[ISN] Linux Advisory Watch - June 16th 2006

InfoSec News isn at c4i.org
Mon Jun 19 03:40:54 EDT 2006

|  LinuxSecurity.com                         Weekly Newsletter        |
|  June 16th, 2006                            Volume 7, Number 25n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for freetype, webcalendar,
kernel, horde3, horde2, wv2, subversion, ruby, squid, dovecot,
gdm, autofs, shadow-utils, rsync, mysql, python, scim, freetype2,
squirrelmail, libtiff, spamassassin, sendmail, mailman, kdebase,
postgresql, and php.  The distributors include Debian, Fedora,
Mandriva, Red Hat, and SuSE.


Security on your mind?

Protect your home and business networks with the free, community
version of EnGarde Secure Linux.  Don't rely only on a firewall to
protect your network, because firewalls can be bypassed.  EnGarde
Secure Linux is a security-focused Linux distribution made to protect
your users and their data.

The security experts at Guardian Digital fortify every download of
EnGarde Secure Linux with eight essential types of open source
packages.  Then we configure those packages to provide maximum
security for tasks such as serving dynamic websites, high
availability mail, transport, network intrusion detection,
and more.  The result for you is high security, easy
administration, and automatic updates.

The Community edition of EnGarde Secure Linux is completely
free and open source.  Updates are also freely available when
you register with the Guardian Digital Secure Network.



How To Break Web Software
By: Eric Lubow

With a tool so widely used by so many different types of people
like the World Wide Web, it is necessary for everyone to
understand as many aspects as possible about its functionality.
>From web designers to web developers to web users, this is a must
read. Security is a job for everyone and How To Break Web Software
by Mike Andrews and James A. Whittaker is written for everyone
to understand.

Although this book may be geared more towards the developer,
it is really a book for everyone. As I mentioned before, security
is everyone's responsibility. The ideas, concepts, and procedures
outlined in this book are things that even just the average user
should be able to pick up on and alert the webmaster of in order
to prevent potential disaster.

It is necessary to keep in mind that this book, although
seemingly full of information on how to attack web sites and
bring down servers is for informational and educational
purposes. It is to inform the developers of common programming
and design mistakes. It is also to ensure that common users with
no malicious intent can spot problems in design and nip them in
the bud before the problems become catastrophic.

The book begins by very basically showing the reader in no
uncertain terms the basic concepts that are going to be outlined
through the book. The first idea to geteveryone on the same page
with client-server relationships and general information about
the world wide web.

One of the most important aspects of an attack is knowing your
victim. The first informational chapter in this book discusses
gathering information on a potential target. Just as with all
forthcoming chapters, this one begins with the obvious
information and progresses into the more obscure, less thought
about topics.

Once the information has been gathered, either via source code,
URLs, or any other method that potentially puts information out
in the open, the attacks can begin. There are many way in which
these attacks can happen. The authors begin by discussing
attacks on the user (client) input and how validation needs
to occur or the input needs to be sanitized. They then move
on to talk about state based attacks, either through CGI
parameters or hidden fields within forms. These ideas were
also extended to discuss cookie poisoning, URL jumping, and
session hijacking (can also include man in the middle attacks).
Without all this information consistently being checked and
verified, it is possible to for those with malintent to
inject information into a session.



Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Debian           | ----------------------------//

* Debian: New freetype packages fix several vulnerabilities
  10th, June, 2006

Updated package.


* Debian: New webcalendar packages fix arbitrary code execution
  13th, June, 2006

Updated package.


* Debian: New Kernel 2.4.27 packages fix several vulnerabilities
  14th, June, 2006

Several local and remote vulnerabilities have been discovered in the
Linux kernel that may lead to a denial of service or the execution of
arbitrary code.


* Debian: New horde3 packages fix cross-site scripting
  14th, June, 2006

Updated package.


* Debian: New horde2 packages fix cross-site scripting
  14th, June, 2006

Updated package.


* Debian: New wv2 packages fix integer overflow
  15th, June, 2006

Updated package.


|  Distribution: Fedora           | ----------------------------//

* Fedora Core 5 Update: subversion-1.3.2-2.1
  9th, June, 2006

This update includes the latest upstream release of Subversion, which
fixes a number of minor bugs.


* Fedora Core 4 Update: ruby-1.8.4-2.fc4
  9th, June, 2006

Updated package.


* Fedora Core 5 Update: squid-2.5.STABLE14-2.FC5
  9th, June, 2006

Updated package.


* Fedora Core 5 Update: ruby-1.8.4-5.fc5
  9th, June, 2006

Updated package.


* Fedora Core 5 Update: dovecot-1.0-0.beta8.2.fc5
  9th, June, 2006

Updated package.


* Fedora Core 5 Update: gdm-2.14.8-1
  9th, June, 2006

This update also upgrades GDM to version 2.14.8.


* Fedora Core 5 Update: autofs-4.1.4-25
  11th, June, 2006

Updated package.


* Fedora Core 4 Update: autofs-4.1.4-24
  11th, June, 2006

Updated package.


