AOH :: ISNQ4835.HTM

Linux Advisory Watch: November 16th, 2007




Linux Advisory Watch: November 16th, 2007
Linux Advisory Watch: November 16th, 2007



+------------------------------------------------------------------------+
| LinuxSecurity.com                                    Weekly Newsletter |
| November 16th, 2007                                Volume 8, Number 46 |
|                                                                        |
| Editorial Team: Dave Wreski  | 
| Benjamin D. Thomas  | 
+------------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for zope-cmfplone, horde3, gallery2,
phpmyadmin, glib2, gpdf, xpdf, mono, libpng, cups, flac, pcre, net-snmp,
samba, util-linux, openssl, pam, httpd, mailman, tcpdump, xterm,
wireshark, ruby, kdegraphics, tetex, php, vmware, poppler, emacs, flac,
pidgin, and ImageMagick. The distributors include Debian, Fedora,
Mandriva, Red Hat, Slackware, SuSE, Ubuntu, and Forsight.

---

>> Linux+DVD Magazine <<

Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.

In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 

---

Master's Student: Social Engineering is not just a definition!
--------------------------------------------------------------
We are happy to announce a new addition to the Linux Security
Contributing Team: Gian G. Spicuzza.  Currently a Graduate Student
pursuing a Masters Degree in Computer Security (MSIA), Gian is a
certified Linux/Unix administrator, the lead developer for the
OSCAR-Backup System (at Sourceforge.com) and has experience in a variety
of CSO, Management and consulting positions.

His first topic is a quick foray into the world and psychology of Social
Engineering:

All the security in the world isn't going to stop one of your employees
or coworkers from giving up information.  Just how easy is it?

 Craig never worked for Linda's company, nor did he call
from IT. Craig was an unethical hacker who just gained unauthorized
access to her account. Why? Because a phone call is simple.

Read on to see just how easy businesses can be exploited.

http://www.linuxsecurity.com/content/view/131036 

---

Review: Linux Firewalls
-----------------------
Security is at the forefront of everyone's mind and a firewall can be an
integral part of your Linux defense. But is Michael's Rash's "Linux
Firewalls," the newest release from NoStarchPress, up for the challenge?
Eckie S. here at Linuxsecurity.com gives you the low-down on this newest
addition to the Linux security resource library and how it's one of the
best ways to crack down on attacks to your Linux network.

http://www.linuxsecurity.com/content/view/130392 

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- 

--------------------------------------------------------------------------

* EnGarde Secure Community v3.0.17 Now Available (Oct 9)
  ------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.17 (Version 3.0, Release 17).  This release includes many
  updated packages and bug fixes, some feature enhancements to Guardian
  Digital WebTool and the SELinux policy, and a few new features.

  In distribution since 2001, EnGarde Secure Community was one of the
  very first security platforms developed entirely from open source, and
  has been engineered from the ground-up to provide users and
  organizations with complete, secure Web functionality, DNS, database,
  e-mail security and even e-commerce.

http://www.linuxsecurity.com/content/view/129961 

--------------------------------------------------------------------------

* Debian: New zope-cmfplone packages fix regression (Nov 11)
  ----------------------------------------------------------
  It was discovered that Plone, a web content management system, allows
  remote attackers to execute arbitrary code via specially crafted web
  browser cookies.

http://www.linuxsecurity.com/content/view/130773 

* Debian: New horde3 packages fix several vulnerabilities (Nov 9)
  ---------------------------------------------------------------
  Several remote vulnerabilities have been discovered in the Horde web
  application framework. Moritz Naumann discovered that Horde allows
  remote attackers     to inject arbitrary web script or HTML in the
  context of a logged	  in user (cross site scripting).

http://www.linuxsecurity.com/content/view/130688 

* Debian: New zope-cmfplone packages fix arbitrary code (Nov 9)
  -------------------------------------------------------------
  It was discovered that Plone, a web content management system, allows
  remote attackers to execute arbitrary code via specially crafted web
  browser cookies.

http://www.linuxsecurity.com/content/view/130687 

* Debian: New gallery2 packages fix privilege escalation (Nov 8)
  --------------------------------------------------------------
  Nicklous Roberts discovered that the Reupload module of Gallery 2, a
  web based photo management application, allowed unauthorized users to
  edit Gallery's data file.

