Linux Advisory Watch - April 1, 2005

This week, advisories were released for ethereal, kernel, netkit-telnet, mc, mailreader, samba, mozilla, lsof, thunderbird, epiphany, devhelp, spamassassin, slypheed, krb5, xorg, telnet, foomatic, squid, ImageMagick, gdk, mpg321, ipsec-tools, htdig, grip, mysql, XFree86, and MySQL. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE.Information Security Techniques

When addressing matters of information confidentiality, integrity, and availability, there
are four perspectives that can be taken when introducing security controls. A control
can be a protection, detection, response, or assurance mechanism. It is not uncommon
for a single control to provide information security on multiple levels.

Protection
A protection mechanism is used to prevent security incidents from occurring. Examples
of protection mechanisms include: firewall rules, access control lists, encrypting packets
that transverse over a network, passwords, biometrics, etc.

Detection
It is an information security mechanism that detects when an incident is occurring, and
allows a business to adjust its course of action. Detection mechanisms include:
intrusion detection systems, virus/spam scanners, vulnerability scanning, quotas, logging
alerts, etc. Detection mechanisms often lead into response mechanisms, and are often
the same as or similar to assurance mechanisms.

Response
A response mechanism addresses the consequences of a security incident and helps
the organization return to a normal state. Response mechanisms can either be in the
form of technical security controls (e.g. intrusion prevention system), policy (e.g.
requiring a computer emergency response team), or procedures developed for all
persons to follow during an incident.

Assurance
Assurance mechanisms give management or third parties the ability to verify the
effectiveness of the security controls in place. It may include logging, auditing, and
reporting capabilities. Assurance is important to help justify further expenditure on
information security projects.

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity.com
Feature Extras:

Getting
to Know Linux Security: File Permissions – Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.

The
Tao of Network Security Monitoring: Beyond Intrusion Detection
– To be honest, this was one of the best books that I’ve read on network security.
Others books often dive so deeply into technical discussions, they fail to
provide any relevance to network engineers/administrators working in a corporate
environment. Budgets, deadlines, and flexibility are issues that we must all
address. The Tao of Network Security Monitoring is presented in such a way
that all of these are still relevant.

Encrypting
Shell Scripts – Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn’t have a “ps -ef” loop running in an attempt to capture
that sensitive info (though some applications mask passwords in “ps” output).

Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.

Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline.

	Contectiva
	Conectiva: ethereal Fixes for security vulnerabilities in ethereal
	28th, March, 2005 Ethereal[1] is a powerful network traffic analyzer with a graphical user interface (GUI). http://www.linuxsecurity.com/content/view/118712

	Conectiva: kernel Kernel fixes
	31st, March, 2005 The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. http://www.linuxsecurity.com/content/view/118764

	Debian
	Debian: New netkit-telnet packages fix arbitrary code execution
	29th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118726

	Debian: New mc packages fix buffer overflow
	29th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118728

	Debian: New netkit-telnet-ssl packages fix arbitrary code execution
	29th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118729

	Debian: New mailreader packages fix cross-site scripting vulnerability
	30th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118746

	Debian: New samba packages fix arbitrary code execution
	31st, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118763

	Fedora
	Fedora Core 2 Update: mozilla-1.7.6-1.2.2
	25th, March, 2005 A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. http://www.linuxsecurity.com/content/view/118704

	Fedora Core 3 Update: lsof-4.72-2.2
	24th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118697

	Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.90
	24th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118698

	Fedora Core 3 Update: thunderbird-1.0.2-1.3.2
	24th, March, 2005 There was an issue with a patch being incorrectly applied which caused the Advanced Preferences panel to fail to load. http://www.linuxsecurity.com/content/view/118699

	Fedora Core 2 Update: epiphany-1.2.10-0.2.1
	25th, March, 2005 There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a later version of mozilla which is not vulnerable to these flaws. http://www.linuxsecurity.com/content/view/118705

	Fedora Core 2 Update: devhelp-0.9.1-0.2.5
	25th, March, 2005 There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a later version of mozilla which is not vulnerable to these flaws. http://www.linuxsecurity.com/content/view/118706

	Fedora Core 2 Update: kernel-2.6.10-1.771_FC2
	28th, March, 2005 Updated Package. http://www.linuxsecurity.com/content/view/118717

	Fedora Core 3 Update: squirrelmail-1.4.4-1.FC3
	28th, March, 2005 Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4 http://www.linuxsecurity.com/content/view/118719

	Fedora Core 2 Update: squirrelmail-1.4.4-1.FC2
	28th, March, 2005 Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4 http://www.linuxsecurity.com/content/view/118720

	Fedora Core 3 Update: spamassassin-3.0.2-0.fc3
	28th, March, 2005 http://wiki.apache.org/spamassassin/changes302 Upstream bug fixes. http://www.linuxsecurity.com/content/view/118721

	Fedora Core 2 Update: mozilla-1.7.6-1.2.5
	29th, March, 2005 This update supercedes the previous 1.7.6-1.2.2 which mistakenly had dependencies on FC3. http://www.linuxsecurity.com/content/view/118731

	Fedora Core 2 Update: sylpheed-1.0.4-0.fc2
	29th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118732

	Fedora Core 3 Update: sylpheed-1.0.4-0.fc3
	29th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118733

	Fedora Core 2 Update: krb5-1.3.6-4
	29th, March, 2005 Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. http://www.linuxsecurity.com/content/view/118735

