+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| May 16th, 2008 Volume 9, Number 20 |
| |
| Editorial Team: Dave Wreski <dwreski_at_linuxsecurity.com> |
| Benjamin D. Thomas <bthomas_at_linuxsecurity.com> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, advisories were released for gforge, openssh, openssl,
icedove, sipp, openoffic, libid3tag, InspIRCd, firebird, perl,
drakxtools, hal-info, ImageMagick, libvorbis, xen, gpdf, php,
mozilla-thunderbird, OpenVPN, and Speex. The distributors include
Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26
---
Review: The Book of Wireless
----------------------------
'The Book of Wireless' by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of Wireless
networks today anyone with a computer should at least know the basics of
wireless. Also, with the wireless networking, users need to know how to
protect themselves from wireless networking attacks.
http://www.linuxsecurity.com/content/view/136167
---
April 2008 Open Source Tool of the Month: sudo
----------------------------------------------
This month the editors at LinuxSecurity.com have chosen sudo as the Open
Source Tool of the Month!
http://www.linuxsecurity.com/content/view/135868
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.19 (Version 3.0, Release 19). This release includes many
updated packages and bug fixes and some feature enhancements to the
EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/136174
--------------------------------------------------------------------------
* Debian: New gforge packages fix insecure temporary files (May 14)
-----------------------------------------------------------------
Stephen Gran and Mark Hymers discovered that some scripts run by
GForge, a collaborative development tool, open files in write mode in a
potentially insecure manner. This may be exploited to overwrite
arbitary files on the local system.
http://www.linuxsecurity.com/content/view/136980
* Debian: New openssh packages fix predictable randomness (May 14)
----------------------------------------------------------------
Jan Pechanec discovered that ssh fails back to creating a trusted X11
cookie if creating an untrusted cookie fails, potentially exposing
the local display to a malicious remote server when using X11
forwarding.
http://www.linuxsecurity.com/content/view/136975
* Debian: New openssl packages fix predictable random number generator (May 13)
-------------------------------------------------------------------------
Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable.
http://www.linuxsecurity.com/content/view/136865
* Debian: New Linux 2.6.18 packages fix denial of service (May 12)
----------------------------------------------------------------
Alexander Viro discovered a race condition in the fcntl code that may
permit local users on multi-processor systems to execute parallel code
paths that are otherwise prohibited and gain re-ordered access to the
descriptor table.
http://www.linuxsecurity.com/content/view/136862
* Debian: New icedove packages fix several vulnerabilities (May 12)
-----------------------------------------------------------------
Several remote vulnerabilities have been discovered in the Icedove mail
client, an unbranded version of the Thunderbird client. The Common
Vulnerabilities and Exposures project identifies the following
problems:
http://www.linuxsecurity.com/content/view/136861
--------------------------------------------------------------------------
* Fedora 7 Update: sipp-3.1-1.fc7 (May 10)
----------------------------------------
Bug #444728 - CVE-2008-1959 SIPp stack based buffer overflow in
get_remote_video_port_media()
https://bugzilla.redhat.com/show_bug.cgi?id=3D444728
http://www.linuxsecurity.com/content/view/136739
--------------------------------------------------------------------------
* Gentoo: OpenOffice.org Multiple vulnerabilities (May 14)
--------------------------------------------------------
Multiple vulnerabilities have been reported in OpenOffice.org, possibly
allowing for user-assisted execution of arbitrary code.
http://www.linuxsecurity.com/content/view/136982
* Gentoo: libid3tag Denial of Service (May 14)
--------------------------------------------
A Denial of Service vulnerability was found in libid3tag.
http://www.linuxsecurity.com/content/view/136978
* Gentoo: InspIRCd Denial of Service (May 9)
------------------------------------------
A buffer overflow in InspIRCd allows remote attackers to cause a Denial
of Service.
http://www.linuxsecurity.com/content/view/136736
* Gentoo: Linux Terminal Server Project Multiple vulnerabilities (May 9)
----------------------------------------------------------------------
Multiple vulnerabilities have been discovered in components shipped
with LTSP which allow remote attackers to compromise terminal clients.
http://www.linuxsecurity.com/content/view/136735
* Gentoo: Firebird Data disclosure (May 9)
----------------------------------------
Firebird allows remote connections to the administrative account
without verifying credentials.
http://www.linuxsecurity.com/content/view/136734
--------------------------------------------------------------------------
* Mandriva: Updated perl packages fix denial of service (May 11)
--------------------------------------------------------------
A double free vulnerability in Perl 5.8.8 and earlier versions, allows
context-dependent attackers to cause a denial of service (memory
corruption and crash) via a crafted regular expression containing UTF8
characters. The updated packages have been patched to prevent this.
http://www.linuxsecurity.com/content/view/136857
* Mandriva: Updated drakxtools package fixes various bugs (May 9)
---------------------------------------------------------------
This update fixes several minor issues: - some GUIes (eg: rpmdrake)
would crash on clicking on the close=09 button while they load (bug
#35230) - draksec was crashing if the administrator refused to
install (bug #38911) - localdrake: After changing the localization
language from drakconf in a high security level, the permissions of
/etc/sysconfig/i18n were changed such that the file was only readable
by root. This caused graphical login via kdm to fail (bug #39027)
http://www.linuxsecurity.com/content/view/136738
* Mandriva: Updated hal-info package fixes resume issue (May 8)
-------------------------------------------------------------
An updated hal-info package fixes resume from suspend to RAM on HP
6710b systems. It had previously failed with a black screen on
Mandriva Linux 2008.0.
http://www.linuxsecurity.com/content/view/136731
* Mandriva: Updated ImageMagick packages fix vulnerabilities (May 8)
------------------------------------------------------------------
A heap-based buffer overflow vulnerability was found in how ImageMagick
parsed XCF files. If ImageMagick opened a specially-crafted XCF file,
it could be made to overwrite heap memory beyond the bounds of its
allocated memory, potentially allowing an attacker to execute arbitrary
code on the system running ImageMagick (CVE-2008-1096).
http://www.linuxsecurity.com/content/view/136729
--------------------------------------------------------------------------
* RedHat: Important: libvorbis security update (May 14)
-----------------------------------------------------
Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5. This update has
been rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/136972
* RedHat: Important: libvorbis security update (May 14)
-----------------------------------------------------
Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 2.1. This update has been rated
as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/136973
* RedHat: Important: xen security and bug fix update (May 13)
-----------------------------------------------------------
Daniel P. Berrange discovered that the hypervisor's para-virtualized
framebuffer (PVFB) backend failed to validate the format of messages
serving to update the contents of the framebuffer. This could allow a
malicious user to cause a denial of service, or compromise the
privileged domain (Dom0). (CVE-2008-1944)
http://www.linuxsecurity.com/content/view/136866
* RedHat: Important: gpdf security update (May 8)
-----------------------------------------------
Kees Cook discovered a flaw in the way gpdf displayed malformed fonts
embedded in PDF files. An attacker could create a malicious PDF file
that would cause gpdf to crash, or, potentially, execute arbitrary code
when opened. (CVE-2008-1693)
http://www.linuxsecurity.com/content/view/136721
--------------------------------------------------------------------------
* Slackware: php (May 8)
------------------------
New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,
and -current to fix security issues. Note that PHP5 is not the default
PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is
not ready for PHP5, don't upgrade until it is or you'll (by definition)
run into problems. More details about one of the issues may be found in
the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-0599
http://www.linuxsecurity.com/content/view/136719
* Slackware: mozilla-thunderbird (May 8)
----------------------------------------
New mozilla-thunderbird packages are available for Slackware 10.2,
11.0, 12.0, 12.1, and -current to fix security issues, including
crashes that can corrupt memory, as well as a JavaScript privilege
escalation and arbitrary code execution flaw. More details about these
issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thu
nderbird
http://www.linuxsecurity.com/content/view/136720
--------------------------------------------------------------------------
* Ubuntu: OpenVPN regression (May 14)
------------------------------------
USN-612-3 addressed a weakness in OpenSSL certificate and keys
generation in OpenVPN by adding checks for vulnerable certificates and
keys to OpenVPN. A regression was introduced in OpenVPN when using TLS
and multi-client/server which caused OpenVPN to not start when using
valid SSL certificates.
http://www.linuxsecurity.com/content/view/136983
* Ubuntu: OpenSSH update (May 14)
--------------------------------
Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with
options (such as "no-port-forwarding" or forced commands) were ignored
by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This
could cause some compromised keys not to be listed in ssh-vulnkey's
output.
http://www.linuxsecurity.com/content/view/136981
* Ubuntu: ssl-cert vulnerability (May 14)
----------------------------------------
A weakness has been discovered in the random number generator used by
OpenSSL on Debian and Ubuntu systems. As a result of this weakness,
certain encryption keys are much more common than they should be, such
that an attacker could guess the key through a brute-force attack
given minimal knowledge of the system. This=09particularly affects the
use of encryption keys in OpenSSH, OpenVPN and SSL certificates.
http://www.linuxsecurity.com/content/view/136974
* Ubuntu: OpenSSH vulnerability (May 13)
---------------------------------------
A weakness has been discovered in the random number generator used by
OpenSSL on Debian and Ubuntu systems. As a result of this weakness,
certain encryption keys are much more common than they should be, such
that an attacker could guess the key through a brute-force attack given
minimal knowledge of the system. This particularly affects the use of
encryption keys in OpenSSH.
http://www.linuxsecurity.com/content/view/136970
* Ubuntu: OpenSSL vulnerability (May 13)
---------------------------------------
A weakness has been discovered in the random number generator used by
OpenSSL on Debian and Ubuntu systems. As a result of this weakness,
certain encryption keys are much more common than they should be, such
that an attacker could guess the key through a brute-force attack given
minimal knowledge of the system. This particularly affects the use of
encryption keys in OpenSSH, OpenVPN and SSL certificates.
http://www.linuxsecurity.com/content/view/136870
* Ubuntu: GStreamer Good Plugins vulnerability (May 8)
-----------------------------------------------------
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
http://www.linuxsecurity.com/content/view/136728
* Ubuntu: vorbis-tools vulnerability (May 8)
-------------------------------------------
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
http://www.linuxsecurity.com/content/view/136726
* Ubuntu: Speex vulnerability (May 8)
------------------------------------
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
http://www.linuxsecurity.com/content/view/136725
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request_at_linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Received on May 19 2008
Intro
