The remote host is missing Sun Security Patch number 137872-01
(SunOS 5.10_x86: tk patch).

Date this patch was last updated by Sun : Mon May 05 19:51:10 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-137872-01-1
Risk factor : High

The remote host is missing Sun Security Patch number 137094-01
(SunOS 5.10_x86: logindevperm patch).

Date this patch was last updated by Sun : Tue May 13 10:51:49 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-137094-01-1
Risk factor : High

The remote host is missing Sun Security Patch number 137033-01
(SunOS 5.10_x86: namefs patch).

Date this patch was last updated by Sun : Wed May 14 08:24:26 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-137033-01-1
Risk factor : High

The remote host is missing Sun Security Patch number 127854-02
(SunOS 5.10_x86: sad driver patch).

Date this patch was last updated by Sun : Fri May 16 08:29:26 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-127854-02-1
Risk factor : High

The remote host is missing Sun Security Patch number 120831-06
(SunOS 5.10_x86: vi and ex patch).

Date this patch was last updated by Sun : Thu May 15 08:32:41 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-120831-06-1
Risk factor : High

The remote host is missing Sun Security Patch number 137871-01
(SunOS 5.10: tk patch).

Date this patch was last updated by Sun : Mon May 05 19:51:53 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-137871-01-1
Risk factor : High

The remote host is missing Sun Security Patch number 137093-01
(SunOS 5.10: logindevperm patch).

Date this patch was last updated by Sun : Tue May 13 10:51:03 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-137093-01-1
Risk factor : High

The remote host is missing Sun Security Patch number 137032-01
(SunOS 5.10: namefs patch).

Date this patch was last updated by Sun : Wed May 14 08:23:22 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-137032-01-1
Risk factor : High

The remote host is missing Sun Security Patch number 127853-02
(SunOS 5.10: sad driver patch).

Date this patch was last updated by Sun : Fri May 16 08:27:54 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-127853-02-1
Risk factor : High

The remote host is missing Sun Security Patch number 120830-06
(SunOS 5.10: vi and ex patch).

Date this patch was last updated by Sun : Thu May 15 08:29:56 MDT 2008

You should install this patch for your system to be up-to-date.

Solution : http://sunsolve.sun.com/search/document.do?assetkey=1-21-120830-06-1
Risk factor : High

Synopsis :

These remote packages are missing security patches :
- openssl-blacklist
- openvpn


Description :

USN-612-3 addressed a weakness in OpenSSL certificate and keys
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS and multi-client/server which caused OpenVPN to not start
when using valid SSL certificates.

It was also found that openssl-vulnkey from openssl-blacklist
would fail when stderr was not available. This caused OpenVPN to
fail to start when used with applications such as NetworkManager.

This update fixes these problems. We apologize for the
inconvenience.

Original advisory details:

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

Solution :

Upgrade to :
- openssl-blacklist-0.1-0ubuntu0.8.04.2 (Ubuntu 8.04)
- openvpn-2.0.9-8ubuntu0.2 (Ubuntu 7.10)



Risk factor : High

Synopsis :

These remote packages are missing security patches :
- openssh-client
- openssh-server
- ssh
- ssh-askpass-gnome
- ssh-krb5


Description :

Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys
with options (such as "no-port-forwarding" or forced commands) were
ignored by the new ssh-vulnkey tool introduced in OpenSSH (see
USN-612-2). This could cause some compromised keys not to be
listed in ssh-vulnkey's output.

This update also adds more information to ssh-vulnkey's manual page.

Original advisory details:

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

Solution :

Upgrade to :
- openssh-client-4.7p1-8ubuntu1.2 (Ubuntu 8.04)
- openssh-server-4.7p1-8ubuntu1.2 (Ubuntu 8.04)
- ssh-4.7p1-8ubuntu1.2 (Ubuntu 8.04)
- ssh-askpass-gnome-4.7p1-8ubuntu1.2 (Ubuntu 8.04)
- ssh-krb5-4.7p1-8ubuntu1.2 (Ubuntu 8.04)



Risk factor : High

Synopsis :

The remote package "ssl-cert" is missing a security patch.

Description :

USN-612-1 fixed vulnerabilities in openssl. This update provides the
corresponding updates for ssl-cert -- potentially compromised snake-oil
SSL certificates will be regenerated.

Original advisory details:

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.

This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems. (CVE-2008-0166)

== Who is affected ==

Systems which are running any of the following r
[...]

Solution :

Upgrade to :
- ssl-cert-1.0.14-0ubuntu2.1 (Ubuntu 8.04)



Risk factor : High

Synopsis :

The remote package "openvpn" is missing a security patch.

Description :

Once the update is applied, weak shared encryption keys and
SSL/TLS certificates will be rejected where possible (though
they cannot be detected in all cases). If you are using such
keys or certificates, OpenVPN will not start and the keys or
certificates will need to be regenerated.

The safest course of action is to regenerate all OpenVPN
certificates and key files, except where it can be established
to a high degree of certainty that the certificate or shared key
was generated on an unaffected system.

