|
 |
Debian GNU/Linux
Debian Security Advisory DSA 674-2 security@debian.org
Package : mailman Due to an error the last mailman update was slightly broken and had to be corrected. This advisory only updates the packages updated with DSA 674-1. For completeness below is the original advisory text: Two security related problems have been discovered in mailman, web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-1177 Florian Weimer discovered a cross-site scripting vulnerability in mailman's automatically generated error messages. An attacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page that would include the malicious code verbatim. CAN-2005-0202 Several listmasters have noticed unauthorised access to archives of private lists and the list configuration itself, including the users passwords. Administrators are advised to check the webserver logfiles for requests that contain "/...../" and the path to the archives or cofiguration. This does only seem to affect installations running on web servers that do not strip slashes, such as Apache 1.3. For the stable distribution (woody) these problems have been fixed in version 2.0.11-1woody10. For the unstable distribution (sid) these problems have been fixed in version 2.1.5-6. We recommend that you upgrade your mailman package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody10_sparc.deb These files will probably be moved into the stable distribution on its next update.
Debian Security Advisory DSA 676-1 security@debian.org
Package : xpcd Erik Sjölund discovered a buffer overflow in pcdsvgaview, an SVGA PhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display graphics on the Linux console for which root permissions are required. A malicious user could overflow a fixed-size buffer and may cause the program to execute arbitrary code with elevated privileges. For the stable distribution (woody) this problem has been fixed in version 2.08-8woody3. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your xpcd-svga package immediately. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_sparc.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
Debian Security Advisory DSA 677-1 security@debian.org
Package : sympa Erik Sjölund discovered that a support script of sympa, a mailing list manager, is running setuid sympa and vulnerable to a buffer overflow. This could potentially lead to the execution of arbitrary code under the sympa user id. For the stable distribution (woody) this problem has been fixed in version 3.3.3-3woody2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your sympa package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/s/sympa/wwsympa_3.3.3-3woody2_all.deb Alpha architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_sparc.deb These files will probably be moved into the stable distribution on its next update.
Debian Security Advisory DSA 678-1 security@debian.org
Package : netkit-rwho "Vlad902" discovered a vulnerability in the rwhod program that can be used to crash the listening process. The broadcasting one is unaffected. This vulnerability only affects little endian architectures (i.e. on Debian: alpha, arm, alpha, ia64, i386, mipsel and s390). For the stable distribution (woody) this problem has been fixed in version 0.17-4woody2. For the unstable distribution (sid) this problem has been fixed in version 0.17-8. We recommend that you upgrade your rwhod package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/n/netkit-rwho/netkit-rwho_0.17-4woody2.dsc Alpha architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_alpha.deb ARM architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_arm.deb Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_i386.deb Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_ia64.deb HP Precision architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_hppa.deb Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_m68k.deb Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_mips.deb Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_mipsel.deb PowerPC architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_powerpc.deb IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_s390.deb Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_sparc.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> Fedora LegacyFedora Legacy Update Advisory
Synopsis: Updated gpdf package fixes security issues 1. Topic: An updated gpdf package that fixes a number of integer overflow security flaws is now available. GPdf is a viewer for Portable Document Format (PDF) files for GNOME. 2. Relevant releases/architectures: Fedora Core 1 - i386 3. Problem description: During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. These issues also affect gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0888 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. This flaw also affects gpdf as it is based on xpdf source code. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0064 to this issue. Users of gpdf are advised to upgrade to this errata package, which contains backported patches correcting these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2353 - xpdf buffer overflows apply to gpdf 6. RPMs required: Fedora Core 1:
SRPM:
i386: 7. Verification: SHA1 sum Package Name
63438a137ac33d1355bc6b8065fef0a03dde7e68
fedora/1/updates/i386/gpdf-0.110-1.4.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org Fedora Legacy Update Advisory
Synopsis: Updated iptables packages resolve security issues 1. Topic: Updated iptables packages that correct a security problem are now available. The iptables utility controls the network packet filtering code in the Linux kernel. 2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 3. Problem description: Under certain conditions, iptables did not properly load the required modules at system startup, which caused the firewall rules to fail to load and protect the system from remote attackers. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0986 to this issue. Users of iptables are advised to upgrade to these errata packages, which contain backported patches correcting these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2252 - iptables May Fail to Automatically Load Some Modules 6. RPMs required: Red Hat Linux 7.3:
SRPM:
i386: Red Hat Linux 9:
SRPM:
i386: Fedora Core 1:
SRPM:
i386: 7. Verification: SHA1 sum Package Name
83895bb3697fc2c0a6442a12a481e5670a4c4e36
redhat/7.3/updates/i386/iptables-1.2.8-8.73.1.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org Fedora Legacy Update Advisory
Synopsis: Updated Xpdf package fixes security issues 1. Topic: Updated Xpdf packages that fix several security issues are now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. 2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 3. Problem description: During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0888 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0064 to this issue. Users of xpdf are advised to upgrade to these errata packages, which contain backported patches correcting these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2352 - xpdf 3.00 Buffer overflow 6. RPMs required: Red Hat Linux 7.3:
SRPM:
i386: Red Hat Linux 9:
SRPM:
i386: Fedora Core 1:
SRPM:
i386: 7. Verification: SHA1 sum Package Name
423ffbb749b7ee88eeb10e6a859eeb0bf065e14f
redhat/7.3/updates/i386/xpdf-1.00-7.4.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org Fedora Legacy Update Advisory
Synopsis: Updated gaim package resolves security issues 1. Topic: An updated gaim package that fixes security issues and various bugs is now avaliable. The gaim application is a multi-protocol instant messaging client. 2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386 3. Problem description: A buffer overflow has been discovered in the MSN protocol handler. When receiving unexpected sequence of MSNSLP messages, it is possible that an attacker could cause an internal buffer overflow, leading to a crash or possible code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0891 to this issue. This updated gaim package also fixes multiple user interface, protocol, and error handling problems, including an ICQ communication encoding issue. Users of gaim are advised to upgrade to this updated package which contains gaim version 1.0.2 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: http://bugzilla.fedora.us - bug #2188 - gaim MSN protocol buffer overflow. 6. RPMs required: Red Hat Linux 7.3:
SRPM:
i386: Red Hat Linux 9:
SRPM:
i386: Fedora Core 1:
SRPM:
i386: 7. Verification: SHA1 sum Package Name
a174d3f8283b608124a7d1061d951d3f44eaf5df
redhat/7.3/updates/i386/gaim-1.0.2-0.FC0.73.0.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org Gentoo LinuxGentoo Linux Security Advisory GLSA 200502-12
Severity: Normal SynopsisPortage-built Webmin binary packages accidentally include a file containing the local encrypted root password. BackgroundWebmin is a web-based system administration console allowing an administrator to easily configure servers and other features. Using the 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build reusable binary packages for any of the packages available through the Portage tree. