|
|
| Top White Papers
Current Newswire:
LBA-Linux Advisories: neon, libpng, utempter, kernel, mc, httpd, lha, xchat, et alMay 10, 2004, 18:29 (0 Talkback[s])LBA-Linux Security Advisory Subject: Updated neon package for LBA-Linux R1 Problem description: Neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. Multiple format string vulnerabilities in neon 0.24.4 and earlier, and the cadaver client which uses neon, as used in OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated libpng package for LBA-Linux R1 Problem description: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Steve Grubb discovered a out of bounds memory access flaw in libpng. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code. Users are advised to upgrade to these updated packages. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated utempter package for LBA-Linux R1 Problem description: Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink. Users should upgrade to this new version of utempter, which fixes this vulnerability. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated kernel package for LBA-Linux R1 Problem description: The Linux kernel handles the basic functions of the operating system. A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229) A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CAN-2004-0424) In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0229 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated mc package for LBA-Linux R1 Problem description: Midnight Commander (mc) is a visual shell much like a file manager. Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated httpd package for LBA-Linux R1 Problem description: The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0113 to this issue. Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated lha package for LBA-Linux R1 Problem description: LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0234 to this issue. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0235 to this issue. Users of LHA should update to this updated packages which contain backported patches not vulnerable to these issues. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated xchat package for LBA-Linux R1 Problem description: The SOCKS 5 proxy code in XChat is vulnerable to a remote
exploit. Users would have to be using XChat through a SOCKS 5
server, enable SOCKS 5 traversal which is disabled by default and
also connect to an attacker's custom proxy server. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0409 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated mysql package for LBA-Linux R1 Problem description: Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the root user. The Common Vulnerabilities and Exposures identifies the following problems: CAN-2004-0381 The script mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack. CAN-2004-0388 The script mysqld_multi in MySQL allows local users to overwrite arbitrary files via a symlink attack. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated ethereal package for LBA-Linux R1 Problem description: Ethereal is a program for monitoring network traffic. Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0176 to this issue. Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0365 to this issue. Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0367 to this issue. Users of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://www.ethereal.com/appnotes/enpa-sa-00013.html Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated sysklogd package for LBA-Linux R1 Problem description: Steve Grubb discovered a bug in sysklogd where it allocates an insufficient amount of memory which causes sysklogd to write to unallocated memory. This could allow for a malicious user to crash sysklogd. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120453 Copyright(c) 2001-2004 SOT LBA-Linux Security Advisory Subject: Updated cvs package for LBA-Linux R1 Problem description: CVS is a version control system frequently used to manage source
code repositories. Updated packages: LBA-Linux R1: i386: Upgrading your system: To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180 Copyright(c) 2001-2004 SOT
0 Talkback[s]
(click to add your comment)
|
