Linux Advisory Watch – December 17, 2004

57

Author: Preston St. Pierre

This week, advisories were released for zgv, atari800, MyODBC, mikmod,
gstreamer, grep, flim, kdelibs, kdebase, selinux-policy-targeted,
xcdroast, udev, PHProjekt, nfs-utils, ncpfs, vim, evolution, mkdonline,
iproute, libpng, postgresql, IPSec, imlib, ruby, ncompress, and mod_ssl.
The distributors include Debian, Fedora, Gentoo, Mandrake, OpenBSD,
Red Hat, and TurboLinux.Detecting Physical Security Compromises

The first thing to always note is when your machine was rebooted.
Since Linux is a robust and stable OS, the only times your machine
should reboot is when you take it down for OS upgrades, hardware
swapping, or the like. If your machine has rebooted without you
doing it, that may be a sign that an intruder has compromised it.
Many of the ways that your machine can be compromised require the
intruder to reboot or power off your machine.

Check for signs of tampering on the case and computer area. Although
many intruders clean traces of their presence out of logs, it’s a
good idea to check through them all and note any discrepancy.

It is also a good idea to store log data at a secure location, such
as a dedicated log server within your well-protected network. Once
a machine has been compromised, log data becomes of little use as
it most likely has also been modified by the intruder.

The syslog daemon can be configured to automatically send log data
to a central syslog server, but this is typically sent unencrypted,
allowing an intruder to view data as it is being transferred. This
may reveal information about your network that is not intended to be
public. There are syslog daemons available that encrypt the data as
it is being sent.

Also be aware that faking syslog messages is easy — with an exploit
program having been published. Syslog even accepts net log entries
claiming to come from the local host without indicating their true
origin.

   Debian
  Debian: zgv arbitrary code execution
fix
  14th, December, 2004

Several vulnerabilities have been discovered in zgv, an SVGAlib
graphics viewer for the i386 architecture.

http://www.linuxsecurity.com/content/view/117475

 
  Debian: atari800 local root exploit fix
  14th, December, 2004

Adam Zabrocki discovered multiple buffer overflows in atari800,
an Atari emulator. In order to directly access graphics hardware, one
of the affected programs is installed setuid root. A local attacker could
exploit this vulnerability to gain root privileges.

http://www.linuxsecurity.com/content/view/117492

 
   Fedora
  Fedora: MyODBC-2.50.39-18.2 update
  10th, December, 2004

This update fixes a problem that occurs when the user’s locale
setting selects a decimal point other than “.”.

http://www.linuxsecurity.com/content/view/117469

 
  Fedora: MyODBC-2.50.39-19.1 update
  10th, December, 2004

This update fixes a problem that occurs when the user’s locale
setting selects a decimal point other than “.”.

http://www.linuxsecurity.com/content/view/117470

 
  Fedora: mikmod-3.1.6-30.2 update
  13th, December, 2004

This moves ‘mikmod’ back to the main package. It was incorrectly
in the mikmod-devel package.

http://www.linuxsecurity.com/content/view/117476

 
  Fedora: gstreamer-0.8.7-4.FC3.0 update
  14th, December, 2004

This update adds multilib support to GStreamer; this fixes several
issues people had on multilib architectures such as x86_64. It’s been
fairly well tested but please do not hesitate to report any issues.

http://www.linuxsecurity.com/content/view/117494

 
  Fedora: grep-2.5.1-31.2 update
  14th, December, 2004

This update improves performance when processing UTF-8 input.

http://www.linuxsecurity.com/content/view/117495

 
  Fedora: flim-1.14.7-0.FC2 update
  15th, December, 2004

Update to 1.14.7 release, which also fixes CAN-2004-0422.

http://www.linuxsecurity.com/content/view/117518

 
  Fedora: kdelibs-3.2.2-10.FC2 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117519

 
  Fedora: kdebase-3.2.2-8.FC2 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117520

 
  Fedora: kdelibs-3.3.1-2.4.FC3 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117521

 
  Fedora: kdebase-3.3.1-4.3.FC3 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability
#142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117522

 
  Fedora: selinux-policy-targeted-1.17.30-2.51
update
  16th, December, 2004

Fix problems with winbind, nscd, apache and others.

http://www.linuxsecurity.com/content/view/117525

 
  Fedora: xcdroast-0.98a15-8 update
  16th, December, 2004

fixed frozen progress bars with patch from Didier Heyden (bug
#134334)

http://www.linuxsecurity.com/content/view/117529

 
  Fedora: udev-039-10.FC3.6 update
  16th, December, 2004

fixed a case where reading /proc/ide/hd?/media returns EIO (bug
rh#142713) and added simple dvb rules

http://www.linuxsecurity.com/content/view/117530

 
   Gentoo
  Gentoo: PHProjekt setup.php vulnerability
  10th, December, 2004

PHProjekt contains a vulnerability in the setup procedure allowing
remote users without admin rights to change the configuration.

http://www.linuxsecurity.com/content/view/117468

 
  Gentoo: nfs-utils Multiple remote vulnerabilities
  13th, December, 2004

Multiple vulnerabilities have been discovered in nfs-utils that
could lead to a Denial of Service, or the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117478

 
   Gentoo
  Gentoo: ncpfs Buffer overflow in ncplogin
and ncpmap
  15th, December, 2004

ncpfs is vulnerable to a buffer overflow that could lead to
local execution of arbitrary code with elevated privileges.