http://www.linuxsecurity.com/content/view/130668 

* Debian: New phpmyadmin packages fix cross-site scripting (Nov 8)
  ----------------------------------------------------------------
  Omer Singer of the DigiTrust Group discovered several vulnerabilities
  in phpMyAdmin, an application to administrate MySQL over the WWW. The
  Common Vulnerabilities and Exposures project identifies, phpMyAdmin
  allows a remote attacker to inject arbitrary web script or HTML in the
  context of a logged in user's session (cross site scripting).

http://www.linuxsecurity.com/content/view/130667 

--------------------------------------------------------------------------

* Fedora 8 Update: glib2-2.14.3-1.fc8 (Nov 8)
  -------------------------------------------
  The latest stable upstream release of GLib includes a new version of
  PCRE, which fixes several vulnerabilities.

http://www.linuxsecurity.com/content/view/130615 

--------------------------------------------------------------------------

* Mandriva: Updated gpdf packages fix vulnerabilities (Nov 15)
  ------------------------------------------------------------
  Alin Rad Pop found several flaws in how PDF files are handled in gpdf.
  An attacker could create a malicious PDF file that would cause gpdf to
  crash or potentially execute arbitrary code when opened. The updated
  packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/131037 

* Mandriva: Updated xpdf packages fix vulnerabilities (Nov 15)
  ------------------------------------------------------------
  Alin Rad Pop found several flaws in how PDF files are handled in xpdf.
  An attacker could create a malicious PDF file that would cause xpdf to
  crash or potentially execute arbitrary code when opened. The updated
  packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/131035 

* Mandriva: Updated mono packages fix arbitrary code (Nov 14)
  -----------------------------------------------------------
  IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in
  Mono 1.2.5.1 and previous versions, which allows arbitrary code
  execution by context-dependent attackers. Updated packages fix this
  issue.

http://www.linuxsecurity.com/content/view/130934 

* Mandriva: Updated libpng packages fix multiple (Nov 13)
  -------------------------------------------------------
  Multiple vulnerabilities were discovered in libpng: An off-by-one error
  when handling ICC profile chunks in the png_set_iCCP() function
  (CVE-2007-5266; only affects Mandriva Linux 2008.0).

http://www.linuxsecurity.com/content/view/130927 

* Mandriva: Updated kernel packages fix multiple (Nov 13)
  -------------------------------------------------------
  Some vulnerabilities were discovered and corrected in the Linux 2.6
  kernel: A typo in the Linux kernel caused RTA_MAX to be used as an
  array size instead of RTN_MAX, which lead to an out of bounds access by
  certain functions (CVE-2007-2172).

http://www.linuxsecurity.com/content/view/130924 

* Mandriva: Updated cups packages fix vulnerability (Nov 12)
  ----------------------------------------------------------
  Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS
  that can be exploited by malicious individuals to execute arbitrary
  code.  This flaw is due to a boundary error when processing IPP
  (Internet Printing Protocol) tags.

http://www.linuxsecurity.com/content/view/130816 

* Mandriva: Updated openldap packages fix vulnerability (Nov 8)
  -------------------------------------------------------------
  A flaw in the way OpenLDAP's slapd daemon handled malformed
  objectClasses LDAP attributes was discovered.  A local or remote
  attacker could create an LDAP request that could cause a denial of
  service by crashing slapd. Updated packages have been patched to
  prevent this issue.

http://www.linuxsecurity.com/content/view/130670 

* Mandriva: Updated flac packages fix vulnerability (Nov 8)
  ---------------------------------------------------------
  A security vulnerability was discovered in how flac processed audio
  data.  An attacker could create a carefully crafted FLAC audio file
  that could cause an application linked against the flac libraries to
  crash or execute arbitrary code when opened. Updated packages have been
  patched to prevent this issue.

http://www.linuxsecurity.com/content/view/130669 

* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
  ---------------------------------------------------------
  Multiple vulnerabilities were discovered by Tavis Ormandy and Will
  Drewry in the way that pcre handled certain malformed regular
  expressions.	If an application linked against pcre, such as Konqueror,
  parses a malicious regular expression, it could lead to the execution
  of arbitrary code as the user running the application. Updated packages
  have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/130666 

* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
  ---------------------------------------------------------
  Multiple vulnerabilities were discovered by Tavis Ormandy and Will
  Drewry in the way that pcre handled certain malformed regular
  expressions.	If an application linked against pcre, such as Konqueror,
  parses a malicious regular expression, it could lead to the execution
  of arbitrary code as the user running the application. Updated packages
  have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/130665 

* Mandriva: Updated pcre packages fix vulnerability (Nov 8)
  ---------------------------------------------------------
  Multiple vulnerabilities were discovered by Tavis Ormandy and Will
  Drewry in the way that pcre handled certain malformed regular
  expressions.	If an application linked against pcre, such as Konqueror,
  parses a malicious regular expression, it could lead to the execution
  of arbitrary code as the user running the application. Updated packages
  have been patched to prevent this issue.

http://www.linuxsecurity.com/content/view/130664 

--------------------------------------------------------------------------

* RedHat: Moderate: net-snmp security update (Nov 15)
  ---------------------------------------------------
  Updated net-snmp packages that fix a security issue are now available
  for Red Hat Enterprise Linux 3, 4, and 5. A flaw was discovered in the
  way net-snmp handled certain requests. A remote attacker who can
  connect to the snmpd UDP port (161 by default) could send a malicious
  packet causing snmpd to crash, resulting in a denial of service.

http://www.linuxsecurity.com/content/view/131031 

* RedHat: Critical: samba security update (Nov 15)
  ------------------------------------------------
  Updated samba packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4. A buffer overflow flaw was
  found in the way Samba creates NetBIOS replies. If a Samba server is
  configured to run as a WINS server, a remote unauthenticated user could
  cause the Samba server to crash or execute arbitrary code. This update
  has been rated as having critical security impact by the Red Hat
  Security Response Team.

http://www.linuxsecurity.com/content/view/131028 

* RedHat: Critical: samba security update (Nov 15)
  ------------------------------------------------
  Updated samba packages that fix security issues are now available for
  Red Hat Enterprise Linux 5.  A buffer overflow flaw was found in the
  way Samba creates NetBIOS replies. If a Samba server is configured to
  run as a WINS server, a remote unauthenticated user could cause the
  Samba server to crash or execute arbitrary code. This update has been
  rated as having critical security impact by the Red Hat Security
  Response Team.

http://www.linuxsecurity.com/content/view/131029 

* RedHat: Moderate: openldap security and enhancement (Nov 15)
  ------------------------------------------------------------
  Updated openldap packages that fix a security flaw are now available
  for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP's
  slapd daemon handled malformed objectClasses LDAP attributes.  An
  authenticated local or remote attacker could create an LDAP request
  which could cause a denial of service by crashing slapd. This update
  has been rated as having moderate security impact by the Red Hat
  Security Response Team.

http://www.linuxsecurity.com/content/view/131030 

* RedHat: Moderate: util-linux security update (Nov 15)
  -----------------------------------------------------
  Updated util-linux packages that fix a security issue are now available
  for Red Hat Enterprise Linux 3, 4, and 5. A flaw was discovered in the
  way that the mount and umount utilities used the setuid and setgid
  functions, which could lead to privileges being dropped improperly.  A
  local user could use this flaw to run mount helper applications such
  as, mount.nfs, with additional privileges. This update has been rated
  as having moderate security impact by the Red Hat Security Response
  Team.

http://www.linuxsecurity.com/content/view/131026 

* RedHat: Critical: samba security update (Nov 15)
  ------------------------------------------------
  Updated samba packages that fix several security issues are now
  available for Red Hat Enterprise Linux 2.1 and 3. A buffer overflow
  flaw was found in the way Samba creates NetBIOS replies.If a Samba
  server is configured to run as a WINS server, a remote unauthenticated
  user could cause the Samba server to crash or execute arbitrary code.
  This update has been rated as having critical security impact by the
  Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/131027 

* RedHat: Moderate: openssl security and bug fix update (Nov 15)
  --------------------------------------------------------------
  Updated OpenSSL packages that correct a security issue and various bugs
  are now available for Red Hat Enterprise Linux 4.  A flaw was found in
  the SSL_get_shared_ciphers() utility function. An attacker could send a
  list of ciphers to an application that used this function and overrun a
  buffer by a single byte (CVE-2007-5135). Few applications make use of
  this vulnerable function and generally it is used only when
  applications are compiled for debugging.  This update has been rated as
  having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/131023 

* RedHat: Moderate: pam security, bug fix, (Nov 15)
  -------------------------------------------------
  Updated pam packages that fix two security flaws, resolve two bugs, and
  add an enhancement are now available for Red Hat Enterprise Linux 4. A
  flaw was found in the way pam_console set console device permissions.
  It was possible for various console devices to retain ownership of the
  console user after logging out, possibly leaking information to another
  local user. This update has been rated as having moderate security
  impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/131020 

* RedHat: Moderate: httpd security, bug fix, (Nov 15)
  ---------------------------------------------------
  Updated httpd packages that fix a security issue, various bugs, and add
  enhancements are now available for Red Hat Enterprise Linux 4. A flaw
  was found in the Apache HTTP Server mod_proxy module. On sites where a
  reverse proxy is configured, a remote attacker could send a carefully
  crafted request that would cause the Apache child process handling that
  request to crash. On sites where a forward proxy is configured, an
  attacker could cause a similar crash if a user could be persuaded to
  visit a malicious site using the proxy. This update has been rated as
  having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/131021 

* RedHat: Low: mailman security and bug fix update (Nov 15)
  ---------------------------------------------------------
  Updated mailman packages that fix a security issue and various bugs are
  now available for Red Hat Enterprise Linux 4. A flaw was found in
  Mailman. A remote attacker could spoof messages in the error log, and
  possibly trick the administrator into visiting malicious URLs via a
  carriage return/line feed sequence in the URI. This update has been
  rated as having low security impact by the Red Hat Security Response
  Team.

http://www.linuxsecurity.com/content/view/131022 

* RedHat: Moderate: tcpdump security and bug fix update (Nov 15)
  --------------------------------------------------------------
  Updated tcpdump packages that fix a security issue and functionality
  bugs are now available. Moritz Jodeit discovered a denial of service
  bug in the tcpdump IEEE 802.11 processing code. An attacker could
  inject a carefully crafted frame onto the IEEE 802.11 network that
  could crash a running tcpdump session if a certain link type was
  explicitly specified. This update has been rated as having moderate
  security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/131016 

* RedHat: Low: xterm security update (Nov 15)
  -------------------------------------------
  An updated xterm package that corrects a security issue is now
  available for Red Hat Enterprise Linux 4. A bug was found in the way
  xterm packages were built that caused the pseudo-terminal device files
  of the xterm emulated terminals to be owned by the incorrect group.
  This flaw did not affect Red Hat Enterprise Linux 4 Update 4 and
  earlier. This update has been rated as having low security impact by
  the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/131017 

* RedHat: Moderate: openssh security and bug fix update (Nov 15)
  --------------------------------------------------------------
  Updated openssh packages that fix two security issues and various bugs
  are now available. A flaw was found in the way the ssh server wrote
  account names to the audit subsystem. An attacker could inject strings
  containing parts of audit messages which could possibly mislead or
  confuse audit log parsing tools. This update has been rated as having
  moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/131018 

* RedHat: Low: wireshark security and bug fix update (Nov 15)
  -----------------------------------------------------------
  New Wireshark packages that fix various security vulnerabilities and
  functionality bugs are now available for Red Hat Enterprise Linux 4.
  Wireshark was previously known as Ethereal.  Several denial of service
  bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP
  and BOOTP protocol dissectors. It was possible for Wireshark to crash
  or stop responding if it read a malformed packet off the network. This
  update has been rated as having low security impact by the Red Hat
  Security Response Team.

http://www.linuxsecurity.com/content/view/131019 

* RedHat: Important: pcre security update (Nov 15)
  ------------------------------------------------
  Further analysis of these flaws in PCRE has led to the single CVE
  identifier CVE-2006-7224 being split into three separate identifiers
  and a re-analysis of the risk of each of the flaws.  We are therefore
  updating the text of this advisory to use the correct CVE names for the
  two flaws fixed by these erratum packages, and downgrading the security
  impact of this advisory from critical to important.  No changes have
  been made to the packages themselves.

http://www.linuxsecurity.com/content/view/131013 

* RedHat: Moderate: ruby security update (Nov 13)
  -----------------------------------------------
  Updated ruby packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4. A flaw was discovered in the
  way Ruby's CGI module handles certain HTTP requests. If a remote
  attacker sends a specially crafted request, it is possible to cause the
  ruby CGI script to enter an infinite loop, possibly causing a denial of
  service. This update has been rated as having moderate security impact
  by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/130922 

