Thomas –
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for cvs, mcrypt, slocate, qt-dcgui, bladeenc,
cim, mysql, kernel, kerberos, php, OpenLDAP, windowmaker, xpdf. The distributors
include Caldera, Conectiva, FreeBSD, Gentoo, Mandrake, and Red Hat.
LinuxSecurity Feature Extras:
Review:
Absolute PC Security and Privacy – Miller never knew much about
viruses, or took them seriously, until a friend got infected and it turned
out to be more of a nuisance than he thought. So he decided to write a
book about them. And also about spam, since he was annoyed by that, too.Review:
Mastering Network Security, Second Edition – The introduction states
that this book is aimed at systems administrators who are not security
experts, but have some responsibility for ensuring the integrity of their
systems. That would seem to cover most sysadmins.
[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
The Linux Advisory Watch newsletter is developed by the community
of volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.
Package: | cvs |
Date: | 01-31-2003 |
Description: | Double-free vulnerabiity in CVS allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request. |
Vendor Alerts: | Caldera:
|
Package: | mcrypt |
Date: | 02-06-2003 |
Description: | Ilia Alshanetsky found[1] several buffer overflows vulnerabilities[2] in libmcrypt. These vulnerabilities basically consist of improper or lack of validation for some input (which in some scenarios can came from a local user or from a network connection). |
Vendor Alerts: | Conectiva:
|
Package: | slocate |
Date: | 02-02-2003 |
Description: | “The overflow appears when the slocate is runned with two parameters: -c and -r, using as arguments a 1024 (or 10240, as Knight420 has informed us earlier) bytes string.” |
Vendor Alerts: | Gentoo:
|
Package: | qt-dcgui |
Date: | 02-02-2003 |
Description: | “All versions < 0.2.2 have a major security vulnerability in the directory parser. This bug allow a remote attacker to download files outside the sharelist. It’s recommend that you upgrade the packages immediatly.” |
Vendor Alerts: | Gentoo:
|
Package: | bladeenc |
Date: | 02-05-2003 |
Description: | “A wave file let the attacker to execute all the code he want on the victim” |
Vendor Alerts: | Gentoo:
|
Package: | vim |
Date: | 02-03-2003 |
Description: | A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. |
Vendor Alerts: | Mandrake:
|
Package: | mysql |
Date: | 02-03-2003 |
Description: | Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the ysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. |
Vendor Alerts: | Mandrake:
|
Package: | kernel |
Date: | 02-05-2003 |
Description: | An updated kernel for 9.0 is available with a number of bug fixes. Supermount has been completely overhauled and should be solid on all systems. Other fixes include XFS with high memory, a netfilter fix, a fix for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA C3 is included. Prism24 has been updated so it now works properly on HP laptops and a new ACPI is included, although it is disabled by default for broader compatibility. |
Vendor Alerts: | Mandrake:
|
Package: | kerberos |
Date: | 01-31-2003 |
Description: | A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client. |
Vendor Alerts: | Red Hat:
|
Package: | php |
Date: | 02-04-2003 |
Description: | A heap-based buffer overflow was found in the wordwrap() function in PHP versions after 4.1.2 and before 4.3.0. If wordwrap() is used on user-supplied input this could allow remote attackers to cause a denial of service or execute arbitrary code. |
Vendor Alerts: | Red Hat:
|
Package: | OpenLDAP |
Date: | 02-05-2003 |
Description: | Updated openldap packages are available which fix a number of local and remote buffer overflows in libldap and the slapd and slurpd servers, and potential issues stemming from using user-specified LDAP configuration files. |
Vendor Alerts: | Red Hat:
|
Package: | windowmaker |
Date: | 02-05-2003 |
Description: | Al Viro found a buffer overflow in Window Maker 0.80.0 and earlier which may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. This could be exploited for example by a user opening a malicious theme. |
Vendor Alerts: | Red Hat:
|
Package: | xpdf |
Date: | 02-06-2003 |
Description: | During an audit of CUPS, a printing system, Zen Parsec found an integer overflow vulnerability in the pdftops filter. Since the code for pdftops is taken from the Xpdf project, all versions of Xpdf including 2.01 are also vulnerable to this issue. An attacker could create a PDF file that could execute arbitrary code. This could would have the same access privileges as the user who viewed the file with Xpdf. |
Vendor Alerts: | Red Hat:
|
Category:
- Security