Linux Advisory Watch – December 3, 2004

36

Author: Benjamin D. Thomas

This week advisories were released for java, abiworld, cyrus, squirrelmail,
libgd1, openssl, hpsockd, policycoreutils, prelink, libselinux, udev, tcpdump,
samba, gaim, FreeBSD kernel, phpMyAdmin, libxpm4, kde, amavisd, open motif,
linux kernel, and cyrus-imapd. The distributors include Conectiva, Debian, Fedora,
Gentoo, Mandrake, Trustix, Red Hat, and SuSE.LinuxSecurity.com
Feature Extras:

Mass
deploying Osiris
– Osiris is a centralized file-integrity program
that uses a client/server architecture to check for changes on a system. A central
server maintains the file-integrity database and configuration for a client
and at a specified time, sends the configuration file over to the client, runs
a scan and sends the results back to the server to compare any changes. Those
changes are then sent via email, if configured, to a system admin or group of
people. The communication is all done over an encrypted communication channel.

AIDE
and CHKROOTKIT
-Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.

An Interview
with Gary McGraw, Co-author of Exploiting Software: How to Break Code

– Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at LinuxSecurity.com.


Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[
Subscribe
]

  Conectiva
  Conectiva: java plugin vulnerability
  26th, November, 2004

Jouko Pynnonen reported[2], through iDEFENSE, a vulnerability[3]
in the plugin mechanism which allows remote attackers to bypass the Java
sandbox through the use of javascript.

Alert 106930

 
  Conectiva: abiword buffer overflow vulnerability
fix
  1st, December, 2004

iDefense[3] discovered[4] a buffer overflow vulnerability[5]
in the wv library which could allow an attacker to execute arbitrary code
with the privileges of the user running the vulnerable application.

Alert 117319

 
  Conectiva: cyrus-imapd Multiple vulnerabilities
  1st, December, 2004

Stefan Esser from e-matters security recently published[2] several
vulnerabilities in cyrus-imapd.

Alert 117320

 
  Conectiva: squirrelmail cross site scripting
vulnerability fix
  2nd, December, 2004

Joost Pol noticed[2] that SquirrelMail is prone to a cross site
scripting issue in the decoding of encoded text in certain headers. SquirrelMail
correctly decodes the specially crafted header, but doesn’t sanitize the
result.

Alert 117321

 
  Debian
  Debian: libgd1 arbitrary code execution
fix
  29th, November, 2004

More potential integer overflows have been found in the GD graphics
library which weren’t covered by our security advisory DSA 589. They could
be exploited by a specially crafted graphic and could lead to the execution
of arbitrary code on the victim’s machine.

Alert 106931

 
  Debian: libgd2 arbitrary code execution
fix
  29th, November, 2004

More potential integer overflows have been found in the GD graphics
library which weren’t covered by our security advisory DSA 589. They could
be exploited by a specially crafted graphic and could lead to the execution
of arbitrary code on the victim’s machine.

Alert 106932

 
  Debian: openssl insecure temporary file
creation fix
  1st, December, 2004

Trustix developers discovered insecure temporary file creation
in a supplemental script (der_chop) of the openssl package which may allow
local users to overwrite files via a symlink attack.

Alert 117312

 
  Debian: hpsockd denial of service fix
  3rd, December, 2004

“infamous41md” discovered a buffer overflow condition in hpsockd,
the socks server written at Hewlett-Packard. An exploit could cause the
program to crash or may have worse effect.

Alert 117313

 
  Fedora
  Fedora: policycoreutils-1.18.1-2 update
Resend with correct id
  30th, November, 2004

FixFiles.cron is not needed for targeted policy and needs to
be reworked for strict policy. Removing prevents possible relabeling problems.

Alert 106953

 
  Fedora: policycoreutils-1.18.1-2 update
  30th, November, 2004

FixFiles.cron is not needed for targeted policy and needs to
be reworked for strict policy. Removing prevents possible relabeling problems.

Alert 106952

 
  Fedora: prelink-0.3.3-0.fc3 update
  30th, November, 2004

if layout code needs to re-prelink some library, make sure all
libraries that depend on it are re-prelinked too (#140081)

Alert 106950

 
  Fedora: libselinux-1.19.1-8 update
  30th, November, 2004

Change location of helper applications and remove some debug
applications that should not have been part of the distribution.

Alert 106951

 
  Fedora: udev-039-10.FC3.2 update
  30th, November, 2004

Forgot to turn of debugging logging. This release speeds up
udev.