* RedHat: Moderate: ruby security update (Nov 13)
  -----------------------------------------------
  Updated ruby packages that fix several security issues are now
  available for Red Hat Enterprise Linux 5. An SSL certificate validation
  flaw was discovered in several Ruby Net modules. The libraries were not
  checking the requested host name against the common name (CN) in the
  SSL server certificate, possibly allowing a man in the middle attack.
  This update has been rated as having moderate security impact by the
  Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/130923 

* RedHat: Important: kdegraphics security update (Nov 12)
  -------------------------------------------------------
  Updated kdegraphics packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4. Alin Rad Pop discovered
  several flaws in the handling of PDF files. An attacker could create a
  malicious PDF file that would cause kpdf to crash, or potentially
  execute arbitrary code when opened.  This update has been rated as
  having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/130774 

* RedHat: Important: kdegraphics security update (Nov 12)
  -------------------------------------------------------
  Updated kdegraphics packages that fix a security issue are now
  available for Red Hat Enterprise Linux 5. Alin Rad Pop discovered a
  flaw in the handling of PDF files. An attacker could create a malicious
  PDF file that would cause kpdf to crash, or potentially execute
  arbitrary code when opened. This update has been rated as having
  important security impact by the Red	Hat Security Response Team.

http://www.linuxsecurity.com/content/view/130775 

* RedHat: Critical: pcre security update (Nov 9)
  ----------------------------------------------
  Updated pcre packages that correct security issues are now available
  for Red Hat Enterprise Linux 4 and 5. Flaws were found in the way PCRE
  handles certain malformed regular expressions. If an application linked
  against PCRE, such as Konqueror, parses a malicious regular expression,
  it may be possible to run arbitrary code as the user running the
  application. This update has been rated as having critical security
  impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/130755 

* RedHat: Important: openldap security and enhancement (Nov 8)
  ------------------------------------------------------------
  Updated openldap packages that fix a security flaw are now available
  for Red Hat Enterprise Linux 5. A flaw was found in the way OpenLDAP's
  slapd daemon handled malformed objectClasses LDAP attributes. A local
  or remote attacker could create an LDAP request which could cause a
  denial of service by crashing slapd. This update has been rated as
  having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/130653 

* RedHat: Important: tetex security update (Nov 8)
  ------------------------------------------------
  Updated tetex packages that fix several security issues are now
  available for Red Hat Enterprise Linux 4 and 5.  Alin Rad Pop
  discovered several flaws in the handling of PDF files. An attacker
  could create a malicious PDF file that would cause TeTeX to crash or
  potentially execute arbitrary code when opened. This update has been
  rated as having important security impact by the Red Hat Security
  Response Team.

http://www.linuxsecurity.com/content/view/130639 

--------------------------------------------------------------------------

* Slackware:   xpdf/poppler/koffice/kdegraphics (Nov 12)
  ------------------------------------------------------
  These updated packages address similar bugs which could be used to
  crash applications linked with poppler or that use code from xpdf
  through the use of a malformed PDF document.	It is possible that a
  maliciously crafted document could cause code to be executed in the
  context of the user running the application processing the PDF.

http://www.linuxsecurity.com/content/view/130776 

* Slackware:   php for Slackware 11.0 reissued (Nov 11)
  -----------------------------------------------------
  The security/bug fix update for Slackware 11.0 has been reissued to fix
  a zero-length /usr/bin/php-cgi.  Thanks to TJ Munro for pointing this
  out. Sorry for any inconvenience.

http://www.linuxsecurity.com/content/view/130772 

* Slackware:   php (Nov 10)
  -------------------------
  New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, 12.0,
  and -current to fix security and other bugs. Note that PHP5 was not
  officially supported in Slackware 10.1 or 10.2 (being in the /testing
  directory), and was not the default version of PHP for Slackware 11.0
  (being in the /extra directory), but updates are being provided anyway.

http://www.linuxsecurity.com/content/view/130771 

--------------------------------------------------------------------------

* SuSE: xpdf and more (SUSE-SA:2007:060) (Nov 14)
  -----------------------------------------------
  Secunia Research reported three security bugs in xpdf. The first
  problem occurs while indexing an array in
  DCTStream::readProgressiveDataUnit() and is tracked by CVE-2007-4352.
  Another method in the same class named reset() is vulnerable to an
  integer overflow which leads to an overflow on the heap, CVE-2007-5392.
  The last bug also causes an overflow on the heap but this time in
  method lookChar() of class CCITTFaxStream, CVE-2007-5393.

http://www.linuxsecurity.com/content/view/130931 

--------------------------------------------------------------------------

* Ubuntu:  VMWare vulnerabilities (Nov 15)
  ----------------------------------------
  Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
  did not correctly handle certain packet structures.  Remote attackers
  could send specially crafted packets and gain root privileges.

http://www.linuxsecurity.com/content/view/131038 

* Ubuntu:  poppler vulnerabilities (Nov 14)
  -----------------------------------------
  Secunia Research discovered several vulnerabilities in poppler.  If a
  user were tricked into loading a specially crafted PDF file, a remote
  attacker could cause a denial of service or possibly execute arbitrary
  code with the user's privileges in applications linked against poppler.

http://www.linuxsecurity.com/content/view/130929 

* Ubuntu:  Emacs vulnerability (Nov 13)
  -------------------------------------
  Drake Wilson discovered that Emacs did not correctly handle the safe
  mode of "enable-local-variables". If a user were tricked into opening a
  specially crafted file while "enable-local-variables" was set to the
  non-default ":safe", a remote attacker could execute arbitrary commands
  with the user's privileges.

http://www.linuxsecurity.com/content/view/130928 

* Ubuntu:  flac vulnerability (Nov 13)
  ------------------------------------
  Sean de Regge discovered that flac did not properly perform bounds
  checking in many situations. An attacker could send a specially crafted
  FLAC audio file and execute arbitrary code as the user or cause a
  denial of service in flac or applications that link against flac.

http://www.linuxsecurity.com/content/view/130926 

--------------------------------------------------------------------------

* Foresight: perl (Nov 12)
  ------------------------
  Previous versions of the perl package contain a buffer overflow in the
    regular expression parsing code which could allow an attacker to
  execute    arbitrary code via a program which uses perl to parse
  untrusted input as a	  regular expression.

http://www.linuxsecurity.com/content/view/130814 

* Foresight: pidgin (Nov 12)
  --------------------------
  Previous versions of pidgin are vulnerable to a denial-of-service when
    pidgin has been configured to use HTML logging. Logging is not
  enabled by	default, so the default install of Foresight Linux is not
  vulnerable to    this issue.

http://www.linuxsecurity.com/content/view/130812 

* Foresight: ImageMagick (Nov 12)
  -------------------------------
  Previous versions of the ImageMagick package are vulnerable to multiple
     attacks whereby an attacker might be able to execute arbitrary code
  by	coercing the user into opening specially-crafted files with
  ImageMagick.

http://www.linuxsecurity.com/content/view/130811 

* Foresight: libpng (Nov 12)
  --------------------------
  Previous versions of the libpng package can cause applications to
  crash when loading malformed PNG files.  It is not currently known
  that this vulnerability can be exploited to execute malicious code.

http://www.linuxsecurity.com/content/view/130810 

* Foresight: pcre (Nov 12)
  ------------------------
  Previous versions of the pcre package contain multiple vulnerabilities
    which may allow an attacker to execute arbitrary code.

     The pcre library and utilities are not known to be exposed via any
   privileged or remote interfaces within Foresight Linux by default, but
  many	  applications linked to the pcre library are routinely exposed
  to untrusted	  data.

http://www.linuxsecurity.com/content/view/130809 

* Foresight: perl (Nov 12)
  ------------------------
  Previous versions of the perl package contain weaknesses when
  evaluating	regular expressions.

     If a system is serving a perl-based web application that evaluates
   remote input as a regular expression, an attacker may be be able to
  exploit these weaknesses to execute arbitrary, attacker-provided code
  on	the system, potentially elevating this to a remote, deterministic
     unauthorized access vulnerability.

http://www.linuxsecurity.com/content/view/130808 

* Foresight: ruby (Nov 12)
  ------------------------
  Previous versions of the ruby package include a library, Net::HTTPS,
  which does not properly verify the CN (common name) field in ssl
  certificates, making it easier to perform a man-in-the-middle
  attack.

     It is believed that Foresight Linux does not include any programs
  which rely on this feature of the Net::HTTPS library, and so is not
  affected by default.

http://www.linuxsecurity.com/content/view/130813 
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

To unsubscribe email vuln-newsletter-request@linuxsecurity.com 
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods