8)
  The latest stable upstream release of GLib includes a new version of
  PCRE, which fixes several vulnerabilities.


* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
  Multiple vulnerabilities were discovered by Tavis Ormandy and Will
  Drewry in the way that pcre handled certain malformed regular
  expressions.=09If an application linked against pcre, such as Konqueror,
  parses a malicious regular expression, it could lead to the execution
  of arbitrary code as the user running the application. Updated packages
  have been patched to prevent this issue.

* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
  Multiple vulnerabilities were discovered by Tavis Ormandy and Will
  Drewry in the way that pcre handled certain malformed regular
  expressions.=09If an application linked against pcre, such as Konqueror,
  parses a malicious regular expression, it could lead to the execution
  of arbitrary code as the user running the application. Updated packages
  have been patched to prevent this issue.

* Mandriva: Updated xfs package prevents arbitrary code (Nov 6)
  Integer overflow in the build_range function in X.Org X Font Server
  (xfs) before 1.0.5 allows context-dependent attackers to execute
  arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol
  requests with crafted size values, which triggers a heap-based buffer

* Mandriva: Updated autofs package fixes issue when used with (Nov 6)
  The autofs init script was missing a dependency on ypbind, preventing a
  correct initialisation order in parallel mode, when storing autofs
  configuration in NIS (bug #34559). The updated package fixes this

* Mandriva: Updated netpbm packages fix vulnerability (Nov 6)
  A function in the JasPer JPEG-2000 library before 1.900 could allow a
  remote user-assisted attack to cause a crash and possibly corrupt the
  heap via malformed image files. netpbm contains an embedded copy of
  libjasper and as such is vulnerable to this issue. Updated packages
  have been patched to prevent this issue.

* Mandriva: Updated ghostscript packages fix vulnerability (Nov 6)
  A function in the JasPer JPEG-2000 library before 1.900 could allow a
  remote user-assisted attack to cause a crash and possibly corrupt the
  heap via malformed image files. Newer versions of ghostscript contain
  an embedded copy of libjasper and as such is vulnerable to this issue.
  Updated packages have been patched to prevent this issue.

* Mandriva: Updated perl packages fix vulnerability (Nov 6)
  Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular
  expression engine.  Specially crafted input to a regular expression can
  cause Perl to improperly allocate memory, resulting in the possible
  execution of arbitrary code with the permissions of the user running
  Perl. Updated packages have been patched to prevent these issues.

* Mandriva: Updated pwlib packages fix vulnerability (Nov 2)
  A memory management flaw was discovered in PWLib, that an attacker
  could use to crash an application linked with it, such as Ekiga.
  Updated packages have been patched to prevent these issues.

* Mandriva: Updated opal packages fix vulnerability (Nov 2)
  A flaw in opal, the Open Phone Abstraction Library, was found in how it
  handles certain Session Initiation Protocol (SIP) packets. An attacker
  could use this vulnerability to crash an application linked to opal,
  such as Ekiga. Updated packages have been patched to prevent these

* Mandriva: Updated xen packages fix multiple vulnerabilities (Nov 1)
  Tavis Ormandy discovered a heap overflow flaw during video-to-video
  copy operations in the Cirrus VGA extension code that is used in Xen. A
  malicious local administrator of a guest domain could potentially
  trigger this flaw and execute arbitrary code outside of the domain


* RedHat: Important: openldap security and enhancement (Nov 8)
  Updated openldap packages that fix a security flaw are now available
  for Red Hat Enterprise Linux 5. A flaw was found in the way OpenLDAP's
  slapd daemon handled malformed objectClasses LDAP attributes. A local
  or remote attacker could create an LDAP request which could cause a
  denial of service by crashing slapd. This update has been rated as
  having important security impact by the Red Hat Security Response Team.

* RedHat: Important: poppler security update (Nov 7)
  Updated poppler packages that fix several security issues are now
  available for Red Hat Enterprise Linux 5.  Alin Rad Pop discovered
  several flaws in the handling of PDF files. An attacker could create a
  malicious PDF file that would cause an application linked with poppler
  to crash, or potentially execute arbitrary code when opened. This
  update has been rated as having important security impact by the Red
  Hat Security Response Team.

* RedHat: Important: tetex security update (Nov 7)
  Updated tetex packages that fix a security issue are now available for
  Red Hat Enterprise Linux 2.1 and 3.  Alin Rad Pop discovered a flaw in
  the handling of PDF files. An attacker could create a malicious PDF
  file that would cause TeTeX to crash, or potentially execute arbitrary
  code when opened. This update has been rated as having important
  security impact by the Red Hat Security Response Team.

* RedHat: Important: xpdf security update (Nov 7)
  Updated xpdf packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered
  several flaws in the handling of PDF files. An attacker could create a
  malicious PDF file that would cause Xpdf to crash, or potentially
  execute arbitrary code when opened. This update has been rated as
  having important security impact by the Red Hat Security Response Team.

* RedHat: Important: xpdf security update (Nov 7)
  Updated xpdf packages that fix several security issues are now
  available for Red Hat Enterprise Linux 3. Alin Rad Pop discovered
  several flaws in the handling of PDF files. An attacker could create a
  malicious PDF file that would cause Xpdf to crash, or potentially
  execute arbitrary code when opened.=09This update has been rated as
  having important security impact by the Red Hat Security Response Team.

* RedHat: Important: xpdf security update (Nov 7)
  Updated xpdf packages that fix several security issues are now
  available for Red Hat Enterprise Linux 2.1. A flaw was found in the
  t1lib library, used in the handling of Type 1 fonts. An attacker could
  create a malicious file that would cause Xpdf to crash, or potentially
  execute arbitrary code when opened. This update has been rated as
  having important security impact by the Red Hat Security Response Team.

* RedHat: Important: cups security update (Nov 7)
  Updated CUPS packages that fix several security issues are now
  available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered
  several flaws in the handling of PDF files. An attacker could create a
  malicious PDF file that would cause CUPS to crash or potentially
  execute arbitrary code when printed.=09This update has been rated as
  having important security impact by the Red Hat Security Response Team.

* RedHat: Important: cups security update (Nov 7)
  Updated cups packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4.  Alin Rad Pop discovered
  several flaws in the handling of PDF files. An attacker could create a
  malicious PDF file that would cause CUPS to crash or potentially
  execute arbitrary code when printed. This update has been rated as
  having important security impact by the Red Hat Security Response Team.

* RedHat: Important: cups security update (Nov 7)
  Updated cups packages that fix several security issues are now
  available for Red Hat Enterprise Linux 3. Alin Rad Pop discovered a
  flaw in the handling of PDF files. An attacker could create a malicious
  PDF file that would cause CUPS to crash or potentially execute
  arbitrary code when printed. This update has been rated as having
  important security impact by the Red Hat Security Response Team.

* RedHat: Important: gpdf security update (Nov 7)
  Updated gpdf packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered
  several flaws in the handling of PDF files. An attacker could create a
  malicious PDF file that would cause gpdf to crash, or potentially
  execute arbitrary code when opened.  This update has been rated as
  having important security impact by the Red Hat Security Response Team.

* RedHat: Moderate: conga security, bug fix, (Nov 7)
  Updated conga packages that correct a security flaw and provide bug
  fixes and add enhancements are now available. A flaw was found in ricci
  during a code audit.=09A remote attacker who is able to connect to ricci
  could cause ricci to temporarily refuse additional connections, a
  denial of service. This update has been rated as having moderate
  security impact by the Red Hat Security Response Team.

* RedHat: Low: wireshark security update (Nov 7)
  New Wireshark packages that fix various security vulnerabilities are
  now available for Red Hat Enterprise Linux 5.  Wireshark was previously
  known as Ethereal.  Several denial of service bugs were found in
  Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol
  dissectors.  It was possible for Wireshark to crash or stop responding
  if it read a malformed packet off the network. This update has been
  rated as having low security impact by the Red Hat Security Response

* RedHat: Moderate: httpd security, bug fix, (Nov 7)
  Updated httpd packages that fix a security issue, fix various bugs, and
  add enhancements, are now available for Red Hat Enterprise Linux 5.
  This update has been rated as having moderate security impact by the
  Red Hat Security Response Team.

* RedHat: Low: mcstrans security and bug fix update (Nov 7)
  An updated mcstrans package that fixes a security issue and a bug is
  now available. An algorithmic complexity weakness was found in the way
  the mcstrans daemon handled ranges of compartments in sensitivity
  labels. A local user could trigger this flaw causing mctransd to
  temporarily stop responding to other requests; a partial denial of
  service. This update has been rated as having low security impact by
  the Red Hat Security Response Team.

* RedHat: Moderate: tcpdump security and bug fix update (Nov 7)
  Updated tcpdump packages that fix a security issue and functionality
  bugs are now available. Moritz Jodeit discovered a denial of service
  bug in the tcpdump IEEE 802.11 processing code. If a certain link type
  was explicitly specified, an attacker could inject a carefully crafted
  frame onto the IEEE 802.11 network that could crash a running tcpdump
  session. This update has been rated as having moderate security impact
  by the Red Hat Security Response Team.

* RedHat: Moderate: openssh security and bug fix update (Nov 7)
  Updated openssh packages that fix a security issue and various bugs are
  now available. A flaw was found in the way the ssh server wrote account
  names to the audit subsystem. An attacker could inject strings
  containing parts of audit messages, which could possibly mislead or
  confuse audit log parsing tools. This update has been rated as having
  moderate security impact by the Red Hat Security Response Team.

