Linux Advisory Watch - August 31st 2007

Linux Advisory Watch - August 31st 2007
Linux Advisory Watch - August 31st 2007

|                               Weekly Newsletter  |
|  August 31st 2007                              Volume 8, Number 35a |

  Editors:      Dave Wreski                     Benjamin D. Thomas 

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each

This week advisories were released for asterisk, dovecot, rsync,
postfix-policyd, lighthttpd, mediawiki, moodle, cups, tetex, kdegraphics,
koffice, kdelibs, kdebase, po4a, libvorbias, id3lib, bochs, sylpheed,
Opera, vim, gdm, gimp, kernel, tar, mysql, emacs, enigmail, and
tcpwrappers.  The distributors include Debian, Fedora, Mandriva,
Red Hat, SuSE, and Ubuntu.


>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments. 


* EnGarde Secure Linux v3.0.16 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.16 (Version 3.0, Release 16). This release includes
many updated packages and bug fixes, some feature enhancements to
Guardian Digital WebTool and the SELinux policy, and a few new


Review: Ruby by Example

Learning a new language cannot be complete without a few 'real
world' examples. 'Hello world!'s and fibonacci sequences are
always nice as an introduction to certain aspects of programming,
but soon or later you crave something meatier to chew on. 'Ruby
by Example: Concepts and Code' by Kevin C. Baird provides a
wealth of knowledge via general to specialized examples of the
dynamic object oriented programming language, Ruby. Want to build
an mp3 playlist processor? How about parse out secret codes from
'Moby Dick'? Read on! 


Robert Slade Review: "Information Security and Employee Behaviour"

The best way to secure you against sniffing is to use encryption. While
this won't prevent a sniffer from functioning, it will ensure that what a
sniffer reads is pure junk. 


-->  Take advantage of the Quick Reference Card!

|  Distribution: Debian           | ----------------------------//

* Debian: New asterisk packages fix several vulnerabilities
  27th, August, 2007

Several remote vulnerabilities have been discovered in Asterisk, a
free software PBX and telephony toolkit. The Common Vulnerabilities and
Exposures project identifies the following problems: "Mu Security"
discovered that a NULL pointer deference in the SIP implementation
could lead to denial of service. 

* Debian: New dovecot packages fix directory traversal
  28th, August, 2007

It was discovered that dovecot, a secure mail server that supports
mbox and maildir mailboxes, when configured to use non-system-user
spools and compressed folders, may allow directory traversal in
mailbox names 

* Debian: New rsync packages fix arbitrary code execution
  28th, August, 2007

Sebastian Krahmer discovered that rsync, a fast remote file copy
program, contains an off-by-one error which might allow remote
attackers  to execute arbitary code via long directory names. 

* Debian: New postfix-policyd packages fix arbitrary code execution
  29th, August, 2007

It was discovered that postfix-policyd, an anti-spam plugin for
postfix, didn't correctly bounds-test incoming SMTP commands
potentially allowing the remote exploitation of arbitrary

* Debian: New lighttpd packages fix several vulnerabilities
  29th, August, 2007

Several vulnerabilities were discovered in lighttpd, a fast webserver
with minimal memory footprint. The use of mod_auth could leave to a denial
of service attack crashing the webserver. 

|  Distribution: Fedora           | ----------------------------//

* Fedora 7 Update: mediawiki-1.9.3-34.0.2.fc7
  27th, August, 2007

This update fixes the following vulnerability:
 "Cross-site scripting (XSS) vulnerability in the AJAX features in
  index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is
  enabled, allows remote attackers to inject arbitrary web script
  or HTML via a UTF-7 encoded value of the rs parameter, which is
  processed by Internet Explorer." 

* Fedora 7 Update: moodle-1.8.2-1.fc7
  27th, August, 2007

Upgrade to 1.8.2, Security fixes for 247582. Also corrects bug
245750, cron job problem. 

* Fedora 7 Update: cups-1.2.12-4.fc7
  27th, August, 2007

This update fixes a security problem concerning PDF handling.
It also fixes printing speed with USB printers, and includes a fix
for the LSPP support. 

* Fedora 7 Update: tetex-3.0-40.1.fc7
  27th, August, 2007

* Fri Aug 10 2007 Jindrich Novy
- backport upstream fix for xpdf integer overflow CVE-2007-3387 

* Fedora 7 Update: kdegraphics-3.5.7-2.fc7
  27th, August, 2007

This is an update to address a vulnerability in kpdf, one that can
cause a stack based buffer overflow. 

* Fedora 7 Update: koffice-1.6.3-9.fc7
  27th, August, 2007

This is an update to address a stack-based buffer overflow
vulnerability in kword's pdf filter. 

* Fedora 7 Update: kdelibs-3.5.7-20.fc7
  27th, August, 2007

This update primarily addresses problems with URL spoofing and
consolekit/session permissions. 

* Fedora 7 Update: kdebase-3.5.7-13.fc7
  27th, August, 2007

This update primarily addresses security issues around URL spoofing. 

* Fedora 7 Update: po4a-0.32-4.fc7
  27th, August, 2007

This update fixes a potential security problem (information leak)
due to use of predictable name in /tmp. There is no CVE assignment

* Fedora 7 Update: libvorbis-1.1.2-3.fc7
  27th, August, 2007

Multiple security flaws were found in libvorbis.  This updated
package fixes them all. Descriptions of the security bugs can be
found in the Fedora bug reporting software. 

* Fedora 7 Update: id3lib-3.8.3-17.fc7
  27th, August, 2007

This security update fixes a (minor) tempfile creation security issue
(CVE-2007-4460) by using mkstemp (bugzilla 253553) 

* Fedora 7 Update: bochs-2.3-7.fc7
  27th, August, 2007

This security update of bochs fixes CVE-2007-2894:
The emulated floppy disk controller in Bochs 2.3 allows local users
of the guest operating system to cause a denial of service (virtual
machine crash) via unspecified vectors, resulting in a divide-by-zero

* Fedora 7 Update: sylpheed-2.3.1-5
  27th, August, 2007

Ulf Harnhammar (Secunia Research) has discovered a format string
vulnerability in sylpheed and claws-mail in inc_put_error() function
in src/inc.c when displaying POP3 error reply. 

|  Distribution: Gentoo           | ----------------------------//

* Gentoo: Qt Multiple format string vulnerabilities
  27th, August, 2007

Format string vulnerabilities in Qt 3 may lead to the remote
execution of arbitrary code in some Qt applications. An attacker
could trigger one of the vulnerabilities by causing a Qt
application to parse specially crafted text, which may lead to
the execution of arbitrary code. 

* Gentoo: Opera Multiple vulnerabilities
  27th, August, 2007

Opera contain several vulnerabilities, some of which may allow the
execution of arbitrary code. A remote attacker could trigger the
BitTorrent vulnerability by enticing a user into starting a malicious
BitTorrent download, and execute arbitrary code through unspecified

|  Distribution: Mandriva         | ----------------------------//

* Mandriva: Updated vim packages fix vulnerability
  27th, August, 2007

A format string vulnerability in the helptags support in vim allows
user-assisted remote attackers to execute arbitrary code via format
string specifiers in a help-tags tag in a help file.
Updated packages have been patched to prevent this issue. 

* Mandriva: Updated gdm packages fix DoS vulnerability
  27th, August, 2007

 A vulnerability was discovered in how gdm listens on its unix domain

socket.  A local user could crash a running X session by writing
malicious data to gdm's unix domain socket.
Updated packages have been patched to prevent this issue. 

* Mandriva: Updated gimp packages fix input data validation
  27th, August, 2007

Multiple integer overflows in the image loader plug-ins in GIMP
before 2.2.16 allow user-assisted remote attackers to execute
arbitrary code via crafted length values in (1) DICOM, (2) PNM,
(3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. 

* Mandriva: Updated kernel packages fix multiple
  28th, August, 2007

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel. The first is that the Linux kernel did not properly save
or restore EFLAGS during a context switch, or reset the flags when
creating new threads, which allowed local users to cause a denial
of service (process crash). 

|  Distribution: Red Hat          | ----------------------------//

* RedHat: Moderate: tar security update
  27th, August, 2007

Updated tar package that fixes a path traversal flaw is now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team. A path traversal flaw
was discovered in the way GNU tar extracted archives. A malicious user
could create a tar archive that could write to arbitrary files to
which the user running GNU tar had write access. 

* RedHat: Important: mysql security update
  30th, August, 2007

Updated mysql packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4 and 5. A flaw was discovered in MySQL's
authentication protocol. It is possible for a remote unauthenticated
attacker to send a specially crafted authentication request to the
MySQL server causing it to crash. 

|  Distribution: SuSE             | ----------------------------//

* SuSE: Linux kernel (SUSE-SA:2007:035)
  27th, August, 2007

The ftdi_sio driver allowed local users to cause a denial of service
(memory consumption) by writing more data to the serial port than the
hardware can handle, which causes the data to be queued. This
requires this driver to be loaded, which only happens if such a
device is plugged in. 

* SuSE: Mozilla Firefox, Thunderbird,
  27th, August, 2007

The Mozilla Firefox browser was brought to security update version on Novell Linux Desktop 9 and on SUSE Linux
Enterprise 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2.
The Mozilla Thunderbird mailreader was brought to security update
version on SUSE Linux 10.0, 10.1 and openSUSE 10.2. 

* SuSE: Opera (SUSE-SA:2007:050)
  30th, August, 2007

The Opera web-browser allows an attacker to execute arbitrary code by
providing an invalid pointer to a virtual function in JavaScript.
This bug can be exploited automatically when a user visits a web-site
that contains the attacker's JavaScript code 

|  Distribution: Ubuntu           | ----------------------------//

* Ubuntu:  KDE vulnerabilities
  27th, August, 2007

It was discovered that Konqueror could be tricked into displaying
incorrect URLs.  Remote attackers could exploit this to increase
their chances of tricking a user into visiting a phishing URL, which
could lead to credential theft. 

* Ubuntu:  Thunderbird vulnerabilities
  27th, August, 2007

Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious email, an attacker could
execute arbitrary code with the user's privileges. Please note that
JavaScript is disabled by default for emails, and it is not
recommended to enable it. 

* Ubuntu:  Emacs vulnerability
  28th, August, 2007

Hendrik Tews discovered that emacs21 did not correctly handle certain
GIF images.  By tricking a user into opening a specially crafted GIF,
a remote attacker could cause emacs21 to crash, resulting in a denial
of service. 

* Ubuntu:  tar vulnerability
  28th, August, 2007

Dmitry V. Levin discovered that tar did not correctly detect the ".."
file path element when unpacking archives.  If a user or an automated
system were tricked into unpacking a specially crafted tar file,
arbitrary files could be overwritten with user privileges. 

* Ubuntu:  vim vulnerability
  28th, August, 2007

Ulf Harnhammar discovered that vim does not properly sanitise the
"helptags_one()" function when running the "helptags" command.
By tricking a user into running a crafted help file, a remote
attacker could execute arbitrary code with the user's privileges. 

* Ubuntu:  Enigmail regression
  28th, August, 2007

USN-469-1 fixed vulnerabilities in the Mozilla Thunderbird email
client. The updated Thunderbird version broken compatibility with the
Enigmail plugin.  This update corrects the problem.  We apologize for
the inconvenience. 

* Ubuntu:  tcp-wrappers vulnerability
  29th, August, 2007

It was discovered that the TCP wrapper library was incorrectly
allowing connections to services that did not specify server-side
connection details.  Remote attackers could connect to services that
had been configured to block such connections.  This only affected
Ubuntu Feisty. 

Distributed by: Guardian Digital, Inc.      

To unsubscribe email 
         with "unsubscribe" in the subject of the message.

Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 

Site design & layout copyright © 1986-2015 CodeGods