Conectiva fixes image loading flaws in gdk-pixbuf library
Conectiva has fixed image loading vulnerabilities in versions 9 and 10 of the gdk-pixbuf library that could allow a specially crafted .bmp image to "hang applications in an infinite loop." According to the Conectiva advisory, researcher Chris Evans found a heap-based overflow and a stack-based overflow on gdk-pixbuf's .xpm loader and an integer overflow in its "ico" loader. All gdk-pixbuf and/or gtk+2 users are advised to upgrade their packages. Conectiva noted that all applications linked against gdk-pixbuf or gtk+2 must be restarted after the upgrade to close the vulnerabilities.
Gentoo reports phpMyAdmin vulnerability
Gentoo Linux recommends users upgrade to the latest version of phpMyAdmin to close a security hole in the Web-based MySQL administration tool's MIME-based transformation system. An attacker could use the vulnerability to remotely execute arbitrary commands if php's "safe mode" is disabled. "A defect was found in phpMyAdmin's MIME-based transformation system when used with external transformations," Gentoo's advisory said. "A remote attacker could exploit this vulnerability to execute arbitrary commands on the server with the rights of the HTTP server user." Enabling php safe mode ("safe_mode = On" in php.ini) may serve as a temporary workaround, but all users are advised to upgrade to the latest version.
Sun patches Solaris vulnerability
Sun Microsystems has patched a vulnerability in Solaris 8 and 9 on the SPARC and x86 platforms that malicious, local users could exploit to boost their privileges. On systems where the Lightweight Directory Access Protocol (LDAP) is used in conjunction with Role Based Access Control (RBAC), "unprivileged local users may have the ability to execute certain commands with 'superuser' (root) privileges," Sun said in an advisory. "To work around the described issue, configure the system to use 'local' files instead of LDAP for RBAC configuration. RBAC-related entries in the '/etc/nsswitch.conf' file should be modified as follows: auth_attr: files, prof_attr: files and user_attr: files. With this workaround, LDAP functionality will be disabled for the RBAC database and all RBAC-related data will be queried from 'local' files instead of through LDAP." Sun recommends users apply the patches to permanently solve the problem.
Debian fixes netkit-telnet-ssl flaw
Debian has fixed a vulnerability in the netkit-telnet server a remote attacker could use to cause a denial of service or launch malicious code. "[Researcher] Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer," Debian said in an advisory. "This causes the telnet server process to crash, leading to a straightforward denial of service… or possibly the execution of arbitrary code with the privileges of the telnetd process." For the stable distribution, called Woody, this problem has been fixed in version 0.17.17+0.1-2woody2. For the unstable distribution, called Sid, this problem has been fixed in version 0.17.24+0.1-4.
FBI probes major database breach
A university research system loaded with sensitive personal information on 1.4 million Californians participating in a state social program has been hacked, attracting the attention of the FBI. The database had the names, addresses, phone numbers, Social Security numbers and birth dates of everyone who provided or received care under California's In-Home Supportive Services program since 2001, Carlos Ramos, assistant secretary of the state's Health and Human Services Agency, told SecurityFocus. The program pays a modest hourly wage to workers who provide in-home care for hundreds of thousands of low-income elderly, blind and disabled people. Officials haven't determined if the intruder actually downloaded the database, which had been made available to researchers at the University of California, Berkeley under a confidentiality agreement. The agency recommends anyone who participated in the program since 2001 contact the three major credit reporting agencies to place a fraud alert on their credit profiles, and start monitoring their credit reports for signs of identity theft.
FAA to review air traffic control center computer security
The Federal Aviation Administration (FAA) will review computer security at air traffic control centers nationwide after a government audit found the systems unprepared for potential cyberattacks. Auditors found the FAA hadn't adequately secured computers running at the 20 "en route centers" that direct high-altitude traffic nationwide, according to SecurityFocus. "While having limited exposure to the general public, en route center computer systems need to be better protected," said the report, dated Oct. 1. The assessment comes from the Department of Transportation's Office of Inspector General, in a yearly cybersecurity review required of all federal agencies under the 2002 Federal Information Security Management Act (FISMA). The review covers all of the department's components, but singles out the FAA for special attention as custodian of the nation's air traffic control -- considered a "critical infrastructure" by presidential directive.
Mandrakesoft fixes Mozilla flaws
Mandrakesoft updates LibTiff
Mandrakesoft has updated LibTiff, fixing vulnerabilities an attacker could use to launch malicious code or cause a denial of service. The problems affect Corporate Server 2.x, Linux 9.x, Multi Network Firewall 8.x and Mandrakelinux 10.0. According to the advisory, researcher Chris Evans "discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution." Meanwhile, researcher Matthias Clasen "discovered a division by zero through an integer overflow" and researcher Dmitry V. Levin "discovered several integer overflows that caused malloc issues" that can result in a crash or memory corruption.