Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


LBA-Linux Advisories: neon, libpng, utempter, kernel, mc, httpd, lha, xchat, et al

May 10, 2004, 18:29 (0 Talkback[s])

LBA-Linux Security Advisory

Subject: Updated neon package for LBA-Linux R1
Advisory ID: LBASA-2004:12
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

Neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented.

Multiple format string vulnerabilities in neon 0.24.4 and earlier, and the cadaver client which uses neon, as used in OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/neon-0.24.5-2.lba.1.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/neon-devel-0.24.5-2.lba.1.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named neon to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated libpng package for LBA-Linux R1
Advisory ID: LBASA-2004:6
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.

Steve Grubb discovered a out of bounds memory access flaw in libpng. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code.

Users are advised to upgrade to these updated packages.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/libpng-1.2.2-19.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/libpng-devel-1.2.2-19.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/libpng10-1.0.13-10.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/libpng10-devel-1.0.13-10.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named libpng to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated utempter package for LBA-Linux R1
Advisory ID: LBASA-2004:7
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges.

Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink.

Users should upgrade to this new version of utempter, which fixes this vulnerability.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/utempter-0.5.4-1.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named utempter to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated kernel package for LBA-Linux R1
Advisory ID: LBASA-2004:8
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

The Linux kernel handles the basic functions of the operating system.

A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229)

A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CAN-2004-0424)

In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels.

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-2.6.3-2.1.253.lba.2.i586.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-2.6.3-2.1.253.lba.2.i686.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-doc-2.6.3-2.1.253.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-smp-2.6.3-2.1.253.lba.2.i586.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-smp-2.6.3-2.1.253.lba.2.i686.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/kernel-source-2.6.3-2.1.253.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named kernel to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated mc package for LBA-Linux R1
Advisory ID: LBASA-2004:2
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

Midnight Commander (mc) is a visual shell much like a file manager.

Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mc-4.6.0-10.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named mc to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated httpd package for LBA-Linux R1
Advisory ID: LBASA-2004:9
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0113 to this issue.

Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mod_ssl-2.0.48-16.lba.6.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-2.0.48-16.lba.6.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-devel-2.0.48-16.lba.6.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/httpd-manual-2.0.48-16.lba.6.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named httpd to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113
http://www.apacheweek.com/features/security-20
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated lha package for LBA-Linux R1
Advisory ID: LBASA-2004:10
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

LHA is an archiving and compression utility for LHarc format archives.

Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0234 to this issue. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0235 to this issue.

Users of LHA should update to this updated packages which contain backported patches not vulnerable to these issues.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/lha-1.14i-13.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named lha to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated xchat package for LBA-Linux R1
Advisory ID: LBASA-2004:3
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server.
This vulnerability may allow an attacker to run arbitrary code within the context of the user ID of the XChat client.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/xchat-2.0.7-3.lba.5.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named xchat to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0409

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated mysql package for LBA-Linux R1
Advisory ID: LBASA-2004:4
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the root user. The Common Vulnerabilities and Exposures identifies the following problems:

CAN-2004-0381

The script mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack.

CAN-2004-0388

The script mysqld_multi in MySQL allows local users to overwrite arbitrary files via a symlink attack.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mysql-3.23.58-7.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mysql-bench-3.23.58-7.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mysql-server-3.23.58-7.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/mysql-devel-3.23.58-7.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named mysql to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated ethereal package for LBA-Linux R1
Advisory ID: LBASA-2004:11
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

Ethereal is a program for monitoring network traffic.

Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0176 to this issue.

Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0365 to this issue.

Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0367 to this issue.

Users of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/ethereal-0.10.3-2.lba.1.i386.rpm
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/ethereal-gnome-0.10.3-2.lba.1.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named ethereal to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://www.ethereal.com/appnotes/enpa-sa-00013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated sysklogd package for LBA-Linux R1
Advisory ID: LBASA-2004:5
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

Steve Grubb discovered a bug in sysklogd where it allocates an insufficient amount of memory which causes sysklogd to write to unallocated memory. This could allow for a malicious user to crash sysklogd.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/sysklogd-1.4.1-13.1.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named _SA_PACKAGE_ to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120453

Copyright(c) 2001-2004 SOT


LBA-Linux Security Advisory

Subject: Updated cvs package for LBA-Linux R1
Advisory ID: LBASA-2004:1
Date: Monday, May 10, 2004
Product: LBA-Linux R1


Problem description:

CVS is a version control system frequently used to manage source code repositories.
Sebastian Krahmer discovered a flaw in CVS clients where rcs diff files can create files with absolute pathnames. An attacker could create a fake malicious CVS server that would cause arbitrary files to be created or overwritten when a victim connects to it. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0180 to this issue.
Users of CVS are advised to upgrade to these erratum packages, which contain a patch correcting this issue.

Updated packages:

LBA-Linux R1:

i386:
ftp://ftp.sot.com/lba-linux_r1/apt/RPMS.updates/cvs-1.11.11-2.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click the REFRESH button on Updater's main toolbar. Updater will download a list of upgradable packages.
  4. Click on the item named to highlight it.
  5. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action. 6 Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180

Copyright(c) 2001-2004 SOT