* Fedora Core 4 Update: kernel-2.6.16-1.2115_FC4
  11th, June, 2006

An update to the upstream release, fixing up a few more
security related problems.


* Fedora Core 5 Update: kernel-2.6.16-1.2133_FC5
  11th, June, 2006

An update to the upstream release, fixing up a few more
security related problems.


* Fedora Core 5 Update: shadow-utils-4.0.14-9.FC5
  12th, June, 2006

Updated package.


* Fedora Core 5 Update: rsync-2.6.8-1.FC5.1
  12th, June, 2006

Updated package.


* Fedora Core 4 Update: rsync-2.6.8-1.FC4.1
  12th, June, 2006

Updated package.


* Fedora Core 5 Update: mysql-5.0.22-1.FC5.1
  13th, June, 2006

Repairs vulnerability in multibyte string escaping.


* Fedora Core 4 Update: mysql-4.1.20-1.FC4.1
  13th, June, 2006

Repairs multibyte string escaping vulnerability.


* Fedora Core 5 Update: python-2.4.3-4.FC5
  13th, June, 2006

Updated package.


* Fedora Core 5 Update: scim-1.4.4-9.4.fc5
  13th, June, 2006

This update fixes broken libtool linking of libs to be against


* Fedora Core 5 Update: python-docs-2.4.3-0.9.FC5
  14th, June, 2006

Updated package.


|  Distribution: Mandriva         | ----------------------------//

* Mandriva: Updated freetype2 packages fixes multiple
  12th, June, 2006

Integer underflow in Freetype before 2.2 allows remote attackers to
cause a denial of service (crash) via a font file with an odd number
of blue values, which causes the underflow when decrementing by 2 in
a context that assumes an even number of values.


* Mandriva: Updated freetype2 packages fixes multiple
  14th, June, 2006

The previous update introduced some issues with other applications
and libraries linked to libfreetype, that were missed in testing for
the vulnerabilty issues. The new packages correct these issues.


* Mandriva: Updated gdm packages fix vulnerability
  14th, June, 2006

A vulnerability in gdm could allow a user to activate the gdm setup
program if the administrator configured a gdm theme that provided a
user list.  The user could do so by choosing the setup option from
the menu, clicking the user list, then entering his own password
instead of root's. The updated packages have been patched to correct
this issue.


* Mandriva: Updated squirrelmail packages fix vulnerabilities
  14th, June, 2006

A PHP remote file inclusion vulnerability in functions/plugin.php in
SquirrelMail 1.4.6 and earlier, if register_globals is enabled and
agic_quotes_gpc is disabled, allows remote attackers to execute
arbitrary PHP code via a URL in the plugins array parameter.


* Mandriva: Updated libtiff packages fixes tiff2pdf vulnerability
  14th, June, 2006

A buffer overflow in the t2p_write_pdf_string function in tiff2pdf in
libtiff 3.8.2 and earlier allows attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a TIFF file
with a DocumentName tag that contains UTF-8 characters, which
triggers the overflow when a character is sign extended to an integer
that produces more digits than expected in a sprintf call.


* Mandriva: Updated spamassassin packages fix vulnerability
  14th, June, 2006

A flaw was discovered in the way that spamd processes the virtual POP
usernames passed to it.  If running with the --vpopmail and
--paranoid flags, it is possible for a remote user with the ability
to connect to the spamd daemon to execute arbitrary commands as the
user running spamd.


* Mandriva: Updated sendmail packages fix remotely exploitable
  15th, June, 2006

A vulnerability in the way Sendmail handles multi-part MIME messages
was discovered that could allow a remote attacker to create a
carefully crafted message that could crash the sendmail process
during delivery. The updated packages have been patched to correct
these issues.


|  Distribution: Red Hat          | ----------------------------//

* RedHat: Moderate: mailman security update
  9th, June, 2006

An updated mailman package that fixes a denial of service flaw is now
available for Red Hat Enterprise Linux 3 and 4. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.


* RedHat: Important: mysql security update
  9th, June, 2006

Updated mysql packages that fix multiple security flaws are now
available.  This update has been rated as having important security
impact by the Red Hat Security Response Team.


* RedHat: Important: sendmail security update
  14th, June, 2006

Updated sendmail packages are now available to fix a denial of
service security issue. This update has been rated as having
important security impact by the Red Hat Security Response Team.


* RedHat: Important: kdebase security update
  14th, June, 2006

Updated kdebase packages that correct a security flaw in kdm are now
available for Red Hat Enterprise Linux 4. This update has been rated
as having important security impact by the Red Hat Security Response


|  Distribution: SuSE             | ----------------------------//

* SuSE: PostgreSQL SQL injection attacks
  9th, June, 2006

Two character set encoding related security problems were fixed in
the PostgreSQL database server: CVE-2006-2313 and CVE-2006-2314.


* SuSE: php4,php5 problems (SUSE-SA:2006:031)
  14th, June, 2006

This update fixes the following security issues in the PHP scripting
language, both version 4 and 5: Invalid characters in session names
were not blocked, CVE-2006-2657.


* SuSE: sendmail remote denial of service
  14th, June, 2006

Updated package.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list