This week advisories were released for xen-utils, zoph, reprepro, xfce4-terminal, ktorrent, xulrunner, icedove, tllib, dhcp, ImageMagick, HPLIP, MLDonkey, tramp, tikiwiki, pdf kit, sleuth kit, firefox, nfs-utils, hplip, tk, httpd, php, libpng, flac, openssl, kernel, seamonkey, thunderbird, gnome-screensaver, ghostscript, util-linux, and nagios-plugins. The distributors include Debian, Gentoo, Mandriva, Red Hat, and Ubuntu.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
|
|
|
EnGarde Secure Community v3.0.17 Now Available (Oct 9) |
|
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.17 (Version 3.0, Release 17). This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and
even e-commerce.
|
|
|
|
Debian: New xen-utils packages fix file truncation (Oct 25) |
|
Steve Kemp from the Debian Security Audit project discovered that xen-utils,
a collection of XEN administrative tools, used temporary files insecurely
within the xenmon tool allowing local users to truncate arbitrary files. advisories/debian/debian-new-xen-utils-packages-fix-file-truncation
|
|
Debian: New zoph packages fix SQL injection (Oct 24) |
|
It was discovered that zoph, a web based photo management system,
performs insufficient input sanitising, which allows SQL injection.
This is an updated advisory to make the update for oldstable (sarge)
available, which had been uploaded to the wrong suite. advisories/debian/debian-new-zoph-packages-fix-sql-injection-59021
|
|
Debian: New reprepro packages fix authentication bypass (Oct 23) |
|
It was discovered that reprepro, a tool to create a repository of Debian
packages, when updating from a remote site only checks for the validity of
known signatures, and thus does not reject packages with only unknown
signatures. This allows an attacker to bypass this authentication
mechanism advisories/debian/debian-new-reprepro-packages-fix-authentication-bypass
|
|
Debian: New xfce4-terminal packages fix arbitrary command execution (Oct 23) |
|
It was discovered that xfce-terminal, a terminal emulater for the xfce
environment, did not correctly escape arguments passed to the processes
spawned by "Open Link". This allowed malicious links to execute arbitary
commands upon the local system. advisories/debian/debian-new-xfce4-terminal-packages-fix-arbitrary-command-execution
|
|
Debian: New ktorrent packages fix directory traversal (Oct 23) |
|
It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable
to a directory traversal bug which potentially allowed remote users to
overwrite arbitrary files. advisories/debian/debian-new-ktorrent-packages-fix-directory-traversal-27476
|
|
Debian: New xulrunner packages fix several vulnerabilities (Oct 20) |
|
ichal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing. advisories/debian/debian-new-xulrunner-packages-fix-several-vulnerabilities-73165
|
|
Debian: New icedove packages fix several vulnerabilities (Oct 19) |
|
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems... advisories/debian/debian-new-icedove-packages-fix-several-vulnerabilities-99151
|
|
Debian: New t1lib packages fix arbitrary code execution (Oct 18) |
|
Hamid Ebadi has discovered a buffer overflow the intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer library. This flaw could allow an attacker to crash and application using the t1lib shared libraries, and potentially execute arbitrary code within such an application's security context. advisories/debian/debian-new-t1lib-packages-fix-arbitrary-code-execution
|
|
Debian: New zoph packages fix SQL injection (Oct 18) |
|
It was discovered that zoph, a web based photo management system, performs insufficient input sanitising, which allows SQL injection. advisories/debian/debian-new-zoph-packages-fix-sql-injection-59021
|
|
Debian: New dhcp packages fix arbitrary code execution (Oct 18) |
|
It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitary code upon the DHCP server. advisories/debian/debian-new-dhcp-packages-fix-arbitrary-code-execution-36384
|
|
|
|
Gentoo: ImageMagick Multiple vulnerabilities (Oct 24) |
|
ultiple vulnerabilities have been discovered in ImageMagick, possibly
resulting in arbitrary code execution or a Denial of Service.
|
|
Gentoo: HPLIP Privilege escalation (Oct 24) |
|
The hpssd daemon might allow local attackers to execute arbitrary
commands with root privileges.
|
|
Gentoo: MLDonkey Privilege escalation (Oct 24) |
|
The Gentoo MLDonkey ebuild adds a user to the system with a valid login
shell and no password. A remote attacker could log into a vulnerable system as the p2p user.
