Product : Fedora Core 2
Name : exim
Version : 4.43
Release : 1.FC2.1
Summary : The exim mail transfer agent
Description :
Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. In style
it is similar to Smail 3, but its facilities are more extensive, and
in particular it has options for verifying incoming sender and
recipient addresses, for refusing mail from specified hosts, networks,
or senders, and for controlling mail relaying. Exim is in production
use at quite a few sites, some of which move hundreds of thousands of
messages per day.
Exiscan is compiled in to allow inbuilt scanning capability. See
This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has assigned the names CAN-2005-0021 and CAN-2005-0022 to these, respectively.
The function host_aton() can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components.
The second report described a buffer overflow in the function
spa_base64_to_bits(), which is part of the code for SPA authentication. This
code originated in the Samba project. The overflow can be exploited only if
you are using SPA authentication.
Product : Fedora Core 3
Name : exim
Version : 4.43
Release : 1.FC3.1
Summary : The exim mail transfer agent
Description :
Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. In style
it is similar to Smail 3, but its facilities are more extensive, and
in particular it has options for verifying incoming sender and
recipient addresses, for refusing mail from specified hosts, networks,
or senders, and for controlling mail relaying. Exim is in production
use at quite a few sites, some of which move hundreds of thousands of
messages per day.
Exiscan is compiled in to allow inbuilt scanning capability. See
This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has assigned the names CAN-2005-0021 and CAN-2005-0022 to these, respectively.
The function host_aton() can overflow a buffer if it is presented with an
illegal IPv6 address that has more than 8 components.
The second report described a buffer overflow in the function
spa_base64_to_bits(), which is part of the code for SPA authentication. This
code originated in the Samba project. The overflow can be exploited only if
you are using SPA authentication.
Product : Fedora Core 2
Name : tetex
Version : 2.0.2
Release : 14FC2.1
Summary : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.
Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.
Update Information:
The updated tetex package fixes a buffer overflow which allows attackers
to cause the internal xpdf library used by applications in tetex to
crash, and possibly to execute arbitrary code. The Common Vulnerabilities
and Exposures projects (cve.mitre.org/) has assigned the name CAN-2004-1125
to this issue.
Product : Fedora Core 3
Name : tetex
Version : 2.0.2
Release : 21.2
Summary : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very
user-friendly.
Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.
Update Information:
The updated tetex package fixes a buffer overflow which allows attackers
to cause the internal xpdf library used by applications in tetex to
crash, and possibly to execute arbitrary code. The Common Vulnerabilities
and Exposures projects (cve.mitre.org/) has assigned the name CAN-2004-1125
to this issue.
Package : namazu2
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1318
A cross-site scripting vulnerability has been discovered in namazu2, a
full text search engine. An attacker could prepare specially crafted
input that would not be sanitised by namazu2 and hence displayed
verbatim for the victim.
For the stable distribution (woody) this problem has been fixed in
version 2.0.10-1woody3.
For the unstable distribution (sid) this problem has been fixed in
version 2.0.14-1.
We recommend that you upgrade your namazu2 package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : imlib2
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1026
Pavel Kankovsky discovered that several overflows found in the libXpm
library were also present in imlib and imlib2, imaging libraries for
X11. An attacker could create a carefully crafted image file in such
a way that it could cause an application linked with imlib or imlib2
to execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CAN-2004-1025
Multiple heap-based buffer overflows. No such code is present in
imlib2.
CAN-2004-1026
Multiple integer overflows in the imlib library.
For the stable distribution (woody) these problems have been fixed in
version 1.0.5-2woody2.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your imlib2 packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Ariel Berkman discovered that Vilistextum unsafely reads data into an
array without checking the length. This code vulnerability may lead to
a buffer overflow.
