[ISN] Linux Advisory Watch - April 7th 2006

InfoSec News isn at c4i.org
Fri Apr 7 01:34:45 EDT 2006


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  April 7th, 2006                            Volume 7, Number 15n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week advisories were released for apache, storebackup, kaffeine,
clamav, dia, sash, mailman, rpm, scim-hangul, scim, mrtg, wpa_supplicant,
samba, policycoreutils, selinux-policy, mc, k3b, open office, pcmciautils,
gnome-applets, binutils, sendmail, newt, dovecot, dia, sane-backends,
iptraf, tix, xscreensaver, liboil, alsa-utils, system-config-printer,
horde, freeradius, mysql, and openmotif.  The distributors include
Debian, Fedora, Gentoo, Mandriva, and Red Hat.

---

EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi

---

Review: The TCP/IP Guide
By: Eric Lubow

To be a comprehensive source of information is something that any
and every author attempts to be in their works. While writing The
TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols
Reference, Charles Kozierok nothing short of comprehensive. In this
1616 page, 88 chapter reference of the TCP/IP protocol set, all
the important topics are covered.

Normally, when I review books, I give a little bit of information
on each chapter. In this case, that would be a little drastic and
cause an extremely long review.

Whatever little I write as a summary here just will not do this
guide the justice it deserves for the effort of the author. Although
the book covers such a wide variety of topics, each one is covered
very thoroughly.

Beginning with basic networking concepts and moving into the OSI
(Open Systems Interconnection) model, the bases are fully covered.
He even goes so far in depth as to discuss the standards
organizations that contribute to, support, and govern networking
and the Internet. Once the OSI model is covered, he goes on to
talk about how TCP, UDP, and IP protocols integrate themselves
into the OSI model.

The first topic that is covered within the TCP/IP protocol suite
are the interface protocols: SLIP and PPP. Every major PPP and
SLIP sub item is covered within the chapters. These include: LCP,
PAP, CHAP, ECP, PPP MP, just to name a few.

The next set of chapters is covering ARP, RARP, IPv4, IPv6, IP
NAT and IP Sec. This basically covers how to move from level 2
to level 3 in the OSI model. Following the OSI model up, he then
covers ICMPv4 and ICMPv6 prior to proceeding into routing. The
routing protocols covered are: RIP, RIP-2, RIPng OSPF, BGP3,
BGP4, GGP, EGP, EGRP, EIGRP, and HELLO.

After thoroughly covering how data moves from place to place on
the lower levels of the OSI model, he begins by covering TCP and
UDP by session establishment and handshaking. Since the book is
about TCP protocols, there is a lot of discussion and diagrams
of message headers and the theory behind TCP and UDP being
designed the way they are.

Since all these protocols are merely transport mechanisms for
higher level applications, a great deal of time in this book is
dedicated to how those higher level applications function. Some
of these applications and systems are: DNS, NFS, BOOTP, DHCP,
SNMP, RMON, URI and URL structure, FTP, TFP, Email systems
including SMTP and MIME structures, HTTP (transfers, encoding,
messages, entities, etc), NNTP, and Gopher (again to name just
a few). All of these applications that now have counterparts
that support IPv6 are also examined and broken down. Each one
of the topics listed above have associated diagrams and message
layouts to allow as deep a comprehension as is desired by the
reader.

He finishes up the book talking about remote application protocols
and troubleshooting tools. This is especially handy information to
have at your fingertips if you are constantly troubleshooting
network or application level issues. He even goes so far as to
break down common UNIX and Windows commands into their command
lines and what the output is actually saying about the state of
the packet, interface, application, or network.

Read More:
http://www.linuxsecurity.com/content/view/122263/49/

----------------------

EnGarde Secure Community 3.0.4 Released

Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.4 (Version 3.0, Release 4). This release
includes several bug fixes and feature enhancements to the Guardian
Digital WebTool and the SELinux policy, and several new packages
available for installation.

http://www.linuxsecurity.com/content/view/121560/65/

---

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New Apache2::Request packages fix denial of service
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122186


* Debian: New storebackup packages fix several vulnerabilities
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122206


* Debian: New Linux kernel 2.4.27 packages fix several
vulnerabilities
  5th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122222


* Debian: New kaffeine packages fix arbitrary code execution
  5th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122223


* Debian: New clamav packages fix several vulnerabilities
  5th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122237


* Debian: New dia packages fix arbitrary code execution
  6th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122244


