General Esm W900
This week advisories were released for vim, id3lib, clamav, pptpd, krb5, librpcsecgss, vavoom, gallery, kdebase, mysql, cyrus-sasl, star, java, and kerberos. The distributors include Debian, Fedora, Mandriva, Red Hat, Slackware, and Ubuntu.


Linux+DVD Magazine Our magazine is read by professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software. The majority of our readers is between 15 and 40 years old. They are interested in current news from the Linux world, upcoming projects etc.

In each issue you can find information concerning typical use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments.


LinuxSecurity.com Feature Extras:

    Review: Ruby by Example - Learning a new language cannot be complete without a few 'real world' examples. 'Hello world!'s and fibonacci sequences are always nice as an introduction to certain aspects of programming, but soon or later you crave something meatier to chew on. 'Ruby by Example: Concepts and Code' by Kevin C. Baird provides a wealth of knowledge via general to specialized examples of the dynamic object oriented programming language, Ruby. Want to build an mp3 playlist processor? How about parse out secret codes from 'Moby Dick'? Read on!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


Debian: New Linux 2.6.18 packages fix several vulnerabilities
31st, August, 2007

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the below vulnerabilities. advisories/debian/debian-new-linux-2618-packages-fix-several-vulnerabilities-45410
Debian: New vim packages fix several vulnerabilities
1st, September, 2007

Several vulnerabilities have been discovered in the vim editor. Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. advisories/debian/debian-new-vim-packages-fix-several-vulnerabilities-28252
Debian: New id3lib3.8.3 packages fix denial of service
1st, September, 2007

Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks. advisories/debian/debian-new-id3lib383-packages-fix-denial-of-service-42421
Debian: New clamav packages fix several vulnerabilities
1st, September, 2007

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. advisories/debian/debian-new-clamav-packages-fix-several-vulnerabilities-27806
Debian: New pptpd packages fix regression
2nd, September, 2007

It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. advisories/debian/debian-new-pptpd-packages-fix-regression
Debian: New krb5 packages fix arbitrary code execution
4th, September, 2007

It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code. advisories/debian/debian-new-krb5-packages-fix-arbitrary-code-execution-52839
Debian: New librpcsecgss packages fix arbitrary code execution
4th, September, 2007

It was discovered that a buffer overflow of the library for secure RPC communication over the rpcsec_gss protocol allows the execution of arbitrary code. advisories/debian/debian-new-librpcsecgss-packages-fix-arbitrary-code-execution-86263
Debian: New krb5 packages fix arbitrary code execution
6th, September, 2007

It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code. The original patch from DSA-1367-1 didn't address the problem fully. This update delivers an updated fix. advisories/debian/debian-new-krb5-packages-fix-arbitrary-code-execution-52839
Debian: New gforge packages fix SQL injection
6th, September, 2007

Sumit I. Siddharth discovered that Gforge, a collaborative development tool performs insufficient input sanitising, which allows SQL injection. advisories/debian/debian-new-gforge-packages-fix-sql-injection-80172
Fedora 7 Update: vavoom-1.24-3.fc7
4th, September, 2007

Security update fixing various format strings vulnerabilities and a DOS vulnerability in the vavoom server, this fixes: CVE-2007-4533, CVE-2007-4534 & CVE-2007-4535. Also see bugzilla bug 256621. advisories/fedora/fedora-7-update-vavoom-124-3fc7-18-48-00-129332
Fedora 7 Update: gallery2-2.2-0.7..
4th, September, 2007

Security fix release for Gallery 2.2 series. Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in (a) WebDAV and (b) Reupload modules. advisories/fedora/fedora-7-update-gallery2-22-07-18-49-00-129335
Mandriva: Updated clamav packages vulnerabilities
31st, August, 2007

A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference (CVE-2007-4510).
Mandriva: Updated tar packages fix vulnerabilities
4th, September, 2007

Dmitry V. Levin discovered a path traversal flaw in how GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary fiels that the user running tar has write access to. Updated packages have been patched to prevent these issues.
Mandriva: Updated krb5 packages fix vulnerabilities
6th, September, 2007

A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash (CVE-2007-3999).
Mandriva: Updated eggdrop package fix remote buffer overflow
6th, September, 2007

A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message. Updated packages fix this issue.
Mandriva: Updated kdebase and kdelibs packages fix location
6th, September, 2007

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. (CVE-2007-3820)
Mandriva: Updated MySQL packages fix vulnerabilities
6th, September, 2007

A vulnerability was found in MySQL's authentication protocol, making it possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash (CVE-2007-3780).
Mandriva: Updated krb5 packages fix vulnerabilities
7th, September, 2007

A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash (CVE-2007-3999).
RedHat: Moderate: aide security update
4th, September, 2007

A flaw was discovered in the way file checksums were stored in the AIDE database. A packaging flaw in the Red Hat AIDE rpm resulted in the file database not containing any file checksum information. This could prevent AIDE from detecting certain file modifications. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-aide-security-update-RHSA-2007-0539-01
RedHat: Moderate: kernel security and bugfix update
4th, September, 2007

Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-kernel-security-and-bugfix-update-61033
RedHat: Moderate: cyrus-sasl security and bug fix update
4th, September, 2007

An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-cyrus-sasl-security-and-bug-fix-update-RHSA-2007-0795-01
RedHat: Moderate: star security update
4th, September, 2007

An updated star package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-star-security-update-RHSA-2007-0873-01
RedHat: Moderate: cyrus-sasl security update
4th, September, 2007

Updated cyrus-sasl packages that correct a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-cyrus-sasl-security-update-RHSA-2007-0878-01
RedHat: Important: krb5 security update
4th, September, 2007

Updated krb5 packages that fix two security flaws are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-krb5-security-update-66067
RedHat: Important: krb5 security update
7th, September, 2007

Updated krb5 packages that correct a security flaw are now available for Red Hat Enterprise Linux 5. The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. advisories/red-hat/redhat-important-krb5-security-update-66067
Slackware: java (jre, jdk)
31st, August, 2007

Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here:
Ubuntu: Linux kernel vulnerabilities
31st, August, 2007

A buffer overflow was discovered in the Moxa serial driver. Local attackers could execute arbitrary code and gain root privileges. (CVE-2005-0504) advisories/ubuntu/ubuntu-linux-kernel-vulnerabilities-39223
Ubuntu: Linux kernel vulnerabilities
31st, August, 2007

A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. advisories/ubuntu/ubuntu-linux-kernel-vulnerabilities-39223
Ubuntu: Kerberos vulnerability
4th, September, 2007

It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges. advisories/ubuntu/ubuntu-kerberos-vulnerability-25212
Ubuntu: Kerberos vulnerability
7th, September, 2007

Original advisory details: It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges. advisories/ubuntu/ubuntu-kerberos-vulnerability-25212