[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Linux Advisory Watch - September 21st 2007

|  LinuxSecurity.com                               Weekly Newsletter  |
|  September 21st 2007                           Volume 8, Number 38a |

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each

This week advisories were released for openoffice, vim, realplayer,
flac123, eggdrop, id3lib, tar, phpwiki, gdm, popler, qt, cacti,
avahi, libvorbis, xorg, nfs-utils-lib, php, quagga, and t11lib.
The distributors include Debian, Gentoo, Mandriva, Red Hat
and Ubuntu.


>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.



* EnGarde Secure Linux v3.0.16 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.16 (Version 3.0, Release 16). This release includes
many updated packages and bug fixes, some feature enhancements to
Guardian Digital WebTool and the SELinux policy, and a few new



Review: Ruby by Example

Learning a new language cannot be complete without a few 'real
world' examples. 'Hello world!'s and fibonacci sequences are
always nice as an introduction to certain aspects of programming,
but soon or later you crave something meatier to chew on. 'Ruby
by Example: Concepts and Code' by Kevin C. Baird provides a
wealth of knowledge via general to specialized examples of the
dynamic object oriented programming language, Ruby. Want to build
an mp3 playlist processor? How about parse out secret codes from
'Moby Dick'? Read on!



Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Debian           | ----------------------------//

* Debian: New OpenOffice.org packages fix arbitrary code execution
  17th, September, 2007

A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite.  The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate.  A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code.


* Debian: New vim packages fix several vulnerabilities
  19th, September, 2007

 Editors often provide a way to embed editor configuration commands
(aka modelines) which are executed once a file is opened. Harmful
commands are filtered by a sandbox mechanism. It was discovered that
function calls to writefile(), feedkeys() and system() were not filtered,
allowing shell command execution with a carefully crafted file opened in


|  Distribution: Gentoo           | ----------------------------//

* Gentoo: RealPlayer Buffer overflow
  14th, September, 2007

RealPlayer is vulnerable to a buffer overflow allowing for execution
of arbitrary code. A stack-based buffer overflow vulnerability has been
reported in the SmilTimeValue::parseWallClockValue() function in
smlprstime.cpp when handling HH:mm:ss.f type time formats.


* Gentoo: flac123 Buffer overflow
  14th, September, 2007

flac123 is affected by a buffer overflow vulnerability, which could
allow for the execution of arbitrary code.An attacker could entice a
user to play a specially crafted audio file, which could lead to the
execution of arbitrary code with the privileges
of the user running the application.


* Gentoo: Eggdrop Buffer overflow
  15th, September, 2007

A remote stack-based buffer overflow has been discovered in Eggdrop.


* Gentoo: id3lib Insecure temporary file creation
  15th, September, 2007

A vulnerability has been discovered in id3lib allowing local users to
overwrite arbitrary files via a symlink attack.


* Gentoo: GNU Tar Directory traversal vulnerability
  15th, September, 2007

A directory traversal vulnerability has been discovered in GNU Tar.


* Gentoo: MIT Kerberos 5 Multiple
  17th, September, 2007

Two vulnerabilities have been found in MIT Kerberos 5, which could
allow a remote unauthenticated user to execute arbitrary code with
root privileges.


* Gentoo: PhpWiki Authentication bypass
  18th, September, 2007

A vulnerability has been discovered in PhpWiki authentication


* Gentoo: GDM Local Denial of Service
  18th, September, 2007

A local user could send a crafted message to /tmp/.gdm_socket that
would trigger the null pointer dereference and crash GDM, thus
preventing it from managing future displays.


* Gentoo: Poppler Two buffer overflow vulnerabilities
  19th, September, 2007

Poppler is vulnerable to an integer overflow and a stack overflow.


|  Distribution: Mandriva         | ----------------------------//

* Mandriva: Updated qt3/qt4 packages fix vulnerability
  14th, September, 2007

A buffer overflow was found in how Qt expanded malformed Unicode
strings.  If an application linked against Qt parsed a malicious
Unicode string, it could lead to a denial of service or potentially
allow for the execution of arbitrary code.


* Mandriva: Updated cacti packages fix vulnerability
  17th, September, 2007

A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption)
via large values of the graph_start, graph_end, graph_height, or
graph_width parameters. Updated packages have been patched to
prevent this issue.


* Mandriva: Updated avahi packages fix vulnerability
  17th, September, 2007

The Avahi daemon in 0.6.20 and previous allows attackers to cause a
denial of service via empty TXT data over D-Bus, which triggers an
assert error. Updated packages have been patched to prevent this


|  Distribution: Red Hat          | ----------------------------//

* RedHat: Important: openoffice.org security update
  18th, September, 2007

Updated openoffice.org packages to correct a security issue are now
available for Red Hat Enterprise Linux 3, 4, and 5. A heap overflow
flaw was found in the TIFF parser.  An attacker could create a
carefully crafted document containing a malicious TIFF file that
could cause OpenOffice.org to crash or possibly execute arbitrary
code if opened by a victim. This update has been rated as having
important security impact by the Red Hat Security Response Team.


* RedHat: Important: libvorbis security update
  19th, September, 2007

Several flaws were found in the way libvorbis processed audio data.
An attacker could create a carefully crafted OGG audio file in such a
way that it could cause an application linked with libvorbis to crash
or execute arbitrary code when it was opened. This update has been
rated as having important security impact by the Red Hat Security
Response Team.


* RedHat: Moderate: xorg-x11 security update
  19th, September, 2007

A flaw was found in the way X.Org's composite extension handles 32
bit color depth windows while running in 16 bit color depth mode. If an
X.org server has enabled the composite extension, it may be possible for a
malicious authorized client to cause a denial of service (crash) or
potentially execute arbitrary code with the privileges of the X.org
server. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.


* RedHat: Important: nfs-utils-lib security update
  19th, September, 2007

An updated nfs-utils-lib package to correct a security flaw is now
available for Red Hat Enterprise Linux 4. Tenable Network Security
discovered a stack buffer overflow flaw in the RPC library used by
nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger
this flaw and cause the application to crash This update has been
rated as having important security impact by the Red Hat Security
Response Team.


* RedHat: Moderate: php security update
  20th, September, 2007

Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5. Various integer overflow
flaws were found in the PHP gd extension. A script that could be forced to
resize images from an untrusted source could possibly allow a remote
attacker to execute arbitrary code as the apache user.


|  Distribution: Ubuntoo          | ----------------------------//

* Ubuntu:  Quagga vulnerability
  15th, September, 2007

It was discovered that Quagga did not correctly verify OPEN messages
or COMMUNITY attributes sent from configured peers. Malicious
authenticated remote peers could send a specially crafted message which
would cause bgpd to abort, leading to a denial of service.


* Ubuntu:  Qt vulnerability
  18th, September, 2007

Dirk Mueller discovered that UTF8 strings could be made to cause a
small buffer overflow.  A remote attacker could exploit this by sending
specially crafted strings to applications that use the Qt3 library for UTF8
processing, potentially leading to arbitrary code execution with user
privileges, or a denial of service.


* Ubuntu:  X.org vulnerability
  18th, September, 2007

Aaron Plattner discovered that the Composite extension did not
correctly calculate the size of buffers when copying between different
bit depths. An authenticated user could exploit this to execute
arbitrary code with root privileges.


* Ubuntu:  t1lib vulnerability
  19th, September, 2007

It was discovered that t1lib does not properly perform bounds
checking which can result in a buffer overflow vulnerability.  An
attacker could send specially crafted input to applications linked
against t1lib which could result in a DoS or arbitrary code execution.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com