General Esm W900
This week advisories were released for openoffice, ipsec-tools, iceape, gimp, freetype, xulrunner, icedove, iceweasel, libexif, mod_perl, spamassassin, Thunderbird, Firefox, freetype2, gd, tetex, fetchmail, shadow-utils, pam, gcc, iscsi-initiator-utils, kernel, file, libpng, and xscreensaver. The distributors include Debian, Mandriva, Red Hat, Slackware, and Ubuntu.


Vyatta - Linux-based Router, Firewall & VPN - Vyatta software and appliances combine the features, performance and reliability of enterprise-class networking gear with the cost-savings and flexibility of linux-based solutions. Vyatta empowers you to replace overpriced proprietary router, firewall and VPN equipment with commercially supported open-source solutions.

Free Vyatta Software & Live Webinars


LinuxSecurity.com Feature Extras:

    Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


Debian
Debian: New OpenOffice.org packages fix arbitrary code execution
12th, June, 2007

John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.

advisories/debian/debian-new-openofficeorg-packages-fix-arbitrary-code-execution-79391
Debian: New ipsec-tools packages fix denial of service
7th, June, 2007

It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. We recommend that you upgrade your racoon package.

advisories/debian/debian-new-ipsec-tools-packages-fix-denial-of-service
Debian: New iceape packages fix several vulnerabilities
7th, June, 2007

Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problem and others. Nicolas Derouet discovered that Iceape performs insufficient validation of cookies, which could lead to denial of service.

advisories/debian/debian-new-iceape-packages-fix-several-vulnerabilities-79321
Debian: New Gimp packages fix arbitrary code execution
9th, June, 2007

A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file.

advisories/debian/debian-new-gimp-packages-fix-arbitrary-code-execution-316
Debian: New lighttpd packages fix denial of service
10th, June, 2007

Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service. The Common Vulnerabilities and Exposures project identifies problems. One is a remote attackers could cause denial of service by disconnecting partway through making a request.

advisories/debian/debian-new-lighttpd-packages-fix-denial-of-service-49074
Debian: New freetype packages fix integer overflow
10th, June, 2007

A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files.

advisories/debian/debian-new-freetype-packages-fix-integer-overflow
Debian: New xulrunner packages fix several vulnerabilities
12th, June, 2007

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the some problems.

advisories/debian/debian-new-xulrunner-packages-fix-several-vulnerabilities-73165
Debian: New icedove packages fix several vulnerabilities
13th, June, 2007

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems. Gatan Leurent discovered a cryptographical weakness in APOP authentication, which reduces the required efforts for an MITM attack to intercept a password. The update enforces stricter validation, which prevents this attack.

advisories/debian/debian-new-icedove-packages-fix-several-vulnerabilities-99151
Debian: New iceweasel packages fix several vulnerabilities
14th, June, 2007

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identified the problems.

advisories/debian/debian-new-iceweasel-packages-fix-several-vulnerabilities-60726
Fedora
Fedora Core 6 Update: libexif-0.6.15-1.fc6
11th, June, 2007

This update to the latest upstream release fixes a number of bugs, among them a possible integer overflow in the exif_data_load_data_entry function (CVE-2007-2645), which allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data.

advisories/fedora/fedora-core-6-update-libexif-0615-1fc6-17-24-00-128492
Fedora Core 5 Update: mod_perl-2.0.2-5.2.fc5
11th, June, 2007

This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service. (CVE-2007-1349)

advisories/fedora/fedora-core-5-update-modperl-202-52fc5-17-25-00-128494
Fedora Core 6 Update: mod_perl-2.0.2-6.2.fc6
11th, June, 2007

This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service. (CVE-2007-1349)

advisories/fedora/fedora-core-6-update-modperl-202-62fc6-17-25-00-128495
Fedora Core 6 Update: spamassassin-3.1.9-1.fc6
13th, June, 2007

Local symlink vulnerability. Fedora is not vulnerable in any default or common configurations. Read upstream's announcement for details. https://spamassassin.apache.org/404.html

advisories/fedora/fedora-core-6-update-spamassassin-319-1fc6-17-17-00-128521
Fedora Core 5 Update: spamassassin-3.1.9-1.fc5.1
13th, June, 2007

Local symlink vulnerability. Fedora is not vulnerable in any default or common configurations. Read upstream's announcement for details. https://spamassassin.apache.org/404.html

advisories/fedora/fedora-core-5-update-spamassassin-319-1fc51-17-17-00-128522
Fedora Core 6 Update: openoffice.org-2.0.4-5.5.23
13th, June, 2007

A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue.

advisories/fedora/fedora-core-6-update-openofficeorg-204-5523-17-17-00-128523
Fedora Core 5 Update:
13th, June, 2007

This update to iscsi-initiator-utils is a rebase to the upstream open-iscsi-2.0-865 release. This release includes two security fixes which are described here https://bugzilla.redhat.com/show_bug.cgi?id=243719 bug fixes and new features.

advisories/fedora/fedora-core-5-update-18-20-00-128526
Fedora Core 6 Update:
13th, June, 2007

This update to iscsi-initiator-utils is a rebase to the upstream open-iscsi-2.0-865 release. This release includes two security fixes, which are described here, https://bugzilla.redhat.com/show_bug.cgi?id=243719

advisories/fedora/fedora-core-6-update-18-20-00-128527
Mandriva
Mandriva: Updated libexif packages fix crash and possible
8th, June, 2007

Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. Updated packages have been patched to prevent this issue.

