This week, advisories were released for libxslt, dnsmasq, newsx, icedove, python, clamav, refpolicy, clamav, vlc, ffmeg, dbus, libpng, thunderbird, realplayer, java, nfs-utils, mysql, coreutils, vsftp, kernel, nss_ldap, rdesktop, mtr, links, net-snmp, httpd, fetchmail, openssl, pcre, vim, xulrunner, and poppler. The distributors include Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.

Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.

In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.


LinuxSecurity.com Feature Extras:

Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.

Read on for more security features of Firefox 3.0.

Review: The Book of Wireless - "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


EnGarde Secure Community 3.0.19 Now Available! (Apr 15)

Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

news/vendors-products/engarde-secure-community-3019-now-available

Debian: New libxslt packages fix arbitrary code execution (Jul 31)

Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.

advisories/debian/debian-new-libxslt-packages-fix-arbitrary-code-execution
Debian: New dnsmasq packages fix cache poisoning (Jul 31)

This update changes Debian's dnsmasq packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult.

advisories/debian/debian-new-dnsmasq-packages-fix-cache-poisoning
Debian: New newsx packages fix arbitrary code execution (Jul 31)

It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

advisories/debian/debian-new-newsx-packages-fix-arbitrary-code-execution
Debian: New icedove packages fix several vulnerabilities (Jul 27)

It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code.

advisories/debian/debian-new-icedove-packages-fix-several-vulnerabilities-99151
Debian: New python2.5 packages fix several vulnerabilities (Jul 27)

Several vulnerabilities have been discovered in the interpreter for the Python language.

advisories/debian/debian-new-python25-packages-fix-several-vulnerabilities
Debian: New python-dns packages fix DNS response spoofing (Jul 27)

Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.

advisories/debian/debian-new-python-dns-packages-fix-dns-response-spoofing
Debian: New clamav packages fix denial of service (Jul 26)

Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.

advisories/debian/debian-new-clamav-packages-fix-denial-of-service-32713
Debian: New refpolicy packages fix incompatible policy (Jul 25)

In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447)

advisories/debian/debian-new-refpolicy-packages-fix-incompatible-policy
Debian: new clamav packages fix denial of service (Jul 24)

Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.

advisories/debian/debian-new-clamav-packages-fix-denial-of-service-32713

Gentoo: Pan User-assisted execution of arbitrary code (Jul 31)

A buffer overflow vulnerability in Pan may allow remote attacker to execute arbitrary code.

Gentoo: VLC Multiple vulnerabilities (Jul 31)

Multiple vulnerabilities in VLC may allow for the execution of arbitrary code.


Mandriva: Subject: [Security Announce] [ MDVSA-2008:159 ] licq (Jul 30)

A flaw was discovered in licq versions prior to 1.3.6 that allowed a remote attacker to cause a denial of service (crash) via a large number of connections (CVE-2008-1996). The updated packages have been patched to correct this issue.

Mandriva: Subject: [Security Announce] [ MDVSA-2008:158 ] silc-toolkit (Jul 30)

A vulnerability was found in the SILC toolkit before version 1.1.5 that allowed a remote attacker to cause a denial of service (crash), or possibly execute arbitrary code via long input data (CVE-2008-1227). A vulnerability was found in the SILC toolkit before version 1.1.7 that allowed a remote attacker to execute arbitrary code via a crafted PKCS#2 message (CVE-2008-1552).

Mandriva: ffmpeg (Jul 29)

A vulnerability was found in how ffmpeg handled STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg (CVE-2008-3162). The updated packages have been patched to correct this issue.

Mandriva: Updated dbus packages correct various bugs (Jul 29)

A race condition was preventing dbus from starting correctly when user authentication was network based (LDAP, etc.). This could prevent other desktop functions from working properly, such as device automounting. This update provides updated dbus and initscript packages that fix this issue. Both packages must be upgraded at the same time.

Mandriva: Updated libpng packages fix vulnerability (Jul 28)

Tavis Ormandy of the Google Security Team discovered a flaw in how libpng handles zero-length unknown chunks in PNG files, which could lead to memory corruption in applications that make use of certain functions (CVE-2008-1382). The updated packages have been patched to correct this issue.

Mandriva: Updated Thunderbird packages fix multiple vulnerabilities (Jul 27)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811). This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems.

Mandriva: Updated Thunderbird packages fix multiple vulnerabilities (Jul 25)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811).


RedHat: Critical: RealPlayer security update (Jul 31)

RealPlayer 10.0.9 is vulnerable to a critical security flaw and should no longer be used. A remote attacker could leverage this flaw to execute arbitrary code as the user running RealPlayer. (CVE-2007-5400) This issue is addressed in RealPlayer 11. Red Hat is unable to ship RealPlayer 11 due to additional proprietary codecs included in that version. Therefore, users who wish to continue to use RealPlayer should get an update directly from www.real.com.

advisories/red-hat/redhat-critical-realplayer-security-update-56018
RedHat: Critical: java-1.5.0-ibm security update (Jul 31)

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-critical-java-150-ibm-security-update-89380
RedHat: Moderate: libxslt security update (Jul 31)

Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-libxslt-security-update-RHSA-2008-0649-01
RedHat: Moderate: nfs-utils security update (Jul 31)

An updated nfs-utils package that fixes a security issue is now available for Red Hat Enterprise Linux 5. A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. This update has been rated as having moderate security impact by the RedHat Security Response Team.

advisories/red-hat/redhat-moderate-nfs-utils-security-update-RHSA-2008-0486-01
RedHat: Moderate: mysql security, bug fix, (Jul 24)

Updated mysql packages that fix various security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-mysql-security-bug-fix-RHSA-2008-0768-01
RedHat: Low: coreutils security update (Jul 24)

Updated coreutils packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-low-coreutils-security-update-RHSA-2008-0780-01
RedHat: Moderate: vsftpd security update (Jul 24)

An updated vsftpd package that fixes a security issue is now available. The version of vsftpd as shipped in Red Hat Enterprise Linux 3 when used in combination with Pluggable Authentication Modules (PAM) had a memory leak on an invalid authentication attempt. Since vsftpd prior to version 2.0.5 allows any number of invalid attempts on the same connection this memory leak could lead to an eventual DoS.

advisories/red-hat/redhat-moderate-vsftpd-security-update-RHSA-2008-0579-01
RedHat: Moderate: Updated kernel packages for Red Hat (Jul 24)

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux 4. This is the seventh regular update. A security flaw was found in the Linux kernel Universal Disk Format file system.

advisories/red-hat/redhat-moderate-updated-kernel-packages-for-red-hat-RHSA-2008-0665-01
RedHat: Moderate: vsftpd security and bug fix update (Jul 24)

An updated vsftpd package that fixes a security issue and various bugs is now available. The version of vsftpd as shipped in Red Hat Enterprise Linux 4 when used in combination with Pluggable Authentication Modules (PAM) had a memory leak on an invalid authentication attempt. Since vsftpd prior to version 2.0.5 allows any number of invalid attempts on the same connection this memory leak could lead to an eventual DoS. (CVE-2008-2375)

advisories/red-hat/redhat-moderate-vsftpd-security-and-bug-fix-update-RHSA-2008-0680-01
RedHat: Low: nss_ldap security and bug fix update (Jul 24)

An updated nss_ldap package that fixes a security issue and several bugs is now available. A race condition was discovered in nss_ldap, which affected certain applications that make LDAP connections, such as Dovecot. This could cause nss_ldap to answer a request for information about one user with the information about a different user. (CVE-2007-5794)

advisories/red-hat/redhat-low-nssldap-security-and-bug-fix-update-59514
RedHat: Moderate: rdesktop security and bug fix update (Jul 24)

Updated rdesktop packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 4. An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801)

advisories/red-hat/redhat-moderate-rdesktop-security-and-bug-fix-update-RHSA-2008-0725-01
RedHat: Moderate: rdesktop security update (Jul 24)

An updated rdesktop package that fixes a security issue is now available for Red Hat Enterprise Linux 5.An integer underflow and integer signedness issue were discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803)

advisories/red-hat/redhat-moderate-rdesktop-security-update-97098
RedHat: Moderate: rdesktop security update (Jul 24)

Updated rdesktop packages that fix a security issues are now available for Red Hat Enterprise Linux 3.An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801)

advisories/red-hat/redhat-moderate-rdesktop-security-update-97098

Slackware: libxslt (Jul 29)

New libxslt packages are available for Slackware 12.0, 12.1, and -current to fix a security issue. A buffer overflow when processing XSL stylesheets could result in the execution of arbitrary code.

Slackware: mtr (Jul 29)

New mtr packages are available for Slackware 12.0, 12.1, and -current to fix a security issue. Upgraded to mtr-0.73. This fixes a minor security bug where a very long hostname in the trace path could lead to an overflow (and most likely just a crash).

Slackware: links (Jul 29)

New links packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix a security issue when using proxies.Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."

Slackware: net-snmp (Jul 29)

New net-snmp packages are available for Slackware 12.0, 12.1, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292

Slackware: mozilla-thunderbird (Jul 29)

New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found on the Mozilla site: https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird-2.0/

Slackware: httpd (Jul 29)

New httpd packages are available for Slackware 12.0, 12.1, and -current to fix XSS security issues. This release fixes flaws which could allow XSS attacks.

Slackware: fetchmail (Jul 29)

New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.Patched to fix a possible denial of service when "-v -v" options are used.

Slackware: openssl (Jul 29)

New openssl packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. The Codenomicon TLS test suite uncovered security bugs in OpenSSL. If OpenSSL was compiled using non-default options (Slackware's package is not), then a malicious packet could cause a crash. Also, a malformed TLS handshake could also lead to a crash. Upgraded OpenSSH packages have been provided to make sure that ssh is not broken my the update -- especially if your machine is a remote one, be SURE to upgrade to the new openssh package as well!

Slackware: pcre (Jul 29)

New pcre packages are available for Slackware 12.0, 12.1, and -current to fix a security issue. Tavis Ormandy of the Google Security Team found a buffer overflow triggered when handling certain regular expressions. This could lead to a crash or possible execution of code as the user of the PCRE-linked application.

Slackware: vim (Jul 29)

New vim packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. This fixes several security issues related to the automatic processing of untrusted files.


Ubuntu: Firefox and xulrunner vulnerabilities (Jul 28)

A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785)

advisories/ubuntu/ubuntu-firefox-and-xulrunner-vulnerabilities-13145
Ubuntu: poppler vulnerability (Jul 28)

Felipe Andres Manzano discovered that poppler did not correctly initialize certain page widgets. If a user were tricked into viewing a malicious PDF file, a remote attacker could exploit this to crash applications linked against poppler, leading to a denial of service.

advisories/ubuntu/ubuntu-poppler-vulnerability-81822
Ubuntu: Thunderbird vulnerabilities (Jul 24)

A flaw was discovered in Thunderbird that allowed overwriting trusted objects via mozIJSSubScriptLoader.loadSubScript(). If a user had Javascript enabled and was tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803)

advisories/ubuntu/ubuntu-thunderbird-vulnerabilities-67510