|
|
| Top White Papers
Current Newswire:
SOT Linux Advisory: gdm2, perlAug 28, 2003, 15:51 (0 Talkback[s])[ Thanks to SOT Security Team for these advisories. ] SOT Linux Security Advisory
1. Problem description GDM is the GNOME Display Manager for X. Versions of GDM prior to 2.4.1.6 contain a bug where GDM will run as root when examining the ~/.xsession-errors file when using the "examine session errors" feature, allowing local users the ability to read any text file on the system by creating a symlink. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0547 to this issue. Also addressed by these erratum packages are two problems in the X Display Manager Control Protocol (XDMCP) which allow a denial of service attack (DoS) by crashing the gdm daemon. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2003-0548 and CAN-2003-0549 to these issues. Users of GDM are advised to upgrade to these erratum packages. 2. Updated packages SOT Linux 2003 Desktop: i386: SRPMS: SOT Linux 2003 Server: i386: SRPMS: 3. Upgrading package Before applying this update, make sure all previously released errata relevant to your system have been applied. Use up2date to automatically upgrade the fixed packages. If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux Update the package with the following command: rpm -Uvh <filename> 4. Verification All packages are PGP signed by SOT for security. You can verify each package with the following command: rpm --checksig <filename> If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below. Package Name MD5 sum 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0547 Copyright(c) 2001-2003 SOT SOT Linux Security Advisory
1. Problem description Perl is a high-level interpreted programming language well known for its flexibility and ability to work with text streams. obscure@eyeonsecurity.org reported a cross site scripting vulnerability in the CGI.pm perl module. This module is used to facilitate the creation of web forms and is part of the perl-modules RPM package. It is recommended that all users of the CGI.pm module upgrade their packages. 2. Updated packages SOT Linux 2003 Desktop: i386: SRPMS: SOT Linux 2003 Server: i386: SRPMS: 3. Upgrading package Before applying this update, make sure all previously released errata relevant to your system have been applied. Use up2date to automatically upgrade the fixed packages. If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux Update the package with the following command: rpm -Uvh <filename> 4. Verification All packages are PGP signed by SOT for security. You can verify each package with the following command: rpm --checksig <filename> If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below. Package Name MD5 sum 5. References http://eyeonsecurity.org/advisories/CGI.pm/adv.html Copyright(c) 2001-2003 SOT
0 Talkback[s]
(click to add your comment)
|
