imlib2
A number of
flaws were found in imlib2. After some analysis I found that these flaws are not present in the imlib code, only imlib2. I've noticed that most image loaders do a rather poor job of verifying the data passed into them from the images loaded. Luckily, they're also getting better at fixing these flaws.
Firefox and Friends
The Mozilla project released new versions of Firefox and Thunderbird on Tuesday. This is always a busy time around Red Hat as we have to update Firefox, Thunderbird, and Seamonkey. They all take quite some time to build and QA properly. While I have no impirical data to back up this statement, it seems like the Mozilla project updates are getting less severe with each update.
Most of these flaws can be blocked if you install a plugin such as
NoScript which can be configured to only run JavaScript from trusted sites. It's always important to keep in mind that this isn't completely foolproof as many sites will import content from third parties (advertisers for example). It should be noted that NoScript doesn't stop the HTML layout bugs, which can be triggered by nothing more than a web page.
OpenSSH
A rather interesting OpenSSH security update was released this week. OpenSSH 4.5 was released with the changelog claiming to fix this:
* Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authentication. This bug is not known to
be exploitable in the absence of additional vulnerabilities.
The truly interesting bit of this fix is that while it's called a security issue, it's not exploitable. The unique thing is that while this issue alone shouldn't even be considered a security issue, but it would be a critical flaw if an "additional vulnerability" is found.
When OpenSSH is run in privileged separation mode, there are two processes at work, one process is privileged, the other is not, with the intention being that since user interaction happens against the unprivileged process, a vulnerability in sshd won't give up root. This flaw is the result of the two processes getting out of sync, where the privileged process thinks authentication was successful, while the unprivileged process knows it wasn't. Luckily the unprivileged process causes both to exit after authentication fails. If there was a way to cause the unprivileged process not to exit, it's possible that a remote attacker could gain unauthenticated access to the machine. This is of course completely theoretical, but given the potential, it's worth fixing.
Red Hat Enterprise Linux OVAL Support
Red Hat now
publishes OVAL definitions via Red Hat Network with each security update. The Open Vulnerability and Assessment Language (OVAL) provides a standardized language to describe a security vulnerability and how it may affect a given machine. This means that it is possible to feed the Red Hat provided OVAL definitions into an OVAL parser, which will tell you which particular vulnerabilities your machine is affected by.
