Debian has released bug fixes for lighttpd and gaim packages.

Gaim, a multi-protocol instant messaging client, was discovered to be vulnerable to several integer overflows in its MSN protocol handlers, allowing remote attackers to execute arbitrary code.

Lighttpd, a fast webserver with minimal memory footprint was discovered to have several local and remote vulnerabilities listed below:

1. lighttpd 1.4.18 and other versions before 1.5.0 do not properly calculate the size of a file descriptor array. This allows remote attackers to cause a denial of service by using large number of connections that will lead to a system crash.

2. connections.c in lighttpd before 1.4.16 might accept connections greater than the configured maximum. This allows remote attackers to cause a denial of service with a large number of connection attempts.

The updates fix the multiple Denial of Service (DOS)  issue in lighttpd and the execution of arbitrary code and buffer overflow problems in gaim.

Otto Moerbeek who works as an OpenBSD developer discovered and fixed a bug in OpenBSD that has been traced back to an AT&T version of Unix from 1975.

OpenBSD is a variant of the Berkeley Software Distribution (BSD), a widely used, open-source, Unix-like operating system. BSD’s variants include NetBSD, FreeBSD and OpenBSD which forms the basis of Apple’s Mac OS X Operating system. Moerbeek found the bug in yacc, a parser generator developed by Stephen C. Johnson at AT&T  that has been a standard part of Unix since the 1970s. He found the bug through the process of testing a new implementation of malloc, a general purpose memory allocator. A user informed him that compiling large C++ projects are sometimes failing on a Sparc64 hardware platform using the new malloc.

The new malloc was able to trigger the bug because its new features give it a better chance of catching buffer overflows, Moerbeek said. He noted that the bug is only triggered on Sparc64 systems.

“Funny thing is that I traced this back to Sixth Edition Unix, released in 1975,”  Moerbeek wrote  in a note describing the bug.

The latest bug, which affected the yacc parser generator, followed Marc Balmer’s discovery last May of a 25-year old flaw that exist in BSD variants and derivatives like Mac OS .

Red Hat issued software updates to fix 5 to 6 security vulnerabilities in various versions of Red Hat Linux distribution. These update has been rated as having important security impact and it is highly recommended that you upgrade (patch) your Red Hat system.

A flaw in Perl’s regular expression engine has been found. A specially crafted regular expression with Unicode characters could trigger a buffer overflow which can cause Perl to crash or execute arbitrary code with the privileges of the Linux user running Perl.

An input validation flaw was discovered in X.org’s Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service or execute arbitrary code with root privileges on the X.Org server.

How to patch your Red Hat Linux:

# yum update

HP admits that it has accidentally been selling USB flash drives pre-infected with malware. Dubbed the HP USB Floppy Drive Key, the device is a combination flash drive and compact floppy drive and is designed to work with various models of HP’s ProLiant Server line. HP sells two versions of the drive, one with 256MB capacity and the other with 1GB capacity. Since these are normal flash drives, they can also be used to other computers. The worms contained on the USB drives have been identified as W32.Fakerecy and W32.SillyFDC, which spread by copying themselves to removable or mapped drives and could allow an attacker to compromise an infected system running Windows 95/98/XP/Me/NT/2000.

If a compromised drive is plugged into a USB port on any machine on the network, the worms may spread “to any mapped drives on the server,” HP’s alert said.

Users are advised to disable the default autorun settings and make sure that virus protection is active and up-to-date.

A MacBook Air running fully-patched version of Leopard Operating System has been hacked in less than two minutes by security researcher Charlie Miller using a flaw in Safari at CanSecWest hacking security conference being held in Vancouver. The conference pitted hackers against three laptops running Vista Ultimate SP1, Leopard OS X 10.5.2 and Ubuntu 7.10 to discover which is the most vulnerable.

Miller used a technique similar to a phishing attack, which involved clicking a link to a website containing a malicious code, which allowed him to remotely access the MacBook Air running Leopard in less than two minutes. Miller, who has made a name for himself after hacking the iPhone gets to keep the MacBook Air and a £5,000 prize from Tipping Point, the contest sponsor who notified Apple of the flaw.

As of posting time, Vista and Ubuntu continue to stand firm and have yet to be compromised.

A vulnerability has been reported in Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error related to directory functions and can be exploited to crash an affected system via a sequence of system calls or commands issued in a specific manner.

The vulnerability is reported in Solaris 8 for both the SPARC and x86 platforms and the only solution is to apply patches below:

Solaris 8 for SPARC Platform patch:
http://sunsolve.sun.com/search/docume…setkey=urn:cds:docid:1-21-117350-53-1

Solaris 8 for x86 Platform patch:
http://sunsolve.sun.com/search/docume…setkey=urn:cds:docid:1-21-117351-53-1