A remote attacker could craft a malicious webpage which, when
converted, would result in the execution of arbitrary code with the
rights of the user running Vilistextum.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
An attacker could entice a user to open or browse a specially-crafted
image file, potentially resulting in the execution of arbitrary code
with the rights of the user running xzgv.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
These vulnerabilities could allow an attacker to perform cross-site
scripting attacks, execute SQL queries, and disclose the full path of
the web directory.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Ariel Berkman discovered that xine-lib reads specific input data into
an array without checking the input size in demux_aiff.c, making it
vulnerable to a buffer overflow (CAN-2004-1300) . iDefense discovered
that the PNA_TAG handling code in pnm_get_chunk() does not check if the
input size is larger than the buffer size (CAN-2004-1187). iDefense
also discovered that in this same function, a negative value could be
given to an unsigned variable that specifies the read length of input
data (CAN-2004-1188).
A remote attacker could craft a malicious movie or convince a targeted
user to connect to a malicious PNM server, which could result in the
execution of arbitrary code with the rights of the user running any
xine-lib frontend.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
An integer overflow has been found in the TIFF library image decoding
routines and the tiffdump utility, potentially allowing arbitrary code
execution.
The TIFF library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME
and KDE applications, to interpret TIFF images.
infamous41md found a potential integer overflow in the directory entry
count routines of the TIFF library (CAN-2004-1308). Dmitry V. Levin
found another similar issue in the tiffdump utility (CAN-2004-1183).
A remote attacker could entice a user to view a carefully crafted TIFF
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the TIFF library, including many web browsers or mail
readers.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Package name: libtiff
Advisory ID: MDKSA-2005:001
Date: January 6th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
Problem Description:
Several vulnerabilities have been discovered in the libtiff package:
iDefense reported the possibility of remote exploitation of an integer
overflow in libtiff that may allow for the execution of arbitrary code.
The overflow occurs in the parsing of TIFF files set with the
STRIPOFFSETS flag.
iDefense also reported a heap-based buffer overflow vulnerability
within the LibTIFF package could allow attackers to execute arbitrary
code. (CAN-2004-1308)
The vulnerability specifically exists due to insufficient validation of
user-supplied data when calculating the size of a directory entry.
The updated packages a re patched to protect against these
vulnerabilities.
Several vulnerabilities have been discovered in the libtiff package;
wxGTK2 uses a libtiff code tree, so it may have the same
vulnerabilities:
iDefense reported the possibility of remote exploitation of an integer
overflow in libtiff that may allow for the execution of arbitrary code.
The overflow occurs in the parsing of TIFF files set with the
STRIPOFFSETS flag.
iDefense also reported a heap-based buffer overflow vulnerability
within the LibTIFF package could allow attackers to execute arbitrary
code. (CAN-2004-1308)
The vulnerability specifically exists due to insufficient validation of
user-supplied data when calculating the size of a directory entry.
The updated packages are patched to protect against these
vulnerabilities.
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
Mandrakelinux Security Update Advisory
Package name: vim
Advisory ID: MDKSA-2005:003
Date: January 6th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
Problem Description:
Several "modeline"-related vulnerabilities were discovered in Vim by
Ciaran McCreesh. The updated packages have been patched with Bram
Moolenaar's vim 6.3.045 patch which fixes the reported vulnerabilities
and adds more conservative "modeline" rights.
A buffer overflow in nasm was discovered by Jonathan Rockway. This
vulnerability could lead to the execution of arbitrary code when
compiling a malicious assembler source file.
The updated packages are patched to correct the problem.
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
Conectiva Linux
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : samba
SUMMARY : Fixes for Samba vulnerabilities
DATE : 2005-01-06 17:10:00
ID : CLA-2005:913
RELEVANT RELEASES : 9, 10
DESCRIPTION
Samba[1] provides SMB/CIFS services (such as file and printer
sharing) used by clients compatible with Microsoft Windows(TM).
Remote exploitation of an integer overflow vulnerability[2] in the
smbd daemon could allow an attacker to cause controllable heap
corruption, leading to execution of arbitrary commands with root
privileges.
In order to exploit this vulnerability an attacker must possess
credentials that allow access to a share on the Samba server.
Unsuccessful exploitation attempts will cause the process serving the
request to crash with signal 11, and may leave evidence of an attack
in logs.
SOLUTION
It is recommended that all Samba users upgrade their packages. This
update will automatically restart the service if it is already
running.