* RedHat: Moderate: pam security, bug fix, (Nov 7)
  Updated pam packages that fix two security flaws, resolve several bugs,
  and add enhancements are now available for Red Hat Enterprise Linux 5.
  A flaw was found in the way pam_console set console device permissions.
  It was possible for various console devices to retain ownership of the
  console user after logging out, possibly leaking information to another
  local user. This update has been rated as having moderate security
  impact by the Red Hat Security Response Team.

* RedHat: Low: coolkey security and bug fix update (Nov 7)
  Updated coolkey packages that fix a security issue and various bugs are
  now available for Red Hat Enterprise Linux 5. Steve Grubb discovered a
  flaw in the way coolkey created a temporary directory. A local attacker
  could perform a symlink attack and cause arbitrary files to be
  overwritten. This update has been rated as having low security impact
  by the Red Hat Security Response Team.

* RedHat: Important: perl security update (Nov 5)
  Updated Perl packages that fix a security issue are now available for
  Red Hat Enterprise Linux 3, 4, and 5. A flaw was found in Perl's
  regular expression engine. Specially crafted input to a regular
  expression can cause Perl to improperly allocate memory, possibly
  resulting in arbitrary code running with the permissions of the user
  running Perl. This update has been rated as having important security
  impact by the Red Hat Security Response Team.

* RedHat: Important: perl security update (Nov 5)
  Updated Perl packages that fix security issues for Red Hat Application
  Stack v1.2 are now available.  A flaw was found in Perl's regular
  expression engine. Specially crafted input to a regular expression can
  cause Perl to improperly allocate memory, possibly resulting in
  arbitrary code running with the permissions of the user running Perl.
  This update has been rated as having important security impact by the
  Red Hat Security Response Team.

* RedHat: Critical: pcre security update (Nov 5)
  Updated pcre packages that correct two security flaws are now available
  for Red Hat Enterprise Linux 5. Multiple flaws were found in the way
  pcre handles certain malformed regular expressions. If an application
  linked against pcre, such as Konqueror, parses a malicious regular
  expression, it may be possible to run arbitrary code as the user
  running the application. This update has been rated as having critical
  security impact by the Red Hat Security Response Team.

* RedHat: Critical: pcre security update (Nov 5)
  Updated pcre packages that correct two security flaws are now available
  for Red Hat Enterprise Linux 4.  Multiple flaws were found in the way
  pcre handles certain malformed regular expressions. If an application
  linked against pcre, such as Konqueror, parses a malicious regular
  expression, it may be possible to run arbitrary code as the user
  running the application.  This update has been rated as having critical
  security impact by the Red Hat Security Response Team.

* RedHat: Moderate: JBoss Enterprise Application Platform (Nov 5)
  Updated JBoss Enterprise Application Platform packages that fix several
  security issues and bugs are now available for Red Hat Application
  Stack v1 and v2. Tomcat incorrectly treated a single quote character
  (') in a cookie value as a delimiter. In some circumstances this lead
  to the leaking of information such as session ID to an attacker. This
  update has been rated as having moderate security impact by the Red Hat
  Security Response Team.

* RedHat: Important: kernel security update (Nov 1)
  Updated kernel packages that fix various security issues in the Red Hat
  Enterprise Linux 4 kernel are now available. A flaw was found in the
  aacraid SCSI driver. This allowed a local user to make ioctl calls to
  the driver that should be restricted to privileged users. This update
  has been rated as having important security impact by the Red Hat
  Security Response Team.


* Slackware:   cups (Nov 2)
  CUPS was found to contain errors in ipp.c which could allow a remote
  attacker to crash CUPS, resulting in a denial of service.  If you use
  CUPS, it is recommended to update to the latest package for your
  version of Slackware. The latest cups package is available for
  Slackware -current, and patched packages are available for Slackware
  8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0,  and 12.0 that fix the problems.


* Ubuntu:  CUPS vulnerability (Nov 6)
  Alin Rad Pop discovered that CUPS did not correctly validate buffer
  lengths when processing IPP tags.  Remote attackers successfully
  exploiting this vulnerability would gain access to the non-root CUPS
  user in Ubuntu 6.06 LTS, 6.10, and 7.04.  In Ubuntu 7.10, attackers
  would be isolated by the AppArmor CUPS profile.

* Ubuntu:  Compiz vulnerability (Nov 2)
  USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were
  incomplete, and only reduced the scope of the vulnerability, without
  fully solving it. This update fixes related problems in compiz.
  Original advisory details:  Jens Askengren discovered that
  gnome-screensaver became confused when  running under Compiz, and could
  lose keyboard lock focus. A local attacker  could exploit this to
  bypass the user's locked screen saver.

Distributed by: Guardian Digital, Inc.      

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.

Visit InfoSec News

Current thread: