Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: January 4th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for tomcat, wireshark, maradns, php, tcpreen, libsndfile, peercast, inotify-tools, type3-src, tar, zope, imlib, wireshark, firefox, clamav, syslog, daap, dosfstools, and ez-ipupdate. The distributors include Debian, Gentoo, and Mandriva.
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Master's Student: A Quick and Dirty Guide To Kernel Hardening with GrSecurity - Our resident Master's student Gian Spicuzza chimes in this month with a great feature HowTo on Kernel Hardening! There are a number of ways to lock down a system, and RBAC (role based access control) is one of them. Read on to learn more about what makes RBAC so useful, and to read one of the best overviews on Low/Medium/High Security... The combination of the Linux kernel and GNU packages has always been regarded as a secure operating system, but can it be more secure? Kernel hardening is the answer to tightening up the Linux backbone. GrSecurity, a kernel patch for Linux, is one of the more popular approaches...
One of the most significant feature is the addition of a role-based access control system (RBAC) that monitors what each user can execute based on their role and denies execution if they overstep their pre-defined rules.
Creating Snort Rules with EnGarde - There are already tons of written Snort rules, but there just might be a time where you need to write one yourself. You can think of writing Snort rules as writing a program. They can include variables, keywords and functions. Why do we need to write rules? The reason is, without rules Snort will never detect someone trying to hack your machine. This HOWTO will give you confidence to write your own rules.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
Debian: New tomcat5.5 packages fix several vulnerabilities (Jan 3)
Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak.
Debian: New maradns packages fix denial of service (Jan 3)
Michael Krieger and Sam Trenholme discovered a programming error in MaraDNS, a simple security-aware Domain Name Service server, which might to denial of service through malformed DNS packets.
Debian: New php5 packages fix several vulnerabilities (Jan 3)
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. It was discovered that the session_start() function allowed the insertion of attributes into the session cookie.
Debian: New libsndfile packages fix arbitrary code execution (Dec 28)
Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.
Debian: New peercast packages fix arbitrary code execution (Dec 28)
Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Debian: New inotify-tools packages fix arbitrary code (Dec 28)
It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.
Debian: New typo3-src packages fix SQL injection (Dec 28)
Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
Debian: New tar packages fix several vulnerabilities (Dec 28)
Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar.
Debian: New zope-cmfplone packages fix regression (Dec 27)
The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. For completeness, the original advisory text below:
It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP image could cause the user's CPU to go into an infinite loop.
Gentoo: AMD64 x86 emulation GTK+ library User-assisted execution of arbitrary code (Dec 30)
Multiple integer overflow vulnerabilities in the AMD64 x86 emulation GTK+ libraries may result in the execution of arbitrary code in applications using Cairo.
A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update rovides Wireshark 0.99.7 which is not vulnerable to these issues.