http://www.linuxsecurity.com/content/view/117505

 
  Gentoo: vim, gVim Vulnerable options
in modelines
  15th, December, 2004

Several vulnerabilities related to the use of options in modelines
have been found and fixed in Vim. They could potentially result in a local
user escalating privileges.

http://www.linuxsecurity.com/content/view/117508

 
   Mandrake
  Mandrake: evolution various bugs fix
  14th, December, 2004

This update provides Evolution 2.0.3 which fixes a number of
bugs found in the previous version of Evolution, including the possibility
to lose mail when Evolution sends an email message, that fails to send,
but Evolution doesn’t realize it has failed.

http://www.linuxsecurity.com/content/view/117484

 
  Mandrake: mdkonline provide new features
  14th, December, 2004

This is a major update of mandrakeonline which fixes several
issues and adds more features such as a text wizard for servers without
Xwindow capabilities, support for server products, corporate and MNF for
instance, errors displaying and md5sum file checks.

http://www.linuxsecurity.com/content/view/117485

 
  Mandrake: iproute2 temporary file vulnerability
  14th, December, 2004

Herbert Xu discovered that iproute can accept spoofed messages
sent via the kernel netlink interface by other users on the local machine.
This could lead to a local Denial of Service attack.

http://www.linuxsecurity.com/content/view/117486

 
  Mandrake: evolution various bugs fix
  14th, December, 2004

This update provides Evolution 2.0.3 which fixes a number of
bugs found in the previous version of Evolution, including the possibility
to lose mail when Evolution sends an email message, that fails to send,
but Evolution doesn’t realize it has failed.

http://www.linuxsecurity.com/content/view/117487

 
  Mandrake: libpng invalid zlib header
problem fix
  14th, December, 2004

A problem in version 1.2.6 of the libpng library would cause
libpng to write an invalid zlib header within the PNG datastream. This
can cause some applications to display the images incorrectly.

http://www.linuxsecurity.com/content/view/117488

 
  Mandrake: postgresql temporary file vulnerability
fix
  14th, December, 2004

The Trustix development team found insecure temporary file creation
problems in a script included in the postgresql package. This could allow
an attacker to trick a user into overwriting arbitrary files he has access
to.

http://www.linuxsecurity.com/content/view/117489

 
  Mandrake: kde various bug fixes
  15th, December, 2004

A number of KDE-related packages are being released to address
a number of bugs in these packages. Updated packages include kdenetwork
(which fixes problems in kget, kopete, and krfb), kdepim (which fixes
problems in kmail, knode, knotes, and kontact), kwallet (which fixes problems
in kwalleditor and kcmlirc), and kdesdk (which fixes a problem in cervisia).

http://www.linuxsecurity.com/content/view/117516

 
  Mandrake: kdelibs & kdebase vulnerability
fix
  15th, December, 2004

Daniel Fabian discovered a potential privacy issue in KDE. When
creating a link to a remote file from various applications, including
Konqueror, the resulting URL may contain the authentication credentials
used to access that remote resource. This includes, but is not limited
to, browsing SMB (Samba) shares. Upon further investigation, it was found
that the SMB protocol handler also unnecessarily exposed authentication
credentials (CAN-2004-1171).

http://www.linuxsecurity.com/content/view/117517

 
  OpenBSD: kernel heap overflow in IPsec
  14th, December, 2004

On systems running isakmpd(8) it is possible for a local user
to cause kernel memory corruption and system panic by setting ipsec(4)
credentials on a socket. Stopping isakmpd(8) does not prevent the memory
corruption.

http://www.linuxsecurity.com/content/view/117493

 
  Red Hat: imlib security vulnerabilities
fix
  10th, December, 2004

Updated imlib packages that fix several integer and buffer overflows
are now available.

http://www.linuxsecurity.com/content/view/117455

 
  Red Hat: ruby denial of service issue
fix
  13th, December, 2004

An updated ruby package that fixes a denial of service issue
for the CGI instance is now available.

http://www.linuxsecurity.com/content/view/117479

 
   Red
Hat
  Red Hat: ncompress security issue and
bug fix
  13th, December, 2004

An updated ncompress package that fixes a buffer overflow and
problem in the handling of files larger than 2 GB is now available.

http://www.linuxsecurity.com/content/view/117480

 
  Red Hat: apache and mod_ssl security
vulnerabilities fix
  13th, December, 2004

Updated apache and mod_ssl packages that fix various minor security
issues and bugs in the Apache Web server are now available for Red Hat
Enterprise Linux 2.1.

http://www.linuxsecurity.com/content/view/117481

 
  Red Hat: kernel security vulnerability
fix
  13th, December, 2004

Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version 2.1. This
is the sixth regular update.

http://www.linuxsecurity.com/content/view/117482

 
  Red Hat: Itanium security issues fix
  13th, December, 2004

Updated Itanium kernel packages are now available as part of
ongoing support and maintenance of Red Hat Enterprise Linux version 2.1.
This is the sixth regular update.

http://www.linuxsecurity.com/content/view/117483

 
   TurboLinux
  TurboLinux: Security & Bugfix
  13th, December, 2004

Numerous issues in the Linux ELF binary loader. Issues relating
to IDE DMA transfers which prevent installation on machines with SiS chipsets
using the SiS 962/963 IDE controller. Null pointer dereferencing in the
SG driver.

http://www.linuxsecurity.com/content/view/117471