LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: February 10th, 2012
Linux Security Week: February 6th, 2012
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: January 22nd, 2010 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline. Vulnerabilities affect nearly every vendor virtually every week, so be sure to read through to find the updates your distributor have made available.

LinuxSecurity.com Feature Extras:

Review: Googling Security: How Much Does Google Know About You - If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business – and what you can do to protect yourself.

A Secure Nagios Server - Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.

  EnGarde Secure Community 3.0.22 Now Available! (Dec 9)
 

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

http://www.linuxsecurity.com/content/view/145668
  Debian: dokuwiki several vulnerabilities (Jan 21)
 

http://www.linuxsecurity.com/content/view/151483
  Debian: audiofile buffer overflow (Jan 20)
 

http://www.linuxsecurity.com/content/view/151475
  Debian: Security Support for Debian 4.0 to be discontinued on February 15th (Jan 19)
 

http://www.linuxsecurity.com/content/view/151466
  Debian: gzip arbitrary code execution (Jan 19)
 

http://www.linuxsecurity.com/content/view/151451
  Debian: glibc information disclosure (Jan 19)
 

http://www.linuxsecurity.com/content/view/151447
  Debian: audiofile buffer overflow (Jan 16)
 

http://www.linuxsecurity.com/content/view/151421
  Debian: libthai arbitrary code execution (Jan 14)
 

http://www.linuxsecurity.com/content/view/151396
  Mandriva: drakxtools (Jan 20)
 

This update has fixes for pccard 3G modem detection and accumulated fix for handling hdX/sdX devices (#53107)

Update:

This update remove conflicts on drakfirsttime caused by the last update of drakxtools.

http://www.linuxsecurity.com/content/view/151474
  Mandriva: mmc-wizard (Jan 20)
 

A dependency problem was discovered with roundcube. The php-pear-MDB2_Driver_sqlite dependency was added for mmc-wizard to address this problem.

http://www.linuxsecurity.com/content/view/151473
  Mandriva: phpldapadmin (Jan 20)
 

A vulnerability has been found and corrected in phpldapadmin: Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter (CVE-2009-4427). The updated packages have been patched to correct thies issue.

http://www.linuxsecurity.com/content/view/151472
  Mandriva: dbus-glib (Jan 20)
 

The dbus-glib package was built without a symbol that is needed by the latest versions of tracker. This update adds the missing functions (#57068).

http://www.linuxsecurity.com/content/view/151470
  Mandriva: libxrender (Jan 20)
 

The libxrender library contained a bug where it could crash applications on x86_64 bit machines when the XRenderSetPictureFilter function was called (#56721).

http://www.linuxsecurity.com/content/view/151469
  Mandriva: openssl (Jan 20)
 

Some vulnerabilities were discovered and corrected in openssl: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678 (CVE-2009-4355). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct thies issue.

http://www.linuxsecurity.com/content/view/151468
  Mandriva: xinit (Jan 19)
 

The xinit manpage in 2010.0 was not reflecting the real application behavior, which could confuse users. This update fixes the xinit manpage to reflect its real behavior.

http://www.linuxsecurity.com/content/view/151467
  Mandriva: bind (Jan 19)
 

Some vulnerabilities were discovered and corrected in bind: The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries (CVE-2010-0290). There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version.

http://www.linuxsecurity.com/content/view/151465
  Mandriva: gzip (Jan 19)
 

Multiple vulnerabilities has been found and corrected in gzip: A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip (CVE-2009-2624). An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/151464
  Mandriva: gzip (Jan 19)
 

A vulnerability has been found and corrected in gzip: An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001). The updated packages have been patched to correct thies issue.

http://www.linuxsecurity.com/content/view/151461
  Mandriva: initscripts (Jan 19)
 

The network detection routine could not detect the network connection properly in some cases, resulting in premature termination with incorrect return code. This could result in failure on startup for services which depend on network to be up, such as apache2 server. This update fixes this issue.

http://www.linuxsecurity.com/content/view/151456
  Mandriva: wireshark (Jan 19)
 

This advisory updates wireshark to the latest 1.2.5 version, fixing several bugs and two security issues: - The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet (CVE-2009-4377) - Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet (CVE-2009-4376)

http://www.linuxsecurity.com/content/view/151446
  Mandriva: phpMyAdmin (Jan 19)
 

Multiple vulnerabilities has been found and corrected in phpMyAdmin: libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors (CVE-2008-7251). libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors (CVE-2008-7252). scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors (CVE-2009-4605). This update provides phpMyAdmin 2.11.10, which is not vulnerable to these issues.

http://www.linuxsecurity.com/content/view/151445
  Mandriva: ruby (Jan 18)
 

A vulnerability has been found and corrected in ruby: WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator (CVE-2009-4492). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/151444
  Mandriva: roundcubemail (Jan 18)
 

Multiple vulnerabilities has been found and corrected in transmission: A number of dependency probles were discovered and has been corrected with this release (#56006). Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077 (CVE-2009-4076). Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076 (CVE-2009-4077). The updated packages have been patched to correct these issues. Additionally roundcubemail has been upgraded to 0.2.2 that also fixes a number of upstream bugs.

