LANDesk Patch News Bulletin: Security Update Report for Week Ending 30 May 2008

Version 1

     

    *_Security Update for the Week Ending_ *30* May 2008*

     

     

     

     

     

    Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

     

     

     

     

     

    The vulnerabilities include:

     

     

     

     

     

    - An error in AFP server

     

     

    - Various vulnerabilities in Apache (for Mac OS X Server v10.4.x)

     

     

    - An unspecified error in AppKit

     

     

    - Multiple unspecified errors in the processing of Pixlet video files

     

     

    - An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files

     

     

    - An error in Safari's SSL client certificate handling

     

     

    - An integer overflow exists in CoreFoundation when handling CFData objects

     

     

    - An error due to an uninitialised variable in CoreGraphics

     

     

    - A weakness due to users not being warned before opening certain potentially unsafe content types

     

     

    - An error when printing to password-protected printers with debug logging enabled

     

     

    - Various vulnerabilities in Adobe Flash Player

     

     

    - An integer underflow error in Help Viewer when handling help:topic URLs

     

     

    - A conversion error exists in ICU when handling certain character encodings

     

     

    - Unspecified parameters in Image Capture's embedded web server not being properly sanitised before use

     

     

    - An error in the handling of temporary files in Image Capture

     

     

    - A boundary error in the BMP and GIF image decoding engine in ImageIO

     

     

    - Various vulnerabilities in ImageIO due to the use of vulnerable libpng code

     

     

    - An integer overflow error in ImageIO within the processing of JPEG2000 images

     

     

    - An error in Mail is caused due to an uninitialised variable

     

     

    - A vulnerability in Mongrel

     

     

    - A weakness in the sso_util command-line tool

     

     

    - An error in Wiki Server

     

     

    - A vulnerability in Apple iCal

     

     

    - A vulnerability due to an error in the handling of return values of "hashes()" in the "cs_validate_page()" function when processing signed Mach-O binaries

     

     

    - A vulnerability due to an error within the "ipcomp6_input()" function in bsd/netinet6/ipcomp_input.c when processing packets with an IPComp header

     

     

     

     

     

    For more information, refer to:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30430/

     

     

     

     

     

     

     

     

    UNIX/Linux:--

     

     

     

     

     

    Slackware update for samba

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    Slackware has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30442/

     

     

     

     

     

    --

     

     

     

     

     

    rPath update for evolution

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    rPath has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30437/

     

     

     

     

     

    --

     

     

     

     

     

    Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, Cross Site Scripting, Exposure of system

     

     

    information, Exposure of sensitive information, Privilege escalation, DoS, System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30430/

     

     

     

     

     

    --

     

     

     

     

     

    imlib2 PNM and XPM Buffer Overflow Vulnerabilities

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    Secunia Research has discovered two vulnerabilities in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30401/

     

     

     

     

     

    --

     

     

     

     

     

    Red Hat update for samba

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-28

     

     

     

     

     

    Red Hat has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30385/

     

     

     

     

     

    --

     

     

     

     

     

    Slackware update for mozilla-thunderbird

     

     

     

     

     

    Critical:    Highly critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, Cross Site Scripting, System access

     

     

    Released:    2008-05-26

     

     

     

     

     

    Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30370/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for cbrpager

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    Fedora has issued an update for cbrpager. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30438/

     

     

     

     

     

    --

     

     

     

     

     

    cbrPager Archive Handling Arbitrary Command Execution

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    A vulnerability has been reported in cbrPager, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30417/

     

     

     

     

     

    --

     

     

     

     

     

    rPath update for php

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-28

     

     

     

     

     

    rPath has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious users to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30411/

     

     

     

     

     

    --

     

     

     

     

     

    spamdyke "smtp_filter()" DATA Command Relay Vulnerability

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-28

     

     

     

     

     

    A vulnerability has been reported in spamdyke, which can be exploited by malicious people to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30408/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for libpng10

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Exposure of sensitive information, DoS, System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    Fedora has issued an update for libpng10. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30402/

     

     

     

     

     

    --

     

     

     

     

     

    phpFix Two SQL Injection Vulnerabilities

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Manipulation of data, Exposure of sensitive information

     

     

    Released:    2008-05-27

     

     

     

     

     

    unohope has reported two vulnerabilities in phpFix, which can be exploited by malicious people to conduct SQL injection attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30397/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for libxslt

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      DoS, System access

     

     

    Released:    2008-05-29

     

     

     

     

     

    Debian has issued an update for libxslt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of

     

     

    Service) and potentially to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30393/

     

     

     

     

     

    --

     

     

     

     

     

    CKGold "category_id" SQL Injection Vulnerability

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Manipulation of data

     

     

    Released:    2008-05-28

     

     

     

     

     

    Cr@zy_King has discovered a vulnerability in CKGold, which can be exploited by malicious people to conduct SQL injection attacks.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30392/

     

     

     

     

     

    --

     

     

     

     

     

    Slackware update for php

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Unknown, Security Bypass, DoS, System access

     

     

    Released:    2008-05-26

     

     

     

     

     

    Slackware has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30387/

     

     

     

     

     

    --

     

     

     

     

     

    Slackware update for rdesktop

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      System access

     

     

    Released:    2008-05-28

     

     

     

     

     

    Slackware has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30380/

     

     

     

     

     

    --

     

     

     

     

     

    Debian update for linux-2.6

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass, DoS

     

     

    Released:    2008-05-28

     

     

     

     

     

    Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of service), and by malicious people to potentially cause a DoS.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30368/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for kvm

     

     

     

     

     

    Critical:    Moderately critical

     

     

    Where:       Local system

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-29

     

     

     

     

     

    Fedora has issued an update for kvm. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service).

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30413/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for stunnel

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-29

     

     

     

     

     

    Fedora has issued an update for stunnel. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30425/

     

     

     

     

     

    --

     

     

     

     

     

    libpam-pgsql Authentication Bypass Security Issue

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       From remote

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-26

     

     

     

     

     

    A security issue has been reported in libpam-pgsql, which can be exploited by malicious people to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30391/

     

     

     

     

     

    --

     

     

     

     

     

    Fedora update for system-config-network

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Security Bypass

     

     

    Released:    2008-05-29

     

     

     

     

     

    Fedora has issued an update for system-config-network. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30399/

     

     

     

     

     

    --

     

     

     

     

     

    SaraB Disclosure of DAR Encryption Ciphers

     

     

     

     

     

    Critical:    Less critical

     

     

    Where:       Local system

     

     

    Impact:      Exposure of sensitive information

     

     

    Released:    2008-05-26

     

     

     

     

     

    A security issue has been reported in SaraB, which can be exploited by malicious, local users to disclose sensitive information.

     

     

     

     

     

    Full Advisory:

     

     

    https://email.landesk.com/exchweb/bin/redir.asp?URL=http://secunia.com/advisories/30394/

     

     

     

     

     

    --

     

     

    During the past week Secunia collected 33 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale.