+------------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| May 9th, 2008 Volume 9, Number 19 |
| |
| Editorial Team: Dave Wreski <dwreski@private> |
| Benjamin D. Thomas <bthomas@private> |
+------------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week security advisories were issued for CUPS, Emacs, KDE, LTSP,
OpenOffice.org, b2evolution, blender, cacti, cpio, gpdf, kazehakase,
kdelibs, kernel, mozilla-thunderbird, openssh, php, roundup, wordpress,
and multiple X11 terminals. The distributors included Debian, Gentoo,
Mandriva, Red Hat, Slackware, and Ubuntu.
---
>> Linux+DVD Magazine <<
Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of
Open Source software. The majority of our readers is between 15 and 40
years old. They are interested in current news from the Linux world,
upcoming projects etc.
In each issue you can find information concerning typical use of Linux:
safety, databases, multimedia, scientific tools, entertainment,
programming, e-mail, news and desktop environments.
http://www.linuxsecurity.com/ads/adclick.php?bannerid=3D26
---
Review: The Book of Wireless
----------------------------
=93The Book of Wireless=94 by John Ross is an answer to the problem of
learning about wireless networking. With the wide spread use of Wireless
networks today anyone with a computer should at least know the basics of
wireless. Also, with the wireless networking, users need to know how to
protect themselves from wireless networking attacks.
http://www.linuxsecurity.com/content/view/136167
---
April 2008 Open Source Tool of the Month: sudo
----------------------------------------------
This month the editors at LinuxSecurity.com have chosen sudo as the Open
Source Tool of the Month!
http://www.linuxsecurity.com/content/view/135868
--> Take advantage of the LinuxSecurity.com Quick Reference Card! <--
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <--
--------------------------------------------------------------------------
* EnGarde Secure Community 3.0.19 Now Available! (Apr 15)
-------------------------------------------------------
Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.19 (Version 3.0, Release 19). This release includes many
updated packages and bug fixes and some feature enhancements to the
EnGarde Secure Linux Installer and the SELinux policy.
http://www.linuxsecurity.com/content/view/136174
--------------------------------------------------------------------------
* Debian: New kazehakase packages fix execution of arbitrary (May 6)
------------------------------------------------------------------
The PCRE library has been updated to fix the security issues reported
against it in previous Debian Security Advisories. This update ensures
that kazehakase uses that supported library, and not its own embedded
and insecure version.
http://www.linuxsecurity.com/content/view/136706
* Debian: New roundup packages fix regression (May 6)
---------------------------------------------------
Roundup, an issue tracking system, fails to properly escape HTML input,
allowing an attacker to inject client-side code (typically JavaScript)
into a document that may be viewed in the victim's browser.
http://www.linuxsecurity.com/content/view/136702
* Debian: New cacti packages fix regression (May 6)
-------------------------------------------------
It was discovered that Cacti, a systems and services monitoring
frontend, performed insufficient input sanitising, leading to cross
site scripting and SQL injection being possible.
http://www.linuxsecurity.com/content/view/136701
* Debian: New cacti packages fix multiple vulnerabilities (May 5)
---------------------------------------------------------------
It was discovered that Cacti, a systems and services monitoring
frontend, performed insufficient input sanitising, leading to cross
site scripting and SQL injection being possible.
http://www.linuxsecurity.com/content/view/136698
* Debian: New b2evolution packages fix cross site scripting (May 5)
-----------------------------------------------------------------
"unsticky" discovered that b2evolution, a blog engine, performs
insufficient input sanitising, allowing for cross site scripting.
http://www.linuxsecurity.com/content/view/136697
* Debian: New blender packages fix arbitrary code execution (May 5)
-----------------------------------------------------------------
Stefan Cornelius discovered a vulnerability in the Radiance High
Dynamic Range (HDR) image parser in Blender, a 3D modelling
application.=09The weakness could enable a stack-based buffer overflow
and the execution of arbitrary code if a maliciously-crafted HDR file
is opened, or if a directory containing such a file is browsed via
Blender's image-open dialog.
http://www.linuxsecurity.com/content/view/136696
* Debian: New cpio packages fix denial of service (May 2)
-------------------------------------------------------
Dmitry Levin discovered a vulnerability in path handling code used by
the cpio archive utility. The weakness could enable a denial of
service (crash) or potentially the execution of arbitrary code if a
vulnerable version of cpio is used to extract or to list the contents
of a maliciously crafted archive.
http://www.linuxsecurity.com/content/view/136691
* Debian: New Linux 2.6.18 packages fix several vulnerabilities (May 1)
---------------------------------------------------------------------
Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
http://www.linuxsecurity.com/content/view/136688
* Debian: New wordpress packages fix several vulnerabilities (May 1)
------------------------------------------------------------------
Several remote vulnerabilities have been discovered in wordpress, a
weblog manager. The Common Vulnerabilities and Exposures project
identifies the following problems: Insufficient input sanitising
allowed for remote attackers to redirect visitors to external
websites.
http://www.linuxsecurity.com/content/view/136687
--------------------------------------------------------------------------
* Gentoo: Multiple X11 terminals Local privilege escalation (May 7)
-----------------------------------------------------------------
A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT,
rxvt-unicode, and wterm, allowing for local privilege escalation.
http://www.linuxsecurity.com/content/view/136718
--------------------------------------------------------------------------
* Mandriva: Updated openssh packages fix vulnerability (May 6)
------------------------------------------------------------
A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to
bypass intended security restrictions enabling them to execute commands
other than those specified by the ForceCommand directive, provided they
are able to modify to ~/.ssh/rc (CVE-2008-1657). The updated packages
have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/136710
* Mandriva: Updated kdelibs packages fix vulnerability in (May 6)
---------------------------------------------------------------
A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9
where, if it was installed setuid root, it could allow local users to
cause a denial of service or possibly execute arbitrary code
(CVE-2008-1671). By default, start_kdeinit is not installed setuid root
on Mandriva Linux, however updated packages have been patched to
correct this issue.
