Linux Security Watch m16
Linux Security Watch m16
This week advisories were released for java, abiworld, cyrus, squirrelmail, libgd1, openssl, hpsockd, policycoreutils, prelink, libselinux, udev, tcpdump, samba, gaim, FreeBSD kernel, phpMyAdmin, libxpm4, kde, amavisd, open motif, linux kernel, and cyrus-imapd. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Trustix, Red Hat, and SuSE. Mass deploying Osiris Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel. ---- AIDE and CHKROOTKIT Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. - Take advantage of the LinuxSecurity.com Quick Reference Card! Distribution: Conectiva * Conectiva: java plugin vulnerability 26th, Jouko Pynnonen reported[2], through iDEFENSE, a vulnerability[3] in the plugin mechanism which allows remote attackers to bypass the Java sandbox through the use of javascript. * Conectiva: abiword buffer overflow vulnerability fix 1st, iDefense[3] discovered[4] a buffer overflow vulnerability[5] in the wv library which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. * Conectiva: cyrus-imapd Multiple vulnerabilities 1st, Stefan Esser from e-matters security recently published[2] several vulnerabilities in cyrus-imapd. * Conectiva: squirrelmail cross site scripting vulnerability fix 2nd, Joost Pol noticed[2] that SquirrelMail is prone to a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the result. Distribution: Debian * Debian: libgd1 arbitrary code execution fix 29th, More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine. * Debian: libgd2 arbitrary code execution fix 29th, More potential integer overflows have been found in the GD graphics library which weren't covered by our security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine. * Debian: openssl insecure temporary file creation fix 1st, Trustix developers discovered insecure temporary file creation in a supplemental script (der_chop) of the openssl package which may allow local users to overwrite files via a symlink attack. * Debian: hpsockd denial of service fix 3rd, "infamous41md" discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect. Distribution: Fedora * Fedora: policycoreutils-1.18.1-2 update Resend with correct id 30th, FixFiles.cron is not needed for targeted policy and needs to be reworked for strict policy. Removing prevents possible relabeling problems. * Fedora: policycoreutils-1.18.1-2 update 30th, FixFiles.cron is not needed for targeted policy and needs to be reworked for strict policy. Removing prevents possible relabeling problems. * Fedora: prelink-0.3.3-0.fc3 update 30th, if layout code needs to re-prelink some library, make sure all libraries that depend on it are re-prelinked too (#140081) * Fedora: libselinux-1.19.1-8 update 30th, Change location of helper applications and remove some debug applications that should not have been part of the distribution. * Fedora: udev-039-10.FC3.2 update 30th, Forgot to turn of debugging logging. This release speeds up udev. * Fedora: tcpdump-3.8.2-6.FC2.1 update 30th, fixed nfs protocol parsing for 64 bit architectures (bug 132781) * Fedora: abiword-2.0.12-7.fc3 update 30th, Fixes for tempnam usages and startup geometry crashes * Fedora: system-config-securitylevel-1.4.18-2 update 29th, This fixes tracebacks introduced by the libselinux update (#139155) * Fedora: samba-3.0.9-1.fc2 update 29th, This update closes two security holes: CAN--0882 and CAN--0930 * Fedora: samba-3.0.9-1.fc3 update 29th, This update closes two security holes: CAN--0882 and CAN--0930. * Fedora: gaim-1.0.2-0.FC2 update 29th, FC2 Update * Fedora: squirrelmail-1.4.3a-6.FC2 update 28th, CAN--1036 Cross Site Scripting in encoded text * Fedora: squirrelmail-1.4.3a-6.FC3 update 28th, CAN--1036 Cross Site Scripting in encoded text * Fedora: spamassassin-3.0.1-0.FC3 update 28th, Several important bug fixes in upstream release. * Fedora: system-config-date-1.7.13-0.fc3.1 update 29th, enable Gujarati and Tamil translations (#140881) Distribution: FreeBSD * FreeBSD: Kernel memory disclosure in procfs and linprocfs 2nd, The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed. Distribution: Gentoo * Gentoo: Sun and Blackdown Java Applet privilege escalation 29th, The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. * Gentoo: Open DC Hub Remote code execution 28th, Open DC Hub contains a buffer overflow that can be exploited to allow remote code execution. * Gentoo: phpWebSite HTTP response splitting vulnerability 26th, phpWebSite is vulnerable to possible HTTP response splitting attacks. * Gentoo: phpMyAdmin Multiple XSS vulnerabilities 27th, phpMyAdmin is vulnerable to cross-site scripting attacks. Distribution: Mandrake * Mandrake: libxpm4 correct issues with previous update 30th, The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependant on the library. In addition, the file path checking in the security updates prevented some applications, like gimp-2.0 from being able to save xpm format images. * Mandrake: kdepim various bugs fix 27th, A number of bugs in kdepim are fixed with this update. * Mandrake: kdelibs various bugs fix 26th, A number of bugs in kdelibs are fixed with this update. * Mandrake: kdebase various bugs fixes 26th, A number of bugs in kdebase are fixed with this update. Distribution: Trustix * Trustix: amavisd-new, anaconda, courier-imap, cyrus-imapd, cyrus-sasl, file, kernel, mkbootdisk, mys 29th, Fix amavis user creation on install. Support kickstart files on FTP. Hyperthreading detection. Distribution: Red Hat * Red Hat: openmotif image vulnerability fix 2nd, Updated openmotif packages that fix flaws in the Xpm image library are now available. * Red Hat: kernel security vulnerabilities fix 2nd, Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. * SuSE: various kernel problems 1st, Several security problems have been found and addressed by the SUSE Security Team. The following issues are present in all SUSE Linux based products. Distribution: SuSE * SuSE: cyrus-imapd remote command execution 3rd, Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended.
