Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: February 22nd, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for pre3, libimager, nagios, clamav, boost, thunderbird, xine, mplayer, php, httpd, and apache. The distributors include Debian, Gentoo, Mandriva, and Slackware.
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
Having a great defense involves proper detection and recognition of an attack. In our security world we have great IDS tools to properly recognize when we are being attacked as well as firewalls to prevent such attacks from happening. However, certain attacks are not blindly thrown at you - a good attacker knows that a certain amount of reconnaissance and knowledge about your defenses greatly increases the chances of a successful attack. How would you know if someone is scanning your defenses? Is there any way to properly respond to such scans? You bet there is...
Open Source Tool of February: Nmap! - This February, the team at Linuxsecurity.com has chosen NMAP as the Open Source Security Tool of the Month!
In January, we chose GnuPG in part because it had just celebrated its 10th anniversary. Well, it wasn't alone. As of this past December Nmap ("Network Mapper"), the free and open source utility for network exploration and auditing, celebrated its 10th Anniversary as well! And because of its popularity, chances are very good that you've already used NMAP for quite some time. Even if you have, it's always good to take a look at how it all got started and what it's all about...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
Debian: New pcre3 packages fix arbitrary code execution (Feb 19)
It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674).
Debian: New libimager-perl packages fix arbitrary code execution (Feb 19)
It was discovered that libimager-perl, a Perl extension for Generating 24 bit images, did not correctly handle 8-bit per-pixel compressed images, which could allow the execution of arbitrary code.
Debian: New nagios-plugins packages fix regression (Feb 17)
Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems:
Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perl_matcher_non_recursive.hpp (CVE-2008-0171) and a NULL pointer dereference in function get_repeat_type() file basic_regex_creator.hpp (CVE-2008-0172) when processing regular expressions. Two vulnerabilities have been reported in Boost, each one possibly resulting in a Denial of Service.
An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched to prevent this issue.
A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9. This update provides the latest Thunderbird to correct these issues.
An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched to prevent this issue.
Mandriva: Updated MPlayer packages fix a few vulnerabilities (Feb 14)
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. Although originally a xine-lib issue, also affects MPlayer due to code similarity. (CVE-2008-0225)
New php-4.4.8 packages are available for Slackware 10.2 and 11.0 to fix security issues. More details about the issues may be found here: http://bugs.php.net/43010
New httpd packages are available for Slackware 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. A new matching mod_ssl package is also provided. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