Alert 106948

 
  Fedora: tcpdump-3.8.2-6.FC2.1 update
  30th, November, 2004

fixed nfs protocol parsing for 64 bit architectures (bug 132781)

Alert 106949

 
  Fedora: abiword-2.0.12-7.fc3 update
  30th, November, 2004

Fixes for tempnam usages and startup geometry crashes

Alert 106947

 
  Fedora: system-config-securitylevel-1.4.18-2
update
  29th, November, 2004

This fixes tracebacks introduced by the libselinux update (#139155)

Alert 106944

 
  Fedora: samba-3.0.9-1.fc2 update
  29th, November, 2004

This update closes two security holes: CAN-2004-0882 and CAN-2004-0930

Alert 106941

 
  Fedora: samba-3.0.9-1.fc3 update
  29th, November, 2004

This update closes two security holes: CAN-2004-0882 and CAN-2004-0930.

Alert 106942

 
  Fedora: gaim-1.0.2-0.FC2 update
  29th, November, 2004

FC2 Update

Alert 106943

 
  Fedora: squirrelmail-1.4.3a-6.FC2 update
  28th, November, 2004

CAN-2004-1036 Cross Site Scripting in encoded text

Alert 106934

 
  Fedora: squirrelmail-1.4.3a-6.FC3 update
  28th, November, 2004

CAN-2004-1036 Cross Site Scripting in encoded text

Alert 106935

 
  Fedora: spamassassin-3.0.1-0.FC3 update
  28th, November, 2004

Several important bug fixes in upstream release.

Alert 106936

 
  Fedora: system-config-date-1.7.13-0.fc3.1
update
  29th, November, 2004

enable Gujarati and Tamil translations (#140881)

Alert 106937

 
  FreeBSD: Kernel memory disclosure in
procfs and linprocfs
  2nd, December, 2004

The implementation of the /proc/curproc/cmdline pseudofile in
the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline
pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process’
argument vector from the process address space. During this operation,
a pointer was dereferenced directly without the necessary validation steps
being performed.

Alert 117318

 
  Gentoo
  Gentoo: Sun and Blackdown Java Applet
privilege escalation
  29th, November, 2004

The Java plug-in security in Sun and Blackdown Java environments
can be bypassed to access arbitrary packages, allowing untrusted Java
applets to perform unrestricted actions on the host system.

Alert 106945

 
  Gentoo: Open DC Hub Remote code execution
  28th, November, 2004

Open DC Hub contains a buffer overflow that can be exploited
to allow remote code execution.

Alert 106940

 
  Gentoo: phpWebSite HTTP response splitting
vulnerability
  26th, November, 2004

phpWebSite is vulnerable to possible HTTP response splitting
attacks.

Alert 106929

 
  Gentoo: phpMyAdmin Multiple XSS vulnerabilities
  27th, November, 2004

phpMyAdmin is vulnerable to cross-site scripting attacks.

Alert 106939

 
  Mandrake
  Mandrake: libxpm4 correct issues with
previous update
  30th, November, 2004

The previous libxpm4 update had a linking error that resulted
in a missing s_popen symbol error running applications dependant on the
library. In addition, the file path checking in the security updates prevented
some applications, like gimp-2.0 from being able to save xpm format images.

Alert 106946

 
  Mandrake: kdepim various bugs fix
  27th, November, 2004

A number of bugs in kdepim are fixed with this update.

Alert 106938

 
  Mandrake: kdelibs various bugs fix
  26th, November, 2004

A number of bugs in kdelibs are fixed with this update.

Alert 106925

 
  Mandrake: kdebase various bugs fixes
  26th, November, 2004

A number of bugs in kdebase are fixed with this update.

Alert 106924

 
  Trustix
  Trustix: amavisd-new, anaconda, courier-imap,
cyrus-imapd, cyrus-sasl, file, kernel, mkbootdisk, mys
  29th, November, 2004

Fix amavis user creation on install. Support kickstart files
on FTP. Hyperthreading detection.

Alert 106933

 
  Red
Hat
  Red Hat: openmotif image vulnerability
fix
  2nd, December, 2004

Updated openmotif packages that fix flaws in the Xpm image library
are now available.

Alert 117314

 
  Red Hat: kernel security vulnerabilities
fix
  2nd, December, 2004

Updated kernel packages that fix several security issues in
Red Hat Enterprise Linux 3 are now available.

Alert 117315

 
  SuSE
  SuSE: various kernel problems
  1st, December, 2004

Several security problems have been found and addressed by the
SUSE Security Team. The following issues are present in all SUSE Linux
based products.

Alert 117316

 
  SuSE: cyrus-imapd remote command execution
  3rd, December, 2004

Stefan Esser reported various bugs within the Cyrus IMAP Server.
These include buffer overflows and out-of-bounds memory access which could
allow remote attackers to execute arbitrary commands as root. The bugs
occur in the pre-authentication phase, therefore an update is strongly
recommended.

Alert 117317