[aclug-L] FW: Linux Advisory Watch - June 15th, 2001
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
-----Original Message-----
From: vuln-newsletter-admins@xxxxxxxxxxxxxxxxx
[mailto:vuln-newsletter-admins@xxxxxxxxxxxxxxxxx]
Sent: Friday, June 15, 2001 9:09 AM
To: vuln-newsletter@xxxxxxxxxxxxxxxxx
Subject: Linux Advisory Watch - June 15th, 2001
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| June 15th, 2001 Volume 2, Number 24a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for tcpdump, exim, imap, xinetd,
man-db, and LPRng. The vendors include Debian, Immunix, Mandrake, Red
Hat, and TurboLinux. It has been a rather slow week for advisories.
This week, you should take a look at the Postfix document noted below. It
goes into great detail and would be helpful to any administrator running
the Postfix Package.
# FEATURE: Postfix / EnGarde Secure Linux HowTo
This document outlines configuring, running, and maintaining
Postfix on EnGarde Secure Linux.
http://www.linuxsecurity.com/feature_stories/feature_story-91.html
## FREE Apache SSL Guide from Thawte Certification ##
Do your online customers demand the best available protection of their
personal information? Thawte's guide explains how to give this to your
customers by implementing SSL on your Apache Web Server. Click here to
get our FREE Thawte Apache Guide.
http://www.thawte.com/ucgi/gothawte.cgi?a=n366607510022000
HTML Version of Newsletter:
http://www.linuxsecurity.com/vuln-newsletter.html
+---------------------------------+
| tcpdump | ----------------------------//
+---------------------------------+
Remote buffer overflows were discovered that would enable a remote
attack of a local tcpdump process. Intrusion detection using tcpdump
would be rendered useless since the attack stops all network activity
on the system. This update also addresses the vulnerability in the
decoding of AFS ACL packets, allowing a remote attacker to run
arbitrary code on the local system as user root.
TurboLinux i386:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/tcpdump-3.6.2-1.i386.rpm
c6003e7b6a614b5569ab4466950b45fd
TurboLinux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-1426.html
+---------------------------------+
| exim | ----------------------------//
+---------------------------------+
Megyer Laszlo found a printf format bug in the exim mail transfer
agent. The code that checks the header syntax of an email logs an
error without protecting itself against printf format attacks. This
problem has been fixed in version 3.12-10.1. Since that code is not
turned on by default a standard installation is not vulnerable, but
we still recommend to upgrade your exim package.
Debian i386:
http://security.debian.org/dists/stable/updates/main/binary-i386/
exim_3.12-10.1_i386.deb
MD5 checksum: d7e4c6e286fae05abfce28841dc0530e
http://security.debian.org/dists/stable/updates/main/binary-i386/
eximon_3.12-10.1_i386.deb
MD5 checksum: 9dc3b11692b7047fef58c5a8da7741d8
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1427.html
+---------------------------------+
| imap | ----------------------------//
+---------------------------------+
Several buffer overflow vulnerabilities have been found in the
UW-IMAP package by the authors and independant groups. These
vulnerabilities can be exploited only once a user has authenticated
which limits the extent of the vulnerability to a remote shell with
that user's permissions. On systems where the user already has a
shell, nothing new will be provided to that user, unless the user has
only local shell access. On systems where the email accounts do not
provide shell access, however, the problem is much greater.
Mandrake Linux 8.0:
8.0/RPMS/imap-2000c-4.4mdk.i586.rpm
6a452cc1dc11d0b4e463bad8ad72c76f
8.0/RPMS/imap-devel-2000c-4.4mdk.i586.rpm
b5e240934dce233b30b3b9b3dd378548
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1428.html
+---------------------------------+
| xinetd | ----------------------------//
+---------------------------------+
A bug exists in xinetd as shipped with Mandrake Linux 8.0 dealing
with TCP connections with the WAIT state that prevents linuxconf-web
from working properly. As well, xinetd contains a security flaw in
which it defaults to a umask of 0. This means that applications
using the xinetd umask that do not set permissions themselves (like
SWAT, a web configuration tool for Samba), will create world writable
files. This update sets the default umask to 022.
Mandrake i386:
8.0/RPMS/xinetd-2.1.8.9pre15-1.1mdk.i586.rpm
b5e1f34214417502ca891bd3993a50c5
8.0/RPMS/xinetd-ipv6-2.1.8.9pre15-1.1mdk.i586.rpm
683f1ce09c630432cf5cd876ef9f0f65
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1429.html
immunix:
http://immunix.org/ImmunixOS/7.0/updates/
RPMS/xinetd-2.1.8.9pre15-2_imnx.i386.rpm
8841c6a1d15a063ca1bb16ba132e0f7d
Immunix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1433.html
+---------------------------------+
| man-db | ----------------------------//
+---------------------------------+
Luki R. reported a bug in man-db: it did handle nested calls of
drop_effective_privs() and regain_effective_privs() correctly which
would cause it to regain privileges to early. This could be abused to
make man create files as user man. This has been fixed in version
2.3.16-4, and we recommend that you upgrade your man-db package
immediately. If you use suidmanager you can also use that to make
sure man and mandb are not installed suid which protects you from
this problem. This can be done with the following commands.
Debian i386:
http://security.debian.org/dists/stable/updates/main/binary-i386/
man-db_2.3.16-4_i386.deb
MD5 checksum: 652668ab57978209225b4cce92afd7f2
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1431.html
+---------------------------------+
| LPRng | ----------------------------//
+---------------------------------+
LPRng fails to drop supplemental group membership at init time,
though it does properly setuid and setgid. The result is that LPRng,
and its children, maintain any supplemental groups that the process
starting LPRng had at the time it started LPRng. This is a security
risk.
Red Hat i386:
ftp://updates.redhat.com/7.1/en/os/i386/
LPRng-3.7.4-23.i386.rpm
23e85c03c49b6d1eda0a76428f181dc5
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1432.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [aclug-L] FW: Linux Advisory Watch - June 15th, 2001,
Dale W Hodge <=
|
|