http://www.linuxsecurity.com/content/view/136709
* Mandriva: Updated emacs packages fix vulnerability in vcdiff (May 6)
--------------------------------------------------------------------
Steve Grubb found that the vcdiff script in Emacs create temporary
files insecurely when used with SCCS. A local user could exploit a
race condition to create or overwrite files with the privileges of the
user invoking the program (CVE-2008-1694). The updated packages have
been patched to correct this issue.
http://www.linuxsecurity.com/content/view/136708
* Mandriva: Updated OpenOffice.org packages fix (May 2)
-----------------------------------------------------
A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow
user-assisted remote attackers to execute arbitrary Java code via
crafted database documents (CVE-2007-4575).
http://www.linuxsecurity.com/content/view/136692
--------------------------------------------------------------------------
* RedHat: Important: gpdf security update (May 8)
-----------------------------------------------
Kees Cook discovered a flaw in the way gpdf displayed malformed fonts
embedded in PDF files. An attacker could create a malicious PDF file
that would cause gpdf to crash, or, potentially, execute arbitrary code
when opened. (CVE-2008-1693)
http://www.linuxsecurity.com/content/view/136721
* RedHat: Important: kernel security and bug fix update (May 7)
-------------------------------------------------------------
Updated kernel packages that fix various security issues and several
bugs are now available for Red Hat Enterprise Linux 3. This update has
been rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/136713
* RedHat: Important: kernel security and bug fix update (May 7)
-------------------------------------------------------------
Updated kernel packages that fix various security issues and several
bugs are now available for Red Hat Enterprise Linux 5. This update has
been rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/136714
* RedHat: Important: kernel security and bug fix update (May 7)
-------------------------------------------------------------
Updated kernel packages that fix various security issues and several
bugs are now available for Red Hat Enterprise Linux 4. This update has
been rated as having important security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/136715
--------------------------------------------------------------------------
* Slackware: php (May 8)
------------------------
New php packages are available for Slackware 10.2, 11.0, 12.0, 12.1,
and -current to fix security issues. Note that PHP5 is not the default
PHP for Slackware 10.2 or 11.0 (those use PHP4), so if your PHP code is
not ready for PHP5, don't upgrade until it is or you'll (by definition)
run into problems. More details about one of the issues may be found in
the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-0599
http://www.linuxsecurity.com/content/view/136719
* Slackware: mozilla-thunderbird (May 8)
----------------------------------------
New mozilla-thunderbird packages are available for Slackware 10.2,
11.0, 12.0, 12.1, and -current to fix security issues, including
crashes that can corrupt memory, as well as a JavaScript privilege
escalation and arbitrary code execution flaw. More details about these
issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thu
nderbird
http://www.linuxsecurity.com/content/view/136720
--------------------------------------------------------------------------
* Ubuntu: LTSP vulnerability (May 7)
-----------------------------------
Christian Herzog discovered that it was possible to connect to any LTSP
client's X session over the network.=09A remote attacker could eavesdrop
on X events, read window contents, and record keystrokes, possibly
gaining access to private information.
http://www.linuxsecurity.com/content/view/136712
* Ubuntu: OpenOffice.org vulnerabilities (May 7)
-----------------------------------------------
It was discovered that arbitrary Java methods were not filtered out
when opening databases in OpenOffice.org. If a user were tricked into
running a specially crafted query, a remote attacker could execute
arbitrary Java with user privileges. (CVE-2007-4575)
http://www.linuxsecurity.com/content/view/136711
* Ubuntu: Thunderbird vulnerabilities (May 6)
--------------------------------------------
Various flaws were discovered in the JavaScript engine. If a user had
JavaScript enabled and were tricked into opening a malicious email, an
attacker could escalate privileges within Thunderbird, perform
cross-site scripting attacks and/or execute arbitrary code with the
user's privileges.
http://www.linuxsecurity.com/content/view/136707
* Ubuntu: KDE vulnerability (May 6)
----------------------------------
It was discovered that start_kdeinit in KDE 3 did not properly sanitize
its input. A local attacker could exploit this to send signals to other
processes and cause a denial of service or possibly execute arbitrary
code. (CVE-2008-1671)
http://www.linuxsecurity.com/content/view/136703
* Ubuntu: Emacs vulnerabilities (May 6)
--------------------------------------
It was discovered that Emacs did not account for precision when
formatting integers. If a user were tricked into opening a specially
crafted file, an attacker could cause a denial of service or possibly
other unspecified actions. This issue does not affect Ubuntu 8.04.
(CVE-2007-6109) Steve Grubb discovered that the vcdiff script as
included in Emacs created temporary files in an insecure way when used
with SCCS. Local users could exploit a race condition to create or
overwrite files with the privileges of the user invoking the program.
(CVE-2008-1694)
http://www.linuxsecurity.com/content/view/136704
* Ubuntu: CUPS vulnerability (May 5)
-----------------------------------
Thomas Pollet discovered that CUPS did not properly validate the size
of PNG images. A local attacker, and a remote attacker if printer
sharing is enabled, could send a crafted file and cause a denial of
service or possibly execute arbitrary code as the non-root user in
Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated
by the AppArmor CUPS profile. (CVE-2008-1722)
http://www.linuxsecurity.com/content/view/136695
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Comments