Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: September 5th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for wordnet, slash, opensc, mt-daapd, libtiff, wordnet, ipsec-tools, php, amarok, and libxml2. The distributors include Debian, Mandriva, Red Hat, Slackware, and Ubuntu.
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.20 Now Available (Aug 19)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.20 (Version 3.0, Release 20). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Debian: New wordnet packages fix arbitrary code execution (Sep 1)
Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application.
Debian: New slash packages fix multiple vulnerabilities (Sep 1)
It has been discovered that Slash, the Slashdot Like Automated Storytelling Homepage suffers from two vulnerabilities related to insufficient input sanitation, leading to execution of SQL commands (CVE-2008-2231) and cross-site scripting (CVE-2008-2553).
Debian: New opensc package fix incomplete check (Aug 31)
This vulnerability affects only smart cards and USB crypto tokens based on Siemens CardOS M4, and within that group only those that were initialised with OpenSC. Users of other smart cards and USB crypto tokens, or cards that have been initialised with some software other than OpenSC, are not affected.
Debian: New mt-daapd package fix regression (Aug 30)
In DSA-1597-1, an update was announced for multiple vulnerabilities in the mt-daapd audio server. One of the fixes introduced a regression preventing successful authentication to the administration interface. An updated release is available which corrects this problem. For reference, the original advisory text follows.
A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases.
Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code (CVE-2008-2327). The updated packages have been patched to prevent this issue.
Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235).
Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149).
Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory (CVE-2008-3651, CVE-2008-3652). The updated packages have been patched to prevent these issues.
RedHat: Important: libtiff security and bug fix update (Aug 28)
Updated libtiff packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary This update has been rated as having important security impact by the Red Hat Security Response Team.
RedHat: Important: libtiff security and bug fix update (Aug 28)
Updated libtiff packages that fix various security issues and a bug are now available for Red Hat Enterprise Linux 4. A buffer overflow flaw was discovered in the tiff2pdf conversion program distributed with libtiff. An attacker could create a TIFF file containing UTF-8 characters that would, when converted to PDF format, cause tiff2pdf to crash, or, possibly, execute arbitrary code. This update has been rated as having important security impact by the Red Hat Security Response Team.
Updated libtiff packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3.Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. This update has been rated as having important security impact by the Red Hat Security Response Team.
New php packages are available for Slackware 10.2 and 11.0 to fix security issues. These releases are the last to contain PHP 4.4.x, which was upgraded to version 4.4.9 to fix PCRE issues and other bugs. Please note that this is the FINAL release of PHP4, and it has already passed the announced end-of-life. Sites should seriously consider migrating to PHP5 rather than upgrading to php-4.4.9.
New Amarok packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. In addition, new supporting libgpod packages are available for Slackware 11.0 and 12.0, since a newer version of libgpod than shipped with these releases is required to run Amarok version 1.4.10. The Magnatune music library plugin made insecure use of the /tmp directory, allowing malicious local users to overwrite files owned by the user running Amarok through symlink attacks. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699
Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service.
Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service.