	Fedora Core 3 Update: krb5-1.3.6-5
	29th, March, 2005 Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. http://www.linuxsecurity.com/content/view/118736

	Fedora Core 3 Update: xorg-x11-6.8.2-1.FC3.13
	29th, March, 2005 An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. http://www.linuxsecurity.com/content/view/118739

	Fedora Core 2 Update: xorg-x11-6.7.0-14
	29th, March, 2005 An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. http://www.linuxsecurity.com/content/view/118740

	Fedora Core 3 Update: system-config-services-0.8.21-0.fc3.1
	30th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118748

	Fedora Core 3 Update: telnet-0.17-32.FC3.2
	30th, March, 2005 Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim’s machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. http://www.linuxsecurity.com/content/view/118749

	Fedora Core 3 Update: foomatic-3.0.2-13.3
	30th, March, 2005 This is an update to a newer version. http://www.linuxsecurity.com/content/view/118750

	Fedora Core 2 Update: squid-2.5.STABLE9-1.FC2.2
	30th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118751

	Fedora Core 3 Update: squid-2.5.STABLE9-1.FC3.4
	30th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118752

	Fedora Core 2 Update: telnet-0.17-28.FC2.1
	30th, March, 2005 Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim’s machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. http://www.linuxsecurity.com/content/view/118753

	Fedora Core 2 Update: ImageMagick-6.2.0.7-2.fc2
	30th, March, 2005 Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. http://www.linuxsecurity.com/content/view/118754

	Fedora Core 3 Update: ImageMagick-6.2.0.7-2.fc3
	30th, March, 2005 Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. http://www.linuxsecurity.com/content/view/118755

	Fedora Core 2 Update: gdk-pixbuf-0.22.0-12.fc2
	30th, March, 2005 David Costanzo found a bug in the way gdk-pixbuf processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against gdk-pixbuf. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. http://www.linuxsecurity.com/content/view/118756

	Fedora Core 3 Update: gdk-pixbuf-0.22.0-16.fc3
	30th, March, 2005 David Costanzo found a bug in the way gdk-pixbuf processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against gdk-pixbuf. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. http://www.linuxsecurity.com/content/view/118757

	Fedora Core 2 Update: gtk2-2.4.14-2.fc2
	30th, March, 2005 David Costanzo found a bug in the way GTK+ processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against GTK+. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. http://www.linuxsecurity.com/content/view/118758

	Fedora Core 3 Update: gtk2-2.4.14-3.fc3
	30th, March, 2005 David Costanzo found a bug in the way GTK+ processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack in applications linked against GTK+. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. http://www.linuxsecurity.com/content/view/118759

	Fedora Core 3 Update: initscripts-7.93.7-1
	30th, March, 2005 This update fixes various bugs, including several IPSEC bugs. http://www.linuxsecurity.com/content/view/118761

	Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.93
	30th, March, 2005 Updated package. http://www.linuxsecurity.com/content/view/118762

	Gentoo
	Gentoo: mpg321 Format string vulnerability
	28th, March, 2005 A flaw in the processing of ID3 tags in mpg321 could potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/118711

	Mandrake
	Mandrake: Updated krb5 packages fix
	29th, March, 2005 Two buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitray code on the victim’s machine if the victim can be tricked into connecting to a malicious telnet server. The Kerberos package contains a telnet client and is patched to deal with these issues. http://www.linuxsecurity.com/content/view/118743

	Mandrake: Updated ipsec-tools packages
	31st, March, 2005 A bug was discovered in the way that the racoon daemon handled incoming ISAKMP requests. It is possible that an attacker could crash the racoon daemon by sending a specially crafted ISAKMP packet. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/118767

	Mandrake: Updated libexif packages fix
	31st, March, 2005 A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash. The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/118768

	Mandrake: Updated htdig packages fix
	31st, March, 2005 A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/118769

	Red Hat
	RedHat: Moderate: grip security update
	28th, March, 2005 A new grip package is available that fixes a remote buffer overflow. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118714

	RedHat: Important: telnet security update
	28th, March, 2005 Updated telnet packages that fix two buffer overflow vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118715

	RedHat: Important: mysql security update
	28th, March, 2005 Updated mysql packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118716

	RedHat: Important: krb5 security update
	30th, March, 2005 Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118744

	RedHat: Moderate: XFree86 security update
	30th, March, 2005 Updated XFree86 packages that fix a libXpm integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/118745

	SuSE
	SuSE: several kernel security problems
	24th, March, 2005 The Linux kernel is the core component of the Linux system. Several vulnerabilities were reported in the last few weeks which is fixed by this update. http://www.linuxsecurity.com/content/view/118695

	SuSE: MySQL vulnerabilities
	24th, March, 2005 MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar. http://www.linuxsecurity.com/content/view/118696

	SuSE: ipsec-tools remote denial of service
	31st, March, 2005 Racoon is a ISAKMP key management daemon used in IPsec setups. http://www.linuxsecurity.com/content/view/118765

RELATED ARTICLESMORE FROM AUTHOR

Xen 4.19 is released

Advancing Xen on RISC-V: key updates

AI Produces Data-driven OpenFOAM Speedup (HPC Wire)

Delivering Prime Training Deals – 2 DAYS ONLY

Why You Need to Know About Event Modeling: —An Intro

RELATED ARTICLES MORE FROM AUTHOR