General Esm W900
This week advisories were released for samba, ipsec-tools, libexif, evolution, elinks, php-pear, util-linux, mutt, mplayer, clamav, file, libpng, lha, fetchmail, asterisk, and Thunderbird. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu.

This week advisories were released for samba, ipsec-tools, libexif, evolution, elinks, php-pear, util-linux, mutt, mplayer, clamav, file, libpng, lha, fetchmail, asterisk, and Thunderbird. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu.


Vyatta - Linux-based Router, Firewall & VPN - Vyatta software and appliances combine the features, performance and reliability of enterprise-class networking gear with the cost-savings and flexibility of linux-based solutions. Vyatta empowers you to replace overpriced proprietary router, firewall and VPN equipment with commercially supported open-source solutions.

Free Vyatta Software & Live Webinars


LinuxSecurity.com Feature Extras:

    Review: Practical Packet Analysis - In the introduction, McIlwraith points out that security awareness training properly consists of communication, raising of issues, and encouragement to modify behaviour. (This will come as no surprise to those who recall the definition of training as the modification of attitudes and behaviour.) He also notes that security professionals frequently concentrate solely on presentation of problems. The remainder of the introduction looks at other major security activities, and the part that awareness plays in ensuring that they actually work.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


Debian
Debian: New samba packages fix regression
4th, June, 2007

A security vulnerability in the samba packages was found. The security update for CVE-2007-2446 introduced a regression, which broke connection to domain member servers in some scenarios. This update fixes this regression.

advisories/debian/debian-new-samba-packages-fix-regression
Debian: New ipsec-tools packages fix denial of service
7th, June, 2007

It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. We recommend that you upgrade your racoon package.

advisories/debian/debian-new-ipsec-tools-packages-fix-denial-of-service
Fedora
Fedora Core 5 Update: samba-3.0.24-7.fc5
6th, June, 2007

Bugfixes against the recent security updates for Fedora Core 5 samba-3.0.24-7.fc5 package. Also this update fixes a samba denial of service vulnerability.

advisories/fedora/fedora-core-5-update-samba-3024-7fc5-14-03-00-128458
Gentoo
Gentoo: libexif Integer overflow vulnerability
5th, June, 2007

libexif fails to handle Exif (EXchangeable Image File) data inputs, making it vulnerable to an integer overflow. An attacker could entice a user to process a file with specially crafted Exif extensions with an application making use of libexif, which will trigger the integer overflow and potentially execute arbitrary code or crash the application.

Gentoo: Evolution User-assisted execution of arbitrary code
6th, June, 2007

A vulnerability has been discovered in Evolution allowing for the execution of arbitrary code. A remote attacker could entice a user to open a specially crafted shared memo, possibly resulting in the execution of arbitrary code with the privileges of the user running Evolution.

Gentoo: ELinks User-assisted execution of arbitrary code
6th, June, 2007

A vulnerability has been discovered in ELinks allowing for the user-assisted execution of arbitrary code.A local attacker could entice a user to run ELinks in a specially crafted directory environment containing a malicious ".po" file, possibly resulting in the execution of arbitrary code with the privileges of the user running ELinks.

Mandriva
Mandriva: Updated php-pear packages fix directory traversal
4th, June, 2007

A security hole was discovered in all versions of the PEAR Installer (https://pear.php.net/package/PEAR/redirected). The security hole is the most serious hole found to date in the PEAR Installer, and would allow a malicious package to install files anywhere in the filesystem. The vulnerability only affects users who are installing an intentionally created package with a malicious intent.

Mandriva: Updated util-linux packages address login access
4th, June, 2007

Th login in util-linux-2.12a (and later versions) skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. Updated packages have been patched to address this issue.

Mandriva: Updated mutt packages fix vulnerabilities
4th, June, 2007

A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials (CVE-2007-1558).

Mandriva: Updated mplayer packages fix buffer overflow
4th, June, 2007

Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Updated packages have been patched to correct this issue.

Mandriva: Updated clamav packages fix vulnerabilities
4th, June, 2007

A vulnerability in the OLE2 parser in ClamAV was found that could allow a remote attacker to cause a denial of service via resource consumption with a carefully crafted OLE2 file. Other vulnerabilities and bugs have also been corrected in 0.90.3 which is being provided with this update.

Mandriva: Updated file packages fix vulnerabilities
5th, June, 2007

The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an atacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file (CVE-2007-2799). The updated packages have been patched to correct these issues.

Mandriva: Updated libpng packages fix vulnerability
5th, June, 2007

A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated. The updated packages have been patched to correct this issue.

Mandriva: Updated lha packages fix unsafe temporary files
6th, June, 2007

lharc.c in the lha package does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. Updated packages have been patched to prevent this issue.

Red Hat
RedHat: Moderate: mutt security update
4th, June, 2007

An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5.A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-mutt-security-update-RHSA-2007-0386-01
RedHat: Moderate: fetchmail security update
7th, June, 2007

An updated fetchmail package that fixes a security bug is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

advisories/red-hat/redhat-moderate-fetchmail-security-update-RHSA-2007-0385-01
Slackware
Slackware: firefox-seamonkey-thunderbird
2nd, June, 2007

New mozilla-firefox and seamonkey packages are available for Slackware 10.2, 11.0, and -current to fix security issues. New thunderbird packages are are available for Slackware 10.2 and 11.0 to fix security issues. More details about this issue may be found at these links: https://www.mozilla.org/en-US/security/known-vulnerabilities/ https://www.mozilla.org/en-US/security/known-vulnerabilities/ https://www.mozilla.org/en-US/security/known-vulnerabilities/

SuSE
SuSE: clamav 0.90.3 (SUSE-SA:2007:033)
6th, June, 2007

The anti-virus scan engine ClamAV was upgraded to version 0.90.3 to fix several security bugs. One is a heap corruption causing denial-of-service with corrupted rar archive.

SuSE: asterisk (SUSE-SA:2007:034)
6th, June, 2007

The Open Source PBX software Asterisk was updated to fix several security related bugs that allowed attackers to remotely crash asterisk or cause information leaks.Asterisk allowed remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

Ubuntu
Ubuntu: Firefox vulnerabilities
1st, June, 2007

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges.

advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643
Ubuntu: Thunderbird vulnerabilities
6th, June, 2007

Ga