Once the update is applied, you can check for weak OpenVPN shared
secret keys with the openvpn-vulnkey command.

$ openvpn-vulnkey /path/to/key

OpenVPN shared keys can be regenerated using the openvpn command.

$ openvpn --genkey --secret <file>

Additionally, you can check for weak SSL/TLS certificates by
installing openssl-blacklist via your package manager, and using
the openssl-vulkey command.

$ openssl-vulnkey /path/to/key

Please note that openss
[...]

Solution :

Upgrade to :
- openvpn-2.0.9-8ubuntu0.1 (Ubuntu 7.10)



Risk factor : High

Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 2.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.

Will Drewry of the Google Security Team reported several flaws in the way
libvorbis processed audio data. An attacker could create a carefully
crafted OGG audio file in such a way that it could cause an application
linked with libvorbis to crash, or execute arbitrary code when it was
opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009)

Moreover, additional OGG file sanity-checks have been added to prevent
possible exploitation of similar issues in the future.

Users of libvorbis are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.




Solution : http://rhn.redhat.com/errata/RHSA-2008-0271.html
Risk factor : High

Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.

Will Drewry of the Google Security Team reported several flaws in the way
libvorbis processed audio data. An attacker could create a carefully
crafted OGG audio file in such a way that it could cause an application
linked with libvorbis to crash, or execute arbitrary code when it was
opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423)

Moreover, additional OGG file sanity-checks have been added to prevent
possible exploitation of similar issues in the future.

Users of libvorbis are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.




Solution : http://rhn.redhat.com/errata/RHSA-2008-0270.html
Risk factor : High

Updated xen packages that fix several security issues and a bug are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The xen packages contain tools for managing the virtual machine monitor in
Red Hat Virtualization.

These updated packages fix the following security issues:

Daniel P. Berrange discovered that the hypervisor's para-virtualized
framebuffer (PVFB) backend failed to validate the format of messages
serving to update the contents of the framebuffer. This could allow a
malicious user to cause a denial of service, or compromise the privileged
domain (Dom0). (CVE-2008-1944)

Markus Armbruster discovered that the hypervisor's para-virtualized
framebuffer (PVFB) backend failed to validate the frontend's framebuffer
description. This could allow a malicious user to cause a denial of
service, or to use a specially crafted frontend to compromise the
privileged domain (Dom0). (CVE-2008-1943)

Chris Wright discovered a security vulnerability in the QEMU block format
auto-detection, when running fully-virtualized guests. Such
fully-virtualized guests, with a raw formatted disk image, were able
to write a header to that disk image describing another format. This could
allow such guests to read arbitrary files in their hypervisor's host.
(CVE-2008-2004)

Ian Jackson discovered a security vulnerability in the QEMU block device
drivers backend. A guest operating system could issue a block device
request and read or write arbitrary memory locations, which could lead to
privilege escalation. (CVE-2008-0928)

Tavis Ormandy found that QEMU did not perform adequate sanity-checking of
data received via the "net socket listen" option. A malicious local
administrator of a guest domain could trigger this flaw to potentially
execute arbitrary code outside of the domain. (CVE-2007-5730)

Steve Kemp discovered that the xenbaked daemon and the XenMon utility
communicated via an insecure temporary file. A malicious local
administrator of a guest domain could perform a symbolic link attack,
causing arbitrary files to be truncated. (CVE-2007-3919)

As well, in the previous xen packages, it was possible for Dom0 to fail to
flush data from a fully-virtualized guest to disk, even if the guest
explicitly requested the flush. This could cause data integrity problems on
the guest. In these updated packages, Dom0 always respects the request to
flush to disk.

Users of xen are advised to upgrade to these updated packages, which
resolve these issues.




Solution : http://rhn.redhat.com/errata/RHSA-2008-0194.html
Risk factor : High

The remote host is affected by the vulnerability described in GLSA-200805-16
(OpenOffice.org: Multiple vulnerabilities)


iDefense Labs reported multiple vulnerabilities in OpenOffice.org:
multiple heap-based buffer overflows when parsing the "Attribute" and
"Font" Description records of Quattro Pro (QPRO) files
(CVE-2007-5745),
an integer overflow when parsing the EMR_STRETCHBLT record of an EMF
file, resulting in a heap-based buffer overflow (CVE-2007-5746),
an integer underflow when parsing Quattro Pro (QPRO) files, resulting
in an excessive loop and a stack-based buffer overflow
(CVE-2007-5747),
and a heap-based buffer overflow when parsing the
"DocumentSummaryInformation" stream in an OLE file (CVE-2008-0320).
Furthermore, Will Drewry (Google Security) reported vulnerabilities in
the memory management of the International Components for Unicode
(CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20.
However, the binary version of OpenOffice.org uses an internal copy of
said library.

Impact

A remote attacker could entice a user to open a specially crafted
document, possibly resulting in the remote execution of arbitrary code
with the privileges of the user running OpenOffice.org.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320
http://www.gentoo.org/security/en/glsa/glsa-200803-20.xml


Solution:
All OpenOffice.org users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.0"
All OpenOffice.org binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.0"


Risk factor : Medium