* Debian: New sash packages fix potential arbitrary code execution
  6th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122245


* Debian: New mailman packages fix denial of service
  6th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122246


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: kernel-2.6.16-1.2069_FC4
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122170


* Fedora Core 4 Update: rpm-4.4.1-23
  30th, March, 2006

This update fixes an issue with a double free experienced in
verification with matchpathcon.

http://www.linuxsecurity.com/content/view/122171


* Fedora Core 5 Update: scim-hangul-0.2.2-1.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122172


* Fedora Core 5 Update: scim-anthy-1.0.0-1.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122173


* Fedora Core 5 Update: mrtg-2.13.2-0.fc5.1
  30th, March, 2006

Fixes the RouterUptime option.

http://www.linuxsecurity.com/content/view/122174


* Fedora Core 5 Update: wpa_supplicant-0.4.8-6.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122175


* Fedora Core 5 Update: samba-3.0.22-1.fc5
  30th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122176


* Fedora Core 5 Update: policycoreutils-1.30.1-3.fc5
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122189


* Fedora Core 5 Update: selinux-policy-2.2.25-3.fc5
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122190


* Fedora Core 5 Update: mc-4.6.1a-12.FC5
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122191


* Fedora Core 5 Update: k3b-0.12.14-0.FC5.2
  3rd, April, 2006

update to version 0.12.14

http://www.linuxsecurity.com/content/view/122192


* Fedora Core 4 Update: k3b-0.12.14-0.FC4.1
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122193


* Fedora Core 5 Update: openoffice.org-2.0.2-5.7.2
  3rd, April, 2006

Fixes for a11y and font handling.

http://www.linuxsecurity.com/content/view/122194


* Fedora Core 5 Update: pcmciautils-012-0.FC5.2
  3rd, April, 2006

User with pcmcia, namely Laptop users, who experience a hangup	at
"Starting udev" should update to this package.


http://www.linuxsecurity.com/content/view/122195


* Fedora Core 5 Update: gnome-applets-2.14.0-1.fc5
  3rd, April, 2006

This update allows the gswitchit applet's plugins to work.

http://www.linuxsecurity.com/content/view/122196


* Fedora Core 5 Update: perl-HTML-Parser-3.51-1.FC5
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122197


* Fedora Core 5 Update: perl-DBD-Pg-1.47-0.1.FC5
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122198


* Fedora Core 5 Update: perl-Net-DNS-0.57-1
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122199


* Fedora Core 5 Update: binutils-2.16.91.0.6-5
  3rd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122200


* Fedora Core 5 Update: wpa_supplicant-0.4.8-7.fc5
  3rd, April, 2006

This update works around older and 3rd-party drivers that report
wireless network names incorrectly, causing wpa_supplicant to
prematurely terminate a wireless connection.

http://www.linuxsecurity.com/content/view/122201


* Fedora Core 5 Update: gthumb-2.7.5.1-1.fc5.1
  4th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122221


* Fedora Core 4 Update: sendmail-8.13.6-0.FC4.1
  5th, April, 2006

A flaw in the handling of asynchronous signals. A remote attacker may
be able to exploit a race condition to execute arbitrary code as
root.

http://www.linuxsecurity.com/content/view/122232


* Fedora Core 5 Update: sendmail-8.13.6-0.FC5.1
  5th, April, 2006

A flaw in the handling of asynchronous signals. A remote attacker may
be able to exploit a race condition to execute arbitrary code as
root.

http://www.linuxsecurity.com/content/view/122233


* Fedora Core 5 Update: newt-0.52.2-6
  5th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122234


* Fedora Core 4 Update: dovecot-0.99.14-8.fc4
  5th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122235


* Fedora Core 4 Update: dia-0.94-13.fc4
  5th, April, 2006

Fixes CVE-2006-1550 Dia multiple buffer overflows

http://www.linuxsecurity.com/content/view/122236


* Fedora Core 5 Update: sane-backends-1.0.17-5.fc5.8
  5th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122238


* Fedora Core 5 Update: iptraf-3.0.0-1.3.FC5
  5th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122239


* Fedora Core 5 Update: tix-8.4.0-6
  5th, April, 2006

The tix package was assembled incorrectly which ended up breaking
wish and tkinter/ipython.  The libraries are now in the right place.

http://www.linuxsecurity.com/content/view/122240


* Fedora Core 5 Update: xscreensaver-4.24-2
  6th, April, 2006

Don't leak zombie processes with the GL SlideShow ScreenSaver

http://www.linuxsecurity.com/content/view/122254


* Fedora Core 5 Update: GConf2-2.14.0-1
  6th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122255


