LANDesk Security and Patch News Bulletin: Security Update Report for Week Ending 09 May 2008

Version 1

     

     

     

     

     

     

     

    Security Update for the Week Ending 8 May 2008

     

     

     

     

     

    Windows / 3rd party (Some also impact Apple OSes)

     

     

     

     

     

    No critical or high level vulnerabilities for this week.

     

     

     

     

     

    UNIX/Linux:--

     

     

     

     

     

    NetBSD update for OpenSSL

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-05-08

     

     

     

     

     

    NetBSD has issued an update for OpenSSL. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30124/

     

     

     

     

     

    --

     

     

     

     

     

    Ubuntu update for thunderbird

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, Cross Site Scripting, System access

     

     

    Released:    2008-05-07

     

     

     

     

     

    Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30105/

     

     

     

     

     

    --

     

     

     

     

     

    Ubuntu update for openoffice.org

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-07

     

     

     

     

     

    Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30100/

     

     

     

     

     

    --

     

     

     

     

     

    Gentoo update for egroupware

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, System access

     

     

    Released:    2008-05-08

     

     

     

     

     

    Gentoo has issued an update for egroupware. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30073/

     

     

     

     

     

    --

     

     

     

     

     

    Sun Solaris Tk GIF Processing Buffer Overflow Vulnerabilities

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-05-08

     

     

     

     

     

    Sun has acknowledged some vulnerabilities in the Tcl GUI Toolkit Library included in Solaris, which can be exploited by malicious people to compromise an application using the library.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30129/

     

     

     

     

     

    --

     

     

     

     

     

    rdesktop Multiple Vulnerabilities

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-08

     

     

     

     

     

    Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30118/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for kazehakase

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Exposure of sensitive information, DoS, System access

     

     

    Released:    2008-05-07

     

     

     

     

     

    Debian has issued an update for kazehakase. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, and compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30106/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for blender

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-06

     

     

     

     

     

    Debian has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30097/

     

     

     

     

     

    --

     

     

     

     

     

    SIPp Two Buffer Overflow Vulnerabilities

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-05-06

     

     

     

     

     

    Two vulnerabilities have been reported in SIPp, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30095/

     

     

     

     

     

    --

     

     

     

     

     

    Online Rental Property Script "pid" SQL Injection

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Manipulation of data, Exposure of sensitive information

     

     

    Released:    2008-05-06

     

     

     

     

     

    M.Hasran Addahroni has reported a vulnerability in Online Rental Property Script, which can be exploited by malicious people to conduct SQL injection attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30090/

     

     

     

     

     

    --

     

     

     

     

     

    Ubuntu update for cups

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From local network

     

     

    Impact:      System access

     

     

    Released:    2008-05-06

     

     

     

     

     

    Ubuntu has issued an update for cups. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30078/

     

     

     

     

     

    --

     

     

     

     

     

    Sun Solaris TCP Implementation SYN Flood Denial of Service

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      DoS

     

     

    Released:    2008-05-08

     

     

     

     

     

    A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30131/

     

     

     

     

     

    --

     

     

     

     

     

    Sun Ray Server Software Kiosk Mode Vulnerability

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-08

     

     

     

     

     

    A vulnerability has been reported in Sun Ray Server Software, which can be exploited by malicious users to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30130/

     

     

     

     

     

    --

     

     

     

     

     

    ChiCoMaS "q" Cross-Site Scripting Vulnerability

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Cross Site Scripting

     

     

    Released:    2008-05-05

     

     

     

     

     

    Hadi Kiamarsi has discovered a vulnerability in ChiCoMaS, which can be exploited by malicious people to conduct cross site scripting attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30080/

     

     

     

     

     

    --

     

     

     

     

     

    Red Hat update for kernel

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From local network

     

     

    Impact:      Exposure of system information, Exposure of sensitive

     

     

    information, Privilege escalation, DoS

     

     

    Released:    2008-05-07

     

     

     

     

     

    Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), and by malicious, local users to cause a DoS, disclose potentially sensitive information, or gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30112/

     

     

     

     

     

    --

     

     

     

     

     

    Ubuntu update for ldm

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From local network

     

     

    Impact:      Exposure of system information, Exposure of sensitive

     

     

    information

     

     

    Released:    2008-05-07

     

     

     

     

     

    Ubuntu has issued an update for ldm. This fixes a security issue, which can be exploited by malicious people to disclose sensitive information.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30099/

     

     

     

     

     

    --

     

     

     

     

     

    HP-UX LDAP-UX Privilege Escalation Vulnerability

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Privilege escalation

     

     

    Released:    2008-05-08

     

     

     

     

     

    A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30132/

     

     

     

     

     

    --

     

     

     

     

     

    Red Hat update for kernel

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Exposure of system information, Exposure of sensitive

     

     

    information, Privilege escalation, DoS

     

     

    Released:    2008-05-07

     

     

     

     

     

    Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30116/

     

     

     

     

     

    --

     

     

     

     

     

    HP-UX update for Netscape Directory Server

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Privilege escalation

     

     

    Released:    2008-05-07

     

     

     

     

     

    HP-UX has issued an update for Netscape Directory Server (NDS). This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30114/

     

     

     

     

     

    --

     

     

     

     

     

    Ubuntu update for kdelibs

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Privilege escalation, DoS

     

     

    Released:    2008-05-07

     

     

     

     

     

    Ubuntu has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30113/

     

     

     

     

     

    --

     

     

     

     

     

    QEMU "drive_init()" Disk Format Security Bypass

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-08

     

     

     

     

     

    A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30111/

     

     

     

     

     

    --

     

     

     

     

     

    Red Hat update for kernel

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Exposure of sensitive information, Privilege escalation,

     

     

    DoS

     

     

    Released:    2008-05-07

     

     

     

     

     

    Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30110/

     

     

     

     

     

    --

     

     

     

     

     

    Ubuntu update for emacs

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Privilege escalation

     

     

    Released:    2008-05-07

     

     

     

     

     

    Ubuntu has issued an update for emacs. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30109/

     

     

     

     

     

    --

     

     

     

     

     

    Linux Kernel Multiple Vulnerabilities

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Privilege escalation, DoS

     

     

    Released:    2008-05-07

     

     

     

     

     

    Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially gain escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30108/

     

     

     

     

     

    --

     

     

     

     

     

    Sun Solaris SSH X11 Forwarding Vulnerability

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Exposure of sensitive information, Privilege escalation

     

     

    Released:    2008-05-07

     

     

     

     

     

    Sun has acknowledged a vulnerability in SSH included in Sun Solaris, which can be exploited by malicious, local users to disclose sensitive information or potentially perform actions with escalated privileges.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30086/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for b2evolution

     

     

     

     

     

    Critical:    Not critical

     

     

    Where:       From remote

     

     

    Impact:      Cross Site Scripting

     

     

    Released:    2008-05-06

     

     

     

     

     

    Debian has issued an update for b2evolution. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30093/

     

     

     

     

     

    --

     

     

     

     

     

    Linux Kernel "fcntl_setlk()" SMP Reordered Access Vulnerability

     

     

     

     

     

    Critical:    Not critical

     

     

    Where:       Local system

     

     

    Impact:      DoS

     

     

    Released:    2008-05-07

     

     

     

     

     

    A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30101/

     

     

     

     

     

    --

     

     

     

     

     

    rPath update for kernel

     

     

     

     

     

    Critical:    Not critical

     

     

    Where:       Local system

     

     

    Impact:      DoS

     

     

    Released:    2008-05-08

     

     

     

     

     

    rPath has issued an update for the kernel. This can be exploited by malicious, local users to cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30077/

     

     

     

     

     

    --

     

     

     

     

     

    VIRUS ALERTS:

     

     

     

     

     

    During the past week Secunia collected 167 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale.