Linux Advisory Watch: November 17th 2006

The following CVEIDs are addressed: CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116

advisories/debian/debian-new-phpmyadmin-packages-fix-several-vulnerabilities-72435

Updated package.

advisories/debian/debian-new-bugzilla-packages-fix-several-vulnerabilities

Updated package.

advisories/debian/debian-new-trac-packages-fix-cross-site-request-forgery-63409

Updated package.

advisories/debian/debian-new-trac-packages-fix-cross-site-request-forgery-63409

Updated package.

advisories/debian/debian-new-mozilla-firefox-packages-fix-several-vulnerabilities-71271

Updated package.

advisories/debian/debian-new-pdns-packages-fix-arbitrary-code-execution

Two denial of service vulnerabilities have been found in the OpenSSH server. CVE-2006-4924: The sshd support for ssh protcol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. CVE-2006-5051: A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.

advisories/debian/debian-new-openssh-packages-fix-denial-of-service

Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.8 that corrects these issues.

advisories/fedora/fedora-core-5-update-firefox-1508-1fc5-12-16-00-125654

CVE IDs: CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809 M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. Fedora Extras versions earlier then the versions mentioned above are vulnerable to this problem, upgrade to fix this vulnerability.

advisories/fedora/fedora-extras-3-4-5-6-devel-121-2-fe-3-4-130-3-fe-5-6-devel-12-16-00-125656

Bugzilla is vulnerable to cross-site scripting, script injection, and request forgery.

An incorrect seteuid() call could allow an FTP user to access some files or directories that would normally be inaccessible.

Several Denial of Service vulnerabilities have been identified in OpenSSH.

GraphicsMagick improperly handles PALM and DCM images, potentially resulting in the execution of arbitrary code.

RPM is vulnerable to a buffer overflow and possibly the execution of arbitrary code when opening specially crafted packages.

An error in gnuplot was causing it to fail with a segmentation fault whenever the user attempted to produce a graphical plot via the default 'x11' term. The updated package corrects this error and allows graphical plotting via X11.

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.8. This update provides the latest Firefox to correct these issues.

There were some problems with the menu system in Mandriva Linux 2007. Some menu categories were not displayed or properly translated, and editing the menus with the GNOME menu editor (alacarte) was not working. This update fixes these problems.

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.8. This update provides the latest Thunderbird to correct these issues.

The Ical package in Mandriva Linux 2007 fails to run due to old code that does not work with current versions of TCL. Additionally, the application did not appear in the menu and the URL was obsolete. This updated package fixes these issues.

For the Mandriva 2007.0 release, the webmin package received a patch to the operating system detection code to cope with the Mandriva name change. This patch unfortunately introduced a problem where many webmin modules would no longer work, like cron, MySQL and many others.

Opensc is a library for accessing smart card devices. This update fixes a problem which prevented Oberthur smart cards from being recognized and used.

The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem (CVE-2006-4339). BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3.

An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue.

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities.

PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities.

Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities.

Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities.

New Wireshark packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-wireshark-security-update-RHSA-2008-0890-01

Updated PHP packages that fix a security issue are now available for the Red Hat Application Stack. This update has been rated as having important security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-important-php-security-update-98171

Updated nss_ldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-nssldap-security-update-RHSA-2006-0719-01

Updated openssh packages that fix an authentication flaw are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-low-openssh-security-update-96847

An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-critical-elinks-security-update-RHSA-2006-0742-01

New Firefox and Thunderbird packages are available for Slackware 10.2 and 11.0 to fix security issues. In addition, a new Seamonkey package is available for Slackware 11.0 to fix similar issues.

Updated package.

Updated package.

Updated package.

CVE-2006-5465: Various buffer overflows in htmlentities / htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used.

The following CVEIDs are addresed by this vulnerability: CVE-2006-5464 CVE-2006-5747 CVE-2006-5748 CVE-2006-5462 CVE-2006-5463

Two security problem have been found and fixed in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

Two security problems that have been found in PowerDNS are fixed by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space and crash.

Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges.

advisories/ubuntu/ubuntu-texinfo-vulnerability

Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service.

advisories/ubuntu/ubuntu-avahi-vulnerability-89019