* Fedora Core 5 Update: liboil-0.3.8-1.fc5
  6th, April, 2006

This update rebases liboil to 0.3.8 to help resolve issues required
by packages in Fedora Extras.

http://www.linuxsecurity.com/content/view/122256


* Fedora Core 5 Update: gnome-screensaver-2.14.0-1.fc5
  6th, April, 2006

This update corrects a problem where kerberos credentials weren't
being properly refreshed when a user successfully authenticates in
the unlock dialog.

http://www.linuxsecurity.com/content/view/122257


* Fedora Core 5 Update: alsa-utils-1.0.11-4.rc2
  6th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122258


* Fedora Core 5 Update: system-config-printer-0.6.151.2-1
  6th, April, 2006

With no configured printers, it was not possible to disable automatic
browsing for shared printers.

http://www.linuxsecurity.com/content/view/122259


* Fedora Core 5 Update: gnome-screensaver-2.14.0-1.fc5.1
  6th, April, 2006

This update fixes problems detecting idle activity.

http://www.linuxsecurity.com/content/view/122260


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: MediaWiki Cross-site scripting vulnerability
  4th, April, 2006

MediaWiki is vulnerable to a cross-site scripting attack that could
allow arbitrary JavaScript code execution.

http://www.linuxsecurity.com/content/view/122217


* Gentoo: Horde Application Framework Remote code execution
  4th, April, 2006

The help viewer of the Horde Framework allows attackers to execute
arbitrary remote code.

http://www.linuxsecurity.com/content/view/122219


* Gentoo: FreeRADIUS Authentication bypass in EAP-MSCHAPv2
  4th, April, 2006

The EAP-MSCHAPv2 module of FreeRADIUS is affected by a validation
issue which causes some authentication checks to be bypassed.

http://www.linuxsecurity.com/content/view/122220


* Gentoo: Kaffeine Buffer overflow
  5th, April, 2006

Kaffeine is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122241


* Gentoo: Doomsday Format string vulnerability
  5th, April, 2006

Format string vulnerabilities in Doomsday may lead to the execution
of arbitrary code.

http://www.linuxsecurity.com/content/view/122243


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated dia packages fix buffer overflow vulnerabilities
  3rd, April, 2006

Three buffer overflows were discovered by infamous41md in dia's xfig
import code.  This could allow for user-complicit attackers to have
an unknown impact via a crafted xfig file, possibly involving an
invalid color index, number of points, or depth. Updated packages
have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/122207


* Mandriva: Updated php packages fix information disclosure
vulnerability
  3rd, April, 2006

A vulnerability was discovered where the html_entity_decode()
function would return a chunk of memory with length equal to the
string supplied, which could include php code, php ini data, other
user data, etc.  Note that by default, Corporate 3.0 and Mandriva
Linux LE2005 ship with magic_quotes_gpc on which seems to protect
against this vulnerability "out of the box" but users are encourages
to upgrade regardless.

http://www.linuxsecurity.com/content/view/122208


* Mandriva: Updated MySQL packages fix logging bypass vulnerability
  3rd, April, 2006

MySQL allows local users to bypass logging mechanisms via SQL queries
that contain the NULL character, which are not properly handled by
the mysql_real_query function.	Updated packages have been patched to
correct this issue.

http://www.linuxsecurity.com/content/view/122209


* Mandriva: Updated kaffeine packages fix remote buffer overflow
vulnerability
  5th, April, 2006

Marcus Meissner discovered Kaffeine contains an unchecked buffer
while creating HTTP request headers for fetching remote RAM
playlists, which allows overflowing a heap allocated buffer. As a
result, remotely supplied RAM playlists can be used to execute
arbitrary code on the client machine.

http://www.linuxsecurity.com/content/view/122231


* Mandriva: Updated FreeRADIUS packages fix off-by-one overflow
vulnerabilty
  5th, April, 2006

Off-by-one error in the sql_error function in sql_unixodbc.c in
FreeRADIUS might allow remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code by causing the external
database query to fail. Updated packages have been patched to correct
this issue.

http://www.linuxsecurity.com/content/view/122242


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: freeradius security update
  4th, April, 2006

Updated freeradius packages that fix an authentication weakness are
now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122210


* RedHat: Moderate: openmotif security update
  4th, April, 2006

Updated openmotif packages that fix a security issue are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122211

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list