[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Linux Advisory Watch: August 22nd, 2008

| LinuxSecurity.com                                  Weekly Newsletter |
| August 22nd, 2008                                Volume 9, Number 34 |
|                                                                      |
| Editorial Team:              Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> |
|                       Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for postfix, xine-lib, mtr, yelp,
kernel, kdegraphics, amarok, cups, hplip, stunnel, yum-rhn-plugin, and
openwsman.  The distributors include Debian, Gentoo, Mandriva, Red Hat,
SuSE, and Ubuntu.


>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!



Review: Hacking Exposed Linux, Third Edition
"Hacking Exposed Linux" by  ISECOM (Institute for Security and Open
Methodologies) is a guide to help you secure your Linux environment.
This book does not only help improve your security it looks at why you
should. It does this by showing examples of real attacks and rates the
importance of protecting yourself from being a victim of each type of



Security Features of Firefox 3.0
Lets take a look at the security features of the newly released Firefox
3.0. Since it's release on Tuesday I have been testing it out to see
how the new security enhancements work and help in increase user
browsing security.  One of the exciting improvements for me was how
Firefox handles SSL secured web sites while browsing the Internet.
There are also many other security features that this article will look
at. For example, improved plugin and addon security.

Read on for more security features of Firefox 3.0.


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf             <--


* EnGarde Secure Community 3.0.20 Now Available (Aug 19)
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.20 (Version 3.0, Release 20). This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source,
  and has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database,
  e-mail security and even e-commerce.



* Debian: New postfix packages fix installability problem on i386 (Aug 19)
  Note that only specific configurations are vulnerable; the default
  Debian installation is not affected. Only a configuration meeting the
  following requirements is vulnerable:  * The mail delivery style is
  mailbox, with the Postfix built-in	local(8) or virtual(8) delivery
  agents.  * The mail spool directory (/var/spool/mail) is
  user-writeable.  * The user can create hardlinks pointing to
  root-owned symlinks	 located in other directories.


* Debian: New postfix packages fix privilege escalation (Aug 18)
  Sebastian Krahmer discovered that Postfix, a mail transfer agent,
  incorrectly checks the ownership of a mailbox. In some
  configurations, this allows for appending data to arbitrary files as



* Gentoo: Postfix Local privilege escalation (Aug 14)
  Sebastian Krahmer of SuSE has found that Postfix allows to deliver
  mail to root-owned symlinks in an insecure manner under certain
  conditions. Normally, Postfix does not deliver mail to symlinks,
  except to root-owned symlinks, for compatibility with the systems
  using symlinks in /dev like Solaris. Furthermore, some systems like
  Linux allow to hardlink a symlink, while the POSIX.1-2001 standard
  requires that the symlink is followed.



* Mandriva: Subject: [Security Announce] [ MDVSA-2008:178 ] xine-lib (Aug 21)
  Alin Rad Pop found an array index vulnerability in the SDP parser of
  xine-lib.  If a user or automated system were tricked into opening a
  malicious RTSP stream, a remote attacker could possibly execute
  arbitrary code with the privileges of the user using the program


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:177 ] xine-lib (Aug 20)
  Guido Landi found A stack-based buffer overflow in xine-lib that
  could allow a remote attacker to cause a denial of service (crash)
  and potentially execute arbitrary code via a long NSF title
  (CVE-2008-1878). The updated packages have been patched to correct
  this issue.


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:176 ] mtr (Aug 20)
  A stack-based buffer overflow was found in mtr prior to version 0.73
  that allowed remote attackers to execute arbitrary code via a crafted
  DNS PTR record, when called with the --split option (CVE-2008-2357).
  The updated packages provide mtr 0.73 which corrects this issue.


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:175 ] yelp (Aug 20)
  A format string vulnerability was discovered in yelp after version
  2.19.90 and before 2.24 that could allow remote attackers to execute
  arbitrary code via format string specifiers in an invalid URI on the
  command-line or via URI helpers in Firefox, Evolution, or possibly
  other programs (CVE-2008-3533). The updated packages have been
  patched to correct this issue.


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:174 ] kernel (Aug 19)
  Some vulnerabilities were discovered and corrected in the Linux 2.6
  kernel: Linux kernel before, when using certain drivers
  that register a fault handler that does not perform range checks,
  allows local users to access kernel memory via an out-of-range
  offset. (CVE-2008-0007) The asn1 implementation in (a) the Linux
  kernel 2.4 before and 2.6 before, as used in the
  cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does
  not properly validate length values during decoding of ASN.1 BER
  data, which allows remote attackers to cause a denial of service
  (crash) or execute arbitrary code via (1) a length greater than the
  working buffer, which can lead to an unspecified overflow; (2) an oid
  length of zero, which can lead to an off-by-one error; or (3) an
  indefinite length for a primitive encoding. (CVE-2008-1673)


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:173 ] kdegraphics (Aug 19)
  Kees Cook of Ubuntu security found a flaw in how poppler prior to
  version 0.6 displayed malformed fonts embedded in PDF files. An
  attacker could create a malicious PDF file that would cause
  applications using poppler to crash, or possibly execute arbitrary
  code when opened (CVE-2008-1693). This vulnerability also affected
  older versions of kpdf, so the updated packages have been patched to
  correct this issue.


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:171 ] postfix (Aug 15)
  Sebastian Krahmer of the SUSE Security Team discovered a flaw in the
  way Postfix dereferenced symbolic links.  If a local user had write
  access to a mail spool directory without a root mailbox file, it
  could be possible for them to append arbitrary data to files that
  root had write permissions to (CVE-2008-2936).


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:172 ] amarok (Aug 15)
  A flaw in Amarok prior to 1.4.10 would allow local users to overwrite
   arbitrary files via a symlink attack on a temporary file that Amarok
   created with a predictable name (CVE-2008-3699).


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:170 ] cups (Aug 14)
  Thomas Pollet discovered an integer overflow vulnerability in the PNG
  image handling filter in CUPS.  This could allow a malicious user to
  execute arbitrary code with the privileges of the user running CUPS,
  or cause a denial of service by sending a specially crafted PNG image
  to the print server (CVE-2008-1722).


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:169 ] hplip (Aug 14)
  Marc Schoenefeld of the Red Hat Security Response Team discovered a
  vulnerability in the hplip alert-mailing functionality that could
  allow a local attacker to elevate their privileges by using
  specially-crafted packets to trigger alert mails that are sent by the
  root account (CVE-2008-2940).


* Mandriva: Subject: [Security Announce] [ MDVSA-2008:168 ] stunnel (Aug 14)
  A vulnerability was found in the OCSP search functionality in stunnel
  that could allow a remote attacker to use a revoked certificate that
  would be successfully authenticated by stunnel (CVE-2008-2420). This
  flaw only concerns users who have enabled OCSP validation



* RedHat: Moderate: postfix security update (Aug 14)
  Updated postfix packages that fix a security issue are now available
  for Red Hat Enterprise Linux 3, 4, and 5. A flaw was found in the way
  Postfix dereferences symbolic links. If a local user has write access
  to a mail spool directory with no root mailbox, it may be possible
  for them to append arbitrary data to files that root has write
  permission to. This update has been rated as having moderate security
  impact by the Red Hat Security Response Team.


* RedHat: Moderate: yum-rhn-plugin security update (Aug 14)
  Updated yum-rhn-plugin packages that fix a security issue are now
  available for Red Hat Enterprise Linux 5. It was discovered that
  yum-rhn-plugin did not verify the SSL certificate for all
  communication with a Red Hat Network server. An attacker able to
  redirect the network communication between a victim and an RHN server
  could use this flaw to provide malicious repository metadata. This
  metadata could be used to block the victim from receiving specific
  security updates. This update has been rated as having moderate
  security impact by the Red Hat Security Response Team.



* SuSE: openwsman (SUSE-SA:2008:041) (Aug 14)
  The SuSE Security-Team has found two critical issues in the code:
  - two remote buffer overflows while decoding the HTTP basic
  authentication      header (CVE-2008-2234)	 - a possible SSL
  session replay attack affecting the client (depending on	the
  configuration) (CVE-2008-2233)


* SuSE: postfix (SUSE-SA:2008:040) (Aug 14)
  Postfix is a well known MTA. During a source code audit the SuSE
  Security-Team discovered a local privilege escalation bug
  (CVE-2008-2936) as well as a mailbox ownership problem
  (CVE-2008-2937) in postfix. The first bug allowed local users to
  execute arbitrary commands as root while the second one allowed local
  users to read other users mail



* Ubuntu:  xine-lib vulnerabilities (Aug 19)
  Alin Rad Pop discovered an array index vulnerability in the SDP
  parser. If a user or automated system were tricked into opening a
  malicious RTSP stream, a remote attacker may be able to execute
  arbitrary code with the privileges of the user invoking the program.


* Ubuntu:  Postfix vulnerability (Aug 19)
  Sebastian Krahmer discovered that Postfix was not correctly handling
  mailbox ownership when dealing with Linux's implementation of
  hardlinking to symlinks.  In certain mail spool configurations, a
  local attacker could exploit this to append data to arbitrary files
  as the root user. The default Ubuntu configuration was not


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.

Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East!