Mandriva: Updated Thunderbird packages fix multiple
12th, June, 2007

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.12. This update provides the latest Thunderbird to correct these issues.

Mandriva: Updated Firefox packages fix multiple
12th, June, 2007

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.12. This update provides the latest Firefox to correct these issues.

Mandriva: Updated freetype2 packages fix integer overflow
13th, June, 2007

An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program. The updated packages have been patched to prevent this issue.

Mandriva: Updated gd packages fix vulnerability
13th, June, 2007

A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. The updated packages have been patched to prevent this issue.

Mandriva: Updated libwmf packages fix vulnerability
13th, June, 2007

A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedded copy of the gd source and may also be affected by this issue. The updated packages have been patched to prevent this issue.

Mandriva: Updated tetex packages fix vulnerability
13th, June, 2007

A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue. The updated packages have been patched to prevent this issue.

Red Hat
RedHat: Moderate: fetchmail security update
7th, June, 2007

An updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-fetchmail-security-update-RHSA-2007-0385-01
RedHat: Moderate: freetype security update
11th, June, 2007

Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-freetype-security-update-25518
RedHat: Low: shadow-utils security and bug fix update
11th, June, 2007

An updated shadow-utils package that fixes a security issue and several bugs is now available.A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. This update has been rated as having low security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-low-shadow-utils-security-and-bug-fix-update-RHSA-2007-0431-01
RedHat: Moderate: pam security and bug fix update
11th, June, 2007

Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-pam-security-and-bug-fix-update-RHSA-2007-0465-01
RedHat: Low: gdb security and bug fix update
11th, June, 2007

An updated gdb package that fixes a security issue and various bugs is now available.Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If an attacker could trick a user into loading an executable containing malicious debugging information into GDB, they may be able to execute arbitrary code with the privileges of the user. This update has been rated as having low security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-low-gdb-security-and-bug-fix-update-RHSA-2007-0469-01
RedHat: Moderate: gcc security and bug fix update
11th, June, 2007

Updated gcc packages that fix a security issue and another bug are now available.Jürgen Weigert discovered a directory traversal flaw in fastjar. An attacker could create a malicious JAR file which, if unpacked using fastjar, could write to any files the victim had write access to. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-gcc-security-and-bug-fix-update-RHSA-2007-0473-01
RedHat: Important: openoffice.org security update
13th, June, 2007

Updated openoffice.org packages to correct a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. This update has been rated as having important security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-important-openofficeorg-security-update-69768
RedHat: Moderate: spamassassin security update
13th, June, 2007

Updated spamassassin packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5.Martin Krafft discovered a symlink issue in SpamAssassin that affects certain non-default configurations. A local user could use this flaw to create or overwrite files writable by the spamd process. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-spamassassin-security-update-18304
RedHat: Important: kdebase security update
13th, June, 2007

Updated kdebase packages that resolve an interaction security issue with Adobe Flash Player are now available.A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser. This update has been rated as having important security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-important-kdebase-security-update-RHSA-2007-0494-01
RedHat: Low: mod_perl security update
14th, June, 2007

Updated mod_perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, 5. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service This update has been rated as having low security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-low-modperl-security-update-68276
RedHat: Moderate: iscsi-initiator-utils security update
14th, June, 2007

Updated iscsi-initiator-utils packages that fix a security flaw in open-iscsi are now available for Red Hat Enterprise Linux 5. Olaf Kirch discovered two flaws in open-iscsi. A local attacker could use these flaws to cause the server daemon to stop responding, leading to a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-iscsi-initiator-utils-security-update-RHSA-2007-0497-01
RedHat: Important: kernel security and bug fix update
14th, June, 2007

Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-important-kernel-security-and-bug-fix-update-30637
RedHat: Moderate: libexif integer overflow
14th, June, 2007

Updated libexif packages that fix an integer overflow flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-libexif-integer-overflow-RHSA-2007-0501-01
Slackware
Slackware: libexif
14th, June, 2007

New libexif packages are available for Slackware 10.2, 11.0, and -current to fix a crash and potential security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2007-4168

Ubuntu
Ubuntu: Linux kernel vulnerabilities
8th, June, 2007

USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For more information see: https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.20/+bug/117314

advisories/ubuntu/ubuntu-linux-kernel-vulnerabilities-39223
Ubuntu: file vulnerability
11th, June, 2007

USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution. Jean-Sebastien Guay-Leroux discovered that "file" did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the "file" utility, a remote attacker could execute arbitrary code with user privileges.

advisories/ubuntu/ubuntu-file-vulnerability
Ubuntu: libexif vulnerability
11th, June, 2007

Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service.

advisories/ubuntu/ubuntu-libexif-vulnerability-98087
Ubuntu: libpng vulnerability
11th, June, 2007

It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service.

advisories/ubuntu/ubuntu-libpng-vulnerability
Ubuntu: libgd2 vulnerabilities
11th, June, 2007

A buffer overflow was discovered in libgd2's font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. (CVE-2007-0455) Xavier Roche discovered that libgd2 did not correctly validate PNG callback results. If an application were tricked into processing a specially crafted PNG image, it would monopolize CPU resources.

advisories/ubuntu/ubuntu-libgd2-vulnerabilities
Ubuntu: xscreensaver vulnerability
12th, June, 2007

It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS. A local attacker could bypass a locked screen if they were able to interrupt network connectivity.

advisories/ubuntu/ubuntu-xscreensaver-vulnerability