AOH :: ISNQ5858.HTM

Linux Advisory Watch: July 4th, 2008




Linux Advisory Watch: July 4th, 2008
Linux Advisory Watch: July 4th, 2008



+----------------------------------------------------------------------+
| LinuxSecurity.com                                  Weekly Newsletter |
| July 4th, 2008                                   Volume 9, Number 27 |
|                                                                      |
| Editorial Team: Dave Wreski  | 
| Benjamin D. Thomas  | 
+----------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for sympa, dbus, selinux-policy,
libetpan, perl, python, libgnomeeui, xine-lib, firefox, seamonkey,
ruby, samba, and openssl.  The distributors include Debian, Fedora,
Gentoo, Red Hat, and Ubuntu.

---

>> Linux+DVD Magazine <<

In each issue you can find information concerning the best use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.

Catch up with what professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software are doing!

http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 

---

Security Features of Firefox 3.0
--------------------------------
Lets take a look at the security features of the newly released Firefox
3.0. Since it's release on Tuesday I have been testing it out to see
how the new security enhancements work and help in increase user
browsing security.  One of the exciting improvements for me was how
Firefox handles SSL secured web sites while browsing the Internet.
There are also many other security features that this article will look
at. For example, improved plugin and addon security.

Read on for more security features of Firefox 3.0.

http://www.linuxsecurity.com/content/view/138972 

---

Review: The Book of Wireless
----------------------------
"The Book of Wireless" by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of
Wireless networks today anyone with a computer should at least know the
basics of wireless. Also, with the wireless networking, users need to
know how to protect themselves from wireless networking attacks.

http://www.linuxsecurity.com/content/view/136167 

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!  <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- 

------------------------------------------------------------------------

* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
  -------------------------------------------------------
  Guardian Digital is happy to announce the release of EnGarde Secure
  Community 3.0.19 (Version 3.0, Release 19).  This release includes
  many updated packages and bug fixes and some feature enhancements to
  the EnGarde Secure Linux Installer and the SELinux policy.

http://www.linuxsecurity.com/content/view/136174 

------------------------------------------------------------------------

* Debian: New sympa packages fix denial of service (Jul 1)
  --------------------------------------------------------
  It was discovered that sympa, a modern mailing list manager, would
  crash when processing certain types of malformed messages.

http://www.linuxsecurity.com/content/view/139296 

* Debian: New dbus packages fix privilege escalation (Jun 26)
  -----------------------------------------------------------
  Havoc Pennington discovered that DBus, a simple interprocess
  messaging system, performs insufficient validation of security
  policies, which might allow local privilege escalation.

http://www.linuxsecurity.com/content/view/139131 

------------------------------------------------------------------------

* Fedora 9 Update: selinux-policy-3.3.1-72.fc9 (Jul 1)
  ----------------------------------------------------
  SELinux Reference Policy - modular. Based off of reference policy:
  Checked out revision 2624.

http://www.linuxsecurity.com/content/view/139248 

* Fedora 8 Update: libetpan-0.54-1.fc8 (Jun 26)
  ---------------------------------------------
  Update to new upstream version 0.54 fixing a crash (NULL pointer
  dereference) in the mail message header parser.    Note: There is no
  application in Fedora using libetpan library for which such crash
  could be considered a security issue. This can only be a security
  sensitive issue for some 3rd party, not packages applications.

http://www.linuxsecurity.com/content/view/139125 

* Fedora 9 Update: perl-5.10.0-27.fc9 (Jun 26)
  --------------------------------------------
  CVE-2008-2827 perl: insecure use of chmod in rmtree

http://www.linuxsecurity.com/content/view/139106 

------------------------------------------------------------------------

* Gentoo: Motion Execution of arbitrary code (Jul 1)
  --------------------------------------------------
  Multiple vulnerabilities in Motion might result in the execution of
  arbitrary code.

http://www.linuxsecurity.com/content/view/139295 

* Gentoo: Python Multiple integer overflows (Jul 1)
  -------------------------------------------------
  Multiple integer overflows may allow for Denial of Service.

http://www.linuxsecurity.com/content/view/139294 

------------------------------------------------------------------------

* Mandriva: Updated libgnomeui2 packages fix text rendering bug (Jun 30)
  ----------------------------------------------------------------------
  A missing initialization was preventing correct text rendering in the
  GTK2 file selector, when using non-UTF8 locales.  This updated
  package fixes this issue, as well as memory leaks and also includes
  new translations from the GNOME 2.22.2 release.