This would require an installed login service that permitted empty
passwords, such as SSH configured with the "PermitEmptyPasswords yes"
option, a local login console, or a telnet server.
|
|
Gentoo: OpenOffice.org Heap-based buffer overflow (Oct 23) |
|
A heap-based buffer overflow vulnerability has been discovered in
OpenOffice.org, allowing for the remote execution of arbitrary code.
|
|
Gentoo: Star Directory traversal vulnerability (Oct 22) |
|
A directory traversal vulnerability has been discovered in Star.
Robert Buchholz of the Gentoo Security team discovered a directory
traversal vulnerability in the has_dotdot() function which does not
identify //.. (slash slash dot dot) sequences in file names inside tar
files.
|
|
Gentoo: TRAMP Insecure temporary file creation (Oct 20) |
|
The TRAMP package for GNU Emacs insecurely creates temporary files. Stefan Monnier discovered that the tramp-make-tramp-temp-file() function creates temporary files in an insecure manner.
|
|
Gentoo: TikiWiki Arbitrary command execution (Oct 20) |
|
Tikiwiki contains a command injection vulnerability which may allow
remote execution of arbitrary code. ShAnKaR reported that input passed to the "f" array parameter in
tiki-graph_formula.php is not properly verified before being used to execute PHP functions.
|
|
Gentoo: PDFKit, ImageKits Buffer overflow (Oct 18) |
|
PDFKit and ImageKits are vulnerable to an integer overflow and a stack overflow allowing for the user-assisted execution of arbitrary code.
|
|
Gentoo: The Sleuth Kit Integer underflow (Oct 18) |
|
An integer underflow vulnerability has been reported in The Sleuth Kit allowing for the user-assisted execution of arbitrary code.
|
|
Gentoo: util-linux Local privilege escalation (Oct 18) |
|
The mount and umount programs might allow local attackers to gain root privileges.
|
|
|
|
andriva: Updated shared-mime-info packages fix incorrect (Oct 24) |
|
The freedesktop.org MIME type database contains a wrong MIME type for
HTML documents. This information is used by GNOME and other desktop
environments to identify files and could cause trouble with the beagle
desktop search and other applications.
This update corrects this issue.
|
|
andriva: Updated Firefox packages fix multiple (Oct 23) |
|
A number of security vulnerabilities have been discovered and corrected
in the latest Mozilla Firefox program, version 2.0.0.8.
This update provides the latest Firefox to correct these issues.
As well, it provides Firefox 2.0.0.8 for older products.
|
|
andriva: Updated nfs-utils package fixes bug with (Oct 23) |
|
The nfs-utils package had some issues with it's provided initscripts
including: a lack of dependency on portmap made the various services
start in an arbitary order prior to portmap starting, and parallel
execution of rpcidmapd and rpcgss led to a launch failure due to a
sunrpc module loading failure.
The updated packages correct these issues.
|
|
andriva: Updated hplip packages fix vulnerabilities (Oct 22) |
|
A vulnerability in the hpssd tool was discovered where it did not correctly handle shell meta-characters. A local attacker could use this flaw to execute arbitrary commands as the hplip user.
As well, this update fixes a problem with some HP scanners on Mandriva Linux 2007.1, particularly HP PSC 1315, which wouldn't be detected and also fixes a problem with HP 1220 and possibly other models when scanning via the OpenOffice.org suite.
Updated packages have been patched to prevent these issues.
|
|
andriva: Updated tk packages fix vulnerabilities (Oct 18) |
|
A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges. Updated packages have been patched to prevent this issue.
|
|
|
|
RedHat: Moderate: httpd security update (Oct 25) |
|
Updated httpd packages that fix two security issues are now available for
Red Hat Application Stack. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
using a threaded Multi-Processing Module.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-moderate-httpd-security-update-87284
|
|
RedHat: Moderate: php security update (Oct 25) |
|
Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack. Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-moderate-php-security-update-38610
|
|
RedHat: Moderate: libpng security update (Oct 23) |
|
Updated libpng packages that fix security issues are now available for Red
Hat Enterprise Linux. Several flaws were discovered in the way libpng handled various PNG image
chunks. An attacker could create a carefully crafted PNG image file in
such a way that it could cause an application linked with libpng to crash
when the file was manipulated.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-moderate-libpng-security-update-20383
|
|
RedHat: Moderate: php security update (Oct 23) |
|
Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-moderate-php-security-update-38610
|
|
RedHat: Moderate: php security update (Oct 23) |
|
Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 2.1. Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache user.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-moderate-php-security-update-38610
|
|
RedHat: Important: dhcp security update (Oct 23) |
|
An updated dhcp package that corrects a security flaw is now available for
Red Hat Enterprise Linux 2.1. The dhcp package provides the ISC Dynamic Host Configuration Protocol
(DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows
devices to get their own network configuration information from a server.
This update has been rated as having important security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-important-dhcp-security-update-RHSA-2007-0970-01
|
|
RedHat: Important: flac security update (Oct 22) |
|
An updated flac package to correct a security issue is now available for
Red Hat Enterprise Linux 4 and 5. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various music
players.
This update has been rated as having important security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-important-flac-security-update-RHSA-2007-0975-02
|
|
RedHat: Moderate: openssl security update (Oct 22) |
|
Updated OpenSSL packages that correct security issues are now available for
Red Hat Enterprise Linux 2.1 and 3. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this
function and overrun a buffer with a single byte (CVE-2007-5135).
This update has been rated as having moderate security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-moderate-openssl-security-update-13800
|
|
RedHat: Important: kernel security update (Oct 22) |
|
Updated kernel packages that fix various security issues in the Red Hat
Enterprise Linux 5 kernel are now available. A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could
trigger this flaw and cause a denial of service.
This update has been rated as having important security impact by the Red
Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756
|
|
RedHat: Critical: seamonkey security update (Oct 19) |
|
Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-seamonkey-security-update-3241
|
|
RedHat: Critical: firefox security update (Oct 19) |
|
Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-firefox-security-update-38591
|
|
RedHat: Moderate: thunderbird security update (Oct 19) |
|
Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-thunderbird-security-update-RHSA-2007-0723-01
|
|
|
|
Slackware: firefox, seamonkey (Oct 25) |
|
New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0,
and -current to fix security issues. New seamonkey updates are available
for Slackware 11.0, 12.0, and -current to address similar issues.
|
|
|
|
Ubuntu: libpng vulnerabilities (Oct 25) |
|
It was discovered that libpng did not properly perform bounds checking
and comparisons in certain operations. An attacker could send a specially
crafted PNG image and cause a denial of service in applications linked
against libpng. advisories/ubuntu/ubuntu-libpng-vulnerabilities
|
|
Ubuntu: gnome-screensaver vulnerability (Oct 23) |
|
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. advisories/ubuntu/ubuntu-gnome-screensaver-vulnerability
|
|
Ubuntu: Thunderbird vulnerabilities (Oct 23) |
|
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5339, advisories/ubuntu/ubuntu-thunderbird-vulnerabilities-67510
|
|
Ubuntu: dhcp vulnerability (Oct 23) |
|
USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete,
and only reduced the scope of the vulnerability, without fully solving
it. This update fixes the problem.
Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not
correctly handle certain client options. A remote attacker could send
malicious DHCP replies to the server and execute arbitrary code. advisories/ubuntu/ubuntu-dhcp-vulnerability-6576
|
|
Ubuntu: Firefox vulnerabilities (Oct 23) |
|
Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5336,
CVE-2007-5339, CVE-2007-5340) advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643
|
|
Ubuntu: Ghostscript vulnerability (Oct 22) |
|
USN-501-1 fixed vulnerabilities in Jasper.
It was discovered that Jasper did not correctly handle corrupted JPEG2000
images. By tricking a user into opening a specially crafted JPG, a
remote attacker could cause the application using libjasper to crash,
resulting in a denial of service. advisories/ubuntu/ubuntu-ghostscript-vulnerability-88402
|
|
Ubuntu: util-linux vulnerability (Oct 22) |
|
Ludwig Nussel discovered that mount and umount did not properly
drop privileges when using helper programs. Local attackers may be
able to bypass security restrictions and gain root privileges using
programs such as mount.nfs or mount.cifs. advisories/ubuntu/ubuntu-util-linux-vulnerability
|
|
Ubuntu: OpenSSL vulnerability (Oct 22) |
|
Andy Polyakov discovered that the DTLS implementation in OpenSSL
was vulnerable. A remote attacker could send a specially crafted
connection request to services using DTLS and execute arbitrary code
with the service's privileges. There are no known Ubuntu applications
that are currently using DTLS. advisories/ubuntu/ubuntu-openssl-vulnerability-15959
|
|
Ubuntu: nagios-plugins vulnerability (Oct 22) |
|
Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user. advisories/ubuntu/ubuntu-nagios-plugins-vulnerability
|
|
Ubuntu: dhcp vulnerability (Oct 22) |
|
Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not
correctly handle certain client options. A remote attacker could send
malicious DHCP replies to the server and execute arbitrary code. advisories/ubuntu/ubuntu-dhcp-vulnerability-6576
|
Oct 26, 2007
•
Anthony Pell
PREVIOUS
NEXT