http://www.linuxsecurity.com/content/view/151443
  Mandriva: transmission (Jan 17)
 

A vulnerability has been found and corrected in transmission: Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file (CVE-2010-0012). The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/151434
  Mandriva: transmission (Jan 17)
 

Multiple vulnerabilities has been found and corrected in transmission: Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors (CVE-2009-1757). Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file (CVE-2010-0012). The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/151433
  Mandriva: phonon-gstreamer (Jan 17)
 

The package phonon-gstreamer (MDVA-2010:003) issued in main/updates has a new dependency added, gstreamer0.10-plugins-ugly, this new dependencie also depends on some other packages only available on the /main/release media, this updates pushes the gstreamer0.10-plugins-ugly dependecies to the /Main/Updates media making MandrivaUpdate issue the phonon-gstreamer update without problems.

http://www.linuxsecurity.com/content/view/151429
  Mandriva: gnupg2 (Jan 17)
 

A packaging mistake lead to that the gpg-agent was not started by default. The updated packages addresses this problem.

http://www.linuxsecurity.com/content/view/151424
  Mandriva: mysql (Jan 17)
 

Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). The updated packages have been patched to correct these issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded to the latest stable 5.1 release (5.1.42).

http://www.linuxsecurity.com/content/view/151423
  Mandriva: mysql (Jan 17)
 

Multiple vulnerabilities has been found and corrected in mysql: mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement (CVE-2009-4019). The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library (CVE-2009-4028). MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079 (CVE-2009-4030). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. Additionally for 2009.0 and MES5 mysql has also been upgraded to the last stable 5.0 release (5.0.89).

http://www.linuxsecurity.com/content/view/151422
  Mandriva: libthai (Jan 16)
 

Multiple vulnerabilities has been found and corrected in libthai: Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string (CVE-2009-4012). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/151419
  Mandriva: mkinitrd (Jan 15)
 

When a system uses dmraid, mkinitrd now calls dmraid command with the option --rm_partitions. This option is only available in new dmraid package, so boot will fail if, during an upgrade, initrd is generated with new mkinitrd and old dmraid (#55427). This updated package adds this dependency. Additionally, two bug were fixed about drm modules inclusion (#55676). First, when a drm module was loaded at the time mkinitrd is run, it would be included even if it not in DRM_WHITELIST. Then, when a module was whitelisted, all the drm modules for this hardware where included, including proprietary ones).

http://www.linuxsecurity.com/content/view/151418
  Mandriva: freeradius (Jan 15)
 

Perl scripts shipped in the freeradius-web sub package use File::Temp perl module incorrectly, preventing to execute them correctly. In these perl scripts, a change was made to replace the line "use File::Temp \;" by "use File::Tempqw\(tempfile tempdir\)\;".

http://www.linuxsecurity.com/content/view/151417
  Mandriva: msec (Jan 15)
 

This update adds a feature to msec to save the log message that would be sent by email into /var/log/security/ to allow consulting it without relying on email system.

http://www.linuxsecurity.com/content/view/151413
  Mandriva: php (Jan 15)
 

A vulnerability has been found and corrected in php: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/151411
  Mandriva: php (Jan 15)
 

Multiple vulnerabilities has been found and corrected in php: The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/151410
  Mandriva: php (Jan 15)
 

Multiple vulnerabilities has been found and corrected in php: The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465 (CVE-2007-5898). The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/151408
  Mandriva: virt-manager (Jan 15)
 

This is a minor bugfix release for virt-manager: Because of default configuration that may leads to misunderstanding, README.urpmi has been added in virt-manager package so that relocation server option is clear. It explains also how modify this default option. The packages provided with this update addresses this problem.

http://www.linuxsecurity.com/content/view/151405
  Mandriva: logcheck (Jan 14)
 

This is a minor bugfix release for logcheck: - wrong permission on configuration file - rebuilt package with correct version of docbook-to-man to fix man pages build The packages provided with this update addresses this problem.

http://www.linuxsecurity.com/content/view/151401
  Mandriva: net-snmp (Jan 14)
 

This is a minor bugfix release for net-snmp: The /etc/snmp/snmp.local.conf file contains a line that enable quickprinting features that breaks the output from snmpget for the nagios plugins using it. The packages provided with this update addresses this problem.

http://www.linuxsecurity.com/content/view/151400
  Mandriva: openssh (Jan 14)
 

This is a minor bugfix release for openssh: The openssl and makedev packages is needed at install time from cdrom medias in %post for the openssh-server sub package in order to be able to generate the ssh keys files (fixes #55951) The packages provided with this update addresses this problem.

http://www.linuxsecurity.com/content/view/151399
  Mandriva: openvpn (Jan 14)
 

A new script has been added in documentation. It can be used to manage nameservers when /etc/resolv.conf is handled by resolvconf.

http://www.linuxsecurity.com/content/view/151397
  RedHat: kernel-rt security and bug fix update (Jan 20)
 

Updated kernel-rt packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise MRG 1.2. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151471
  RedHat: gzip (Jan 19)
 

An updated gzip package that fixes one security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151460
  RedHat: bind (Jan 19)
 

Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151459
  RedHat: acroread (Jan 19)
 

The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras contain security flaws and should not be used. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151458
  RedHat: kernel security and bug fix update (Jan 19)
 

Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151450
  RedHat: kernel security and bug fix update (Jan 19)
 

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151449
  RedHat: openssl (Jan 19)
 

Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151448
  RedHat: pidgin (Jan 14)
 

Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/151390
  SuSE: Linux kernel (Jan 21)
 

http://www.linuxsecurity.com/content/view/151482
  SuSE: krb5 (Jan 18)
 

http://www.linuxsecurity.com/content/view/151442
  SuSE: Linux kernel (Jan 14)
 

http://www.linuxsecurity.com/content/view/151398
  Ubuntu: Python 2.4 vulnerabilities (Jan 21)
 

USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)

http://www.linuxsecurity.com/content/view/151481
  Ubuntu: Python 2.5 vulnerabilities (Jan 21)
 

USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)

http://www.linuxsecurity.com/content/view/151479
  Ubuntu: gzip vulnerabilities (Jan 19)
 

It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2624) Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempelâ€"Zivâ€"Welch (LZW) algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0001)

http://www.linuxsecurity.com/content/view/151462
  Ubuntu: Bind vulnerabilities (Jan 19)
 

It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. (CVE-2010-0097) USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Original advisory details: Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

http://www.linuxsecurity.com/content/view/151463
  Ubuntu: LibThai vulnerability (Jan 17)
 

Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/151432
  Ubuntu: LibThai vulnerability (Jan 17)
 

Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/151430
  Ubuntu: Pidgin vulnerabilities (Jan 17)
 

It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703) It was discovered that Pidgin did not properly enforce the "require TLS/SSL" setting when connecting to certain older Jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3026) It was discovered that Pidgin did not properly handle certain SLP invite messages in the MSN protocol handler. A remote attacker could send a specially crafted invite message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3083) It was discovered that Pidgin did not properly handle certain errors in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3085) It was discovered that Pidgin did not properly handle malformed contact-list data in the OSCAR protocol handler. A remote attacker could send specially crafted contact-list data and cause Pidgin to crash, leading to a denial of service. (CVE-2009-3615) It was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler. A remote attacker could send a specially crafted filename in a custom smiley request and obtain arbitrary files via directory traversal. This issue only affected Ubuntu 8.10, Ubuntu 9.04 and Ubuntu 9.10. (CVE-2010-0013) Pidgin for Ubuntu 8.04 LTS was also updated to fix connection issues with the MSN protocol. USN-675-1 and USN-781-1 provided updated Pidgin packages to fix multiple security vulnerabilities in Ubuntu 8.04 LTS. The security patches to fix CVE-2008-2955 and CVE-2009-1376 were incomplete. This update corrects the problem. Original advisory details: It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955) It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)

http://www.linuxsecurity.com/content/view/151431
  Pardus: Kernel: Multiple Vulnerabilities (Jan 18)
 

Multiple vulnerabilities were fixed in kernel, please update your system.

http://www.linuxsecurity.com/content/view/151435
  Pardus: Kdelibs: Multiple Vulnerabilities (Jan 18)
 

Multiple vulnerabilities were found in kdelibs found which can be exploited by malicious people to 1) make XMLHttpRequests to remote sites 2) cause denial of service

http://www.linuxsecurity.com/content/view/151436
  Pardus: Pidgin: Directory Traversal (Jan 18)
 

A vulnerability has been discovered in Pidgin, which can be exploited by malicious people to disclose sensitive information.

http://www.linuxsecurity.com/content/view/151437
  Pardus: [UPDATE] Simgear: Denial of Service (Jan 15)
 

A vulnerability was found in Simgear, which can be exploited by malicious people to cause Denial of Service via crafted XML document. [UPDATE] Same issue was fixed in Pardus 2008

http://www.linuxsecurity.com/content/view/151414
  Pardus: [UPDATE] libwww: Denial of Service (Jan 15)
 

A vulnerability was found in libwww, which can be exploited by malicious people to cause Denial of Service via crafted XML document. [UPDATE] Same issue was fixed in Pardus 2008

http://www.linuxsecurity.com/content/view/151415
  Pardus: [UPDATE] Torcs: Denial of Service (Jan 15)
 

A vulnerability was found in Torcs, which can be exploited by malicious people to cause Denial of Service via crafted XML document. [UPDATE] Same issue was fixed in Pardus 2008

http://www.linuxsecurity.com/content/view/151416

Only registered users can write comments.
Please login or register.

Powered by AkoComment!
 
< Prev   Next >
    
Partner

 
Latest Features
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Using the sec-wall Security Proxy
sec-wall: Open Source Security Proxy
Yesterday's Edition
Hackers Hit Apple Supplier Foxconn, Leak Usernames And Passwords
Hackers Mug Google's Wallet App on Rooted Android Devices
Google Chrome will no longer check for revoked SSL certificates online
Have Your Users' Passwords Already Been Hacked?
DDoS Tools Flourish, Give Attackers Many Options
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2012 Guardian Digital, Inc. All rights reserved.