This week advisories were released for java, abiworld, cyrus, squirrelmail, libgd1, openssl, hpsockd, policycoreutils, prelink, libselinux, udev, tcpdump, samba, gaim, FreeBSD kernel, phpMyAdmin, libxpm4, kde, amavisd, open motif, linux kernel, and cyrus-imapd. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Trustix, Red Hat, and SuSE.

Open Letter to Linux Security Community

Welcome to the new LinuxSecurity.com! I must admit, I am really proud of what we have been able to accomplish over the years. LinuxSecurity.com has grown from a small idea that a couple of security geeks had in 1999, to a major and well respected Linux resource. With an all new look & feel, organizational changes, security events, and additions to our staff, we hope to better serve the Linux and open source community. Although there are many aesthetic improvements, a major part of our development has focused on creating a content structure and backend system that is easy to update.

Since the beginning, we have been able to maintain one of the largest, if not the largest and most comprehensive Linux advisory archive on the Internet. Through the years, we have scoured the net for thousands of hours to bring fresh and relevant articles, papers, and resources to you. It wasn't easy in the beginning. We had to create the site from scratch and build a community-wide reputation. The site was started in 1999, the middle of the dot-com boom. Dave Wreski, a Linux security expert and the original founder of LinuxSecurity.com had great foresight. He envisioned the widespread use of Linux as well as many other open source tools. Rather than companies spending thousands of dollars on proprietary tools, he saw a world where open source would be respected and adopted because of its flexibility and greater security through open standards and full disclosure...

Click to Read Full Text

LinuxSecurity.com Feature Extras:

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com.

Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.Subscribe ]

Conectiva
Conectiva: java plugin vulnerability
26th, November, 2004

Jouko Pynnonen reported[2], through iDEFENSE, a vulnerability[3] in the plugin mechanism which allows remote attackers to bypass the Java sandbox through the use of javascript.
Conectiva: abiword buffer overflow vulnerability fix
1st, December, 2004

iDefense[3] discovered[4] a buffer overflow vulnerability[5] in the wv library which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application.
Conectiva: cyrus-imapd Multiple vulnerabilities
1st, December, 2004

Stefan Esser from e-matters security recently published[2] several vulnerabilities in cyrus-imapd.
Conectiva: squirrelmail cross site scripting vulnerability fix
2nd, December, 2004

Joost Pol noticed[2] that SquirrelMail is prone to a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the result.
Debian
Debian: libgd1 arbitrary code execution fix
29th, November, 2004

More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine. advisories/debian/debian-libgd1-arbitrary-code-execution-fix-26861
Debian: libgd2 arbitrary code execution fix
29th, November, 2004

More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine. advisories/debian/debian-libgd2-arbitrary-code-execution-fix-76289
Debian: openssl insecure temporary file creation fix
1st, December, 2004

Trustix developers discovered insecure temporary file creation in a supplemental script (der_chop) of the openssl package which may allow local users to overwrite files via a symlink attack. advisories/debian/debian-openssl-insecure-temporary-file-creation-fix
Debian: hpsockd denial of service fix
3rd, December, 2004

"infamous41md" discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect. advisories/debian/debian-hpsockd-denial-of-service-fix
Fedora
Fedora: policycoreutils-1.18.1-2 update Resend with correct id
30th, November, 2004

FixFiles.cron is not needed for targeted policy and needs to be reworked for strict policy. Removing prevents possible relabeling problems. advisories/fedora/fedora-policycoreutils-1181-2-update-resend-with-correct-id-18-07-00-106953
Fedora: policycoreutils-1.18.1-2 update
30th, November, 2004

FixFiles.cron is not needed for targeted policy and needs to be reworked for strict policy. Removing prevents possible relabeling problems. advisories/fedora/fedora-policycoreutils-1181-2-update-18-06-00-106952
Fedora: prelink-0.3.3-0.fc3 update
30th, November, 2004

if layout code needs to re-prelink some library, make sure all libraries that depend on it are re-prelinked too (#140081) advisories/fedora/fedora-prelink-033-0fc3-update-18-05-00-106950
Fedora: libselinux-1.19.1-8 update
30th, November, 2004

Change location of helper applications and remove some debug applications that should not have been part of the distribution. advisories/fedora/fedora-libselinux-1191-8-update-18-06-00-106951
Fedora: udev-039-10.FC3.2 update
30th, November, 2004

Forgot to turn of debugging logging. This release speeds up udev. advisories/fedora/fedora-udev-039-10fc32-update-18-03-00-106948
Fedora: tcpdump-3.8.2-6.FC2.1 update
30th, November, 2004

fixed nfs protocol parsing for 64 bit architectures (bug 132781) advisories/fedora/fedora-tcpdump-382-6fc21-update-18-04-00-106949
Fedora: abiword-2.0.12-7.fc3 update
30th, November, 2004

Fixes for tempnam usages and startup geometry crashes advisories/fedora/fedora-abiword-2012-7fc3-update-18-03-00-106947
Fedora: system-config-securitylevel-1.4.18-2 update
29th, November, 2004

This fixes tracebacks introduced by the libselinux update (#139155) advisories/fedora/fedora-system-config-securitylevel-1418-2-update-17-45-00-106944
Fedora: samba-3.0.9-1.fc2 update
29th, November, 2004

This update closes two security holes: CAN-2004-0882 and CAN-2004-0930 advisories/fedora/fedora-samba-309-1fc2-update-17-41-00-106941
Fedora: samba-3.0.9-1.fc3 update
29th, November, 2004

This update closes two security holes: CAN-2004-0882 and CAN-2004-0930. advisories/fedora/fedora-samba-309-1fc3-update-17-42-00-106942
Fedora: gaim-1.0.2-0.FC2 update
29th, November, 2004

FC2 Update advisories/fedora/fedora-gaim-102-0fc2-update-17-43-00-106943
Fedora: squirrelmail-1.4.3a-6.FC2 update
28th, November, 2004

CAN-2004-1036 Cross Site Scripting in encoded text advisories/fedora/fedora-squirrelmail-143a-6fc2-update-12-56-00-106934
Fedora: squirrelmail-1.4.3a-6.FC3 update
28th, November, 2004

CAN-2004-1036 Cross Site Scripting in encoded text advisories/fedora/fedora-squirrelmail-143a-6fc3-update-12-57-00-106935
Fedora: spamassassin-3.0.1-0.FC3 update
28th, November, 2004

Several important bug fixes in upstream release. advisories/fedora/fedora-spamassassin-301-0fc3-update-12-58-00-106936
Fedora: system-config-date-1.7.13-0.fc3.1 update
29th, November, 2004

enable Gujarati and Tamil translations (#140881) advisories/fedora/fedora-system-config-date-1713-0fc31-update-12-59-00-106937
FreeBSD: Kernel memory disclosure in procfs and linprocfs
2nd, December, 2004

The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed.
Gentoo
Gentoo: Sun and Blackdown Java Applet privilege escalation
29th, November, 2004

The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.
Gentoo: Open DC Hub Remote code execution
28th, November, 2004

Open DC Hub contains a buffer overflow that can be exploited to allow remote code execution.
Gentoo: phpWebSite HTTP response splitting vulnerability
26th, November, 2004

phpWebSite is vulnerable to possible HTTP response splitting attacks.
Gentoo: phpMyAdmin Multiple XSS vulnerabilities
27th, November, 2004

phpMyAdmin is vulnerable to cross-site scripting attacks.
Mandrake
Mandrake: libxpm4 correct issues with previous update
30th, November, 2004

The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependant on the library. In addition, the file path checking in the security updates prevented some applications, like gimp-2.0 from being able to save xpm format images.
Mandrake: kdepim various bugs fix
27th, November, 2004

A number of bugs in kdepim are fixed with this update.
Mandrake: kdelibs various bugs fix
26th, November, 2004

A number of bugs in kdelibs are fixed with this update.
Mandrake: kdebase various bugs fixes
26th, November, 2004

A number of bugs in kdebase are fixed with this update.
Trustix
Trustix: amavisd-new, anaconda, courier-imap, cyrus-imapd, cyrus-sasl, file, kernel, mkbootdisk, mys
29th, November, 2004

Fix amavis user creation on install. Support kickstart files on FTP. Hyperthreading detection.
Red Hat
Red Hat: openmotif image vulnerability fix
2nd, December, 2004

Updated openmotif packages that fix flaws in the Xpm image library are now available. advisories/red-hat/red-hat-openmotif-image-vulnerability-fix-RHSA-2004-537-01
Red Hat: kernel security vulnerabilities fix
2nd, December, 2004

Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. advisories/red-hat/red-hat-kernel-security-vulnerabilities-fix-RHSA-2004-549-01
SuSE
SuSE: various kernel problems
1st, December, 2004

Several security problems have been found and addressed by the SUSE Security Team. The following issues are present in all SUSE Linux based products.
SuSE: cyrus-imapd remote command execution
3rd, December, 2004

Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended.