Linux Advisory Watch - December 17, 2004

This week, advisories were released for zgv, atari800, MyODBC, mikmod,
gstreamer, grep, flim, kdelibs, kdebase, selinux-policy-targeted,
xcdroast, udev, PHProjekt, nfs-utils, ncpfs, vim, evolution, mkdonline,
iproute, libpng, postgresql, IPSec, imlib, ruby, ncompress, and mod_ssl.
The distributors include Debian, Fedora, Gentoo, Mandrake, OpenBSD,
Red Hat, and TurboLinux.Detecting Physical Security Compromises

The first thing to always note is when your machine was rebooted.
Since Linux is a robust and stable OS, the only times your machine
should reboot is when you take it down for OS upgrades, hardware
swapping, or the like. If your machine has rebooted without you
doing it, that may be a sign that an intruder has compromised it.
Many of the ways that your machine can be compromised require the
intruder to reboot or power off your machine.

Check for signs of tampering on the case and computer area. Although
many intruders clean traces of their presence out of logs, it’s a
good idea to check through them all and note any discrepancy.

It is also a good idea to store log data at a secure location, such
as a dedicated log server within your well-protected network. Once
a machine has been compromised, log data becomes of little use as
it most likely has also been modified by the intruder.

The syslog daemon can be configured to automatically send log data
to a central syslog server, but this is typically sent unencrypted,
allowing an intruder to view data as it is being transferred. This
may reveal information about your network that is not intended to be
public. There are syslog daemons available that encrypt the data as
it is being sent.

Also be aware that faking syslog messages is easy — with an exploit
program having been published. Syslog even accepts net log entries
claiming to come from the local host without indicating their true
origin.

	Debian
	Debian: zgv arbitrary code execution fix
	14th, December, 2004 Several vulnerabilities have been discovered in zgv, an SVGAlib graphics viewer for the i386 architecture. http://www.linuxsecurity.com/content/view/117475

	Debian: atari800 local root exploit fix
	14th, December, 2004 Adam Zabrocki discovered multiple buffer overflows in atari800, an Atari emulator. In order to directly access graphics hardware, one of the affected programs is installed setuid root. A local attacker could exploit this vulnerability to gain root privileges. http://www.linuxsecurity.com/content/view/117492

	Fedora
	Fedora: MyODBC-2.50.39-18.2 update
	10th, December, 2004 This update fixes a problem that occurs when the user’s locale setting selects a decimal point other than “.”. http://www.linuxsecurity.com/content/view/117469

	Fedora: MyODBC-2.50.39-19.1 update
	10th, December, 2004 This update fixes a problem that occurs when the user’s locale setting selects a decimal point other than “.”. http://www.linuxsecurity.com/content/view/117470

	Fedora: mikmod-3.1.6-30.2 update
	13th, December, 2004 This moves ‘mikmod’ back to the main package. It was incorrectly in the mikmod-devel package. http://www.linuxsecurity.com/content/view/117476

	Fedora: gstreamer-0.8.7-4.FC3.0 update
	14th, December, 2004 This update adds multilib support to GStreamer; this fixes several issues people had on multilib architectures such as x86_64. It’s been fairly well tested but please do not hesitate to report any issues. http://www.linuxsecurity.com/content/view/117494

	Fedora: grep-2.5.1-31.2 update
	14th, December, 2004 This update improves performance when processing UTF-8 input. http://www.linuxsecurity.com/content/view/117495

	Fedora: flim-1.14.7-0.FC2 update
	15th, December, 2004 Update to 1.14.7 release, which also fixes CAN-2004-0422. http://www.linuxsecurity.com/content/view/117518

	Fedora: kdelibs-3.2.2-10.FC2 update
	15th, December, 2004 apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team http://www.linuxsecurity.com/content/view/117519

	Fedora: kdebase-3.2.2-8.FC2 update
	15th, December, 2004 apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team http://www.linuxsecurity.com/content/view/117520

	Fedora: kdelibs-3.3.1-2.4.FC3 update
	15th, December, 2004 apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team http://www.linuxsecurity.com/content/view/117521

	Fedora: kdebase-3.3.1-4.3.FC3 update
	15th, December, 2004 apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team http://www.linuxsecurity.com/content/view/117522

	Fedora: selinux-policy-targeted-1.17.30-2.51 update
	16th, December, 2004 Fix problems with winbind, nscd, apache and others. http://www.linuxsecurity.com/content/view/117525

	Fedora: xcdroast-0.98a15-8 update
	16th, December, 2004 fixed frozen progress bars with patch from Didier Heyden (bug #134334) http://www.linuxsecurity.com/content/view/117529

	Fedora: udev-039-10.FC3.6 update
	16th, December, 2004 fixed a case where reading /proc/ide/hd?/media returns EIO (bug rh#142713) and added simple dvb rules http://www.linuxsecurity.com/content/view/117530

	Gentoo
	Gentoo: PHProjekt setup.php vulnerability
	10th, December, 2004 PHProjekt contains a vulnerability in the setup procedure allowing remote users without admin rights to change the configuration. http://www.linuxsecurity.com/content/view/117468

	Gentoo: nfs-utils Multiple remote vulnerabilities
	13th, December, 2004 Multiple vulnerabilities have been discovered in nfs-utils that could lead to a Denial of Service, or the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117478

	Gentoo
	Gentoo: ncpfs Buffer overflow in ncplogin and ncpmap
	15th, December, 2004 ncpfs is vulnerable to a buffer overflow that could lead to local execution of arbitrary code with elevated privileges. http://www.linuxsecurity.com/content/view/117505

	Gentoo: vim, gVim Vulnerable options in modelines
	15th, December, 2004 Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges. http://www.linuxsecurity.com/content/view/117508

	Mandrake
	Mandrake: evolution various bugs fix
	14th, December, 2004 This update provides Evolution 2.0.3 which fixes a number of bugs found in the previous version of Evolution, including the possibility to lose mail when Evolution sends an email message, that fails to send, but Evolution doesn’t realize it has failed. http://www.linuxsecurity.com/content/view/117484

	Mandrake: mdkonline provide new features
	14th, December, 2004 This is a major update of mandrakeonline which fixes several issues and adds more features such as a text wizard for servers without Xwindow capabilities, support for server products, corporate and MNF for instance, errors displaying and md5sum file checks. http://www.linuxsecurity.com/content/view/117485

	Mandrake: iproute2 temporary file vulnerability
	14th, December, 2004 Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. http://www.linuxsecurity.com/content/view/117486

	Mandrake: evolution various bugs fix
	14th, December, 2004 This update provides Evolution 2.0.3 which fixes a number of bugs found in the previous version of Evolution, including the possibility to lose mail when Evolution sends an email message, that fails to send, but Evolution doesn’t realize it has failed. http://www.linuxsecurity.com/content/view/117487

	Mandrake: libpng invalid zlib header problem fix
	14th, December, 2004 A problem in version 1.2.6 of the libpng library would cause libpng to write an invalid zlib header within the PNG datastream. This can cause some applications to display the images incorrectly. http://www.linuxsecurity.com/content/view/117488

	Mandrake: postgresql temporary file vulnerability fix
	14th, December, 2004 The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to. http://www.linuxsecurity.com/content/view/117489

	Mandrake: kde various bug fixes
	15th, December, 2004 A number of KDE-related packages are being released to address a number of bugs in these packages. Updated packages include kdenetwork (which fixes problems in kget, kopete, and krfb), kdepim (which fixes problems in kmail, knode, knotes, and kontact), kwallet (which fixes problems in kwalleditor and kcmlirc), and kdesdk (which fixes a problem in cervisia). http://www.linuxsecurity.com/content/view/117516

	Mandrake: kdelibs & kdebase vulnerability fix
	15th, December, 2004 Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CAN-2004-1171). http://www.linuxsecurity.com/content/view/117517

	OpenBSD: kernel heap overflow in IPsec
	14th, December, 2004 On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ipsec(4) credentials on a socket. Stopping isakmpd(8) does not prevent the memory corruption. http://www.linuxsecurity.com/content/view/117493

	Red Hat: imlib security vulnerabilities fix
	10th, December, 2004 Updated imlib packages that fix several integer and buffer overflows are now available. http://www.linuxsecurity.com/content/view/117455

	Red Hat: ruby denial of service issue fix
	13th, December, 2004 An updated ruby package that fixes a denial of service issue for the CGI instance is now available. http://www.linuxsecurity.com/content/view/117479

	Red Hat
	Red Hat: ncompress security issue and bug fix
	13th, December, 2004 An updated ncompress package that fixes a buffer overflow and problem in the handling of files larger than 2 GB is now available. http://www.linuxsecurity.com/content/view/117480

	Red Hat: apache and mod_ssl security vulnerabilities fix
	13th, December, 2004 Updated apache and mod_ssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. http://www.linuxsecurity.com/content/view/117481

	Red Hat: kernel security vulnerability fix
	13th, December, 2004 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the sixth regular update. http://www.linuxsecurity.com/content/view/117482

	Red Hat: Itanium security issues fix
	13th, December, 2004 Updated Itanium kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the sixth regular update. http://www.linuxsecurity.com/content/view/117483

	TurboLinux
	TurboLinux: Security & Bugfix
	13th, December, 2004 Numerous issues in the Linux ELF binary loader. Issues relating to IDE DMA transfers which prevent installation on machines with SiS chipsets using the SiS 962/963 IDE controller. Null pointer dereferencing in the SG driver. http://www.linuxsecurity.com/content/view/117471

RELATED ARTICLESMORE FROM AUTHOR

Xen 4.19 is released

Advancing Xen on RISC-V: key updates

AI Produces Data-driven OpenFOAM Speedup (HPC Wire)

Delivering Prime Training Deals – 2 DAYS ONLY

Why You Need to Know About Event Modeling: —An Intro

RELATED ARTICLES MORE FROM AUTHOR