http://www.linuxsecurity.com/content/view/139239 

* Mandriva: Updated xine-lib packages fix vulnerability in (Jun 26)
  -----------------------------------------------------------------
  A vulnerability in the Speex library was found where it did not
  properly validate input values read from the Speex files headers. An
  attacker could create a malicious Speex file that would crash an
  application or potentially allow the execution of arbitrary code with
  the privileges of the application calling the Speex library
  (CVE-2008-1686).

http://www.linuxsecurity.com/content/view/139134 

------------------------------------------------------------------------

* RedHat: Critical: firefox security update (Jul 2)
  -------------------------------------------------
  Updated firefox packages that fix several security issues are now
  available for Red Hat Enterprise Linux 5. This update has been rated
  as having critical security impact by the Red Hat Security Response
  Team.

http://www.linuxsecurity.com/content/view/139334 

* RedHat: Moderate: Red Hat Application Stack v1.3 (Jul 2)
  --------------------------------------------------------
  Red Hat Application Stack v1.3 is now available. This update fixes a
  security issue and adds several enhancements. This updated has been
  rated as having moderate security impact by the Red Hat Security
  Response Team.

http://www.linuxsecurity.com/content/view/139335 

* RedHat: Moderate: Red Hat Application Stack v2.1 (Jul 2)
  --------------------------------------------------------
  Red Hat Application Stack v2.1 is now available. This update fixes
  various security issues and adds several enhancements. This update
  has been rated as having moderate security impact by the Red Hat
  Security Response Team.

http://www.linuxsecurity.com/content/view/139336 

* RedHat: Critical: seamonkey security update (Jul 2)
  ---------------------------------------------------
  This update has been rated as having critical security impact by the
  Red Hat Security Response Team.Several flaws were found in the
  processing of malformed web content. A web page containing malicious
  content could cause SeaMonkey to crash or, potentially, execute
  arbitrary code as the user running SeaMonkey.

http://www.linuxsecurity.com/content/view/139332 

* RedHat: Critical: firefox security update (Jul 2)
  -------------------------------------------------
  An updated firefox package that fixes several security issues is now
  available for Red Hat Enterprise Linux 4. Multiple flaws were found
  in the processing of malformed JavaScript content. A web page
  containing such malicious content could cause Firefox to crash or,
  potentially, execute arbitrary code as the user running Firefox.

http://www.linuxsecurity.com/content/view/139333 

------------------------------------------------------------------------

* Slackware:   ruby (Jun 28)
  --------------------------
  New ruby packages are available for Slackware 11.0, 12.0, 12.1, and
  -current to fix security issues. More details about this issue may be
  found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726 

http://www.linuxsecurity.com/content/view/139178 

------------------------------------------------------------------------

* Ubuntu:  Firefox vulnerabilities (Jul 2)
  ----------------------------------------
  Various flaws were discovered in the browser engine. By tricking a
  user into opening a malicious web page, an attacker could cause a
  denial of service via application crash, or possibly execute
  arbitrary code with the privileges of the user invoking the program.
  (CVE-2008-2798, CVE-2008-2799)

http://www.linuxsecurity.com/content/view/139331 

* Ubuntu:  Samba regression (Jun 30)
  ----------------------------------
  Samba developers discovered that nmbd could be made to overrun  a
  buffer during the processing of GETDC logon server requests.	When
  samba is configured as a Primary or Backup Domain Controller,  a
  remote attacker could send malicious logon requests and possibly
  cause a denial of service. (CVE-2007-4572)

http://www.linuxsecurity.com/content/view/139235 

* Ubuntu:  Ruby vulnerabilities (Jun 26)
  --------------------------------------
  Drew Yao discovered several vulnerabilities in Ruby which lead to
  integer overflows. If a user or automated system were tricked into
  running a malicious script, an attacker could cause a denial of
  service or execute arbitrary code with the privileges of the user
  invoking the program.

http://www.linuxsecurity.com/content/view/139133 

* Ubuntu:  OpenSSL vulnerabilities (Jun 26)
  -----------------------------------------
  It was discovered that OpenSSL was vulnerable to a double-free when
  using TLS server extensions. A remote attacker could send a crafted
  packet and cause a denial of service via application crash in
  applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile
  TLS server extensions by default. (CVE-2008-0891) It was discovered
  that OpenSSL could dereference a NULL pointer. If a user or automated
  system were tricked into connecting to a malicious server with
  particular cipher suites, a remote attacker could cause a denial of
  service via application crash. (CVE-2008-1672)

http://www.linuxsecurity.com/content/view/139127 

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

To unsubscribe email vuln-newsletter-request@linuxsecurity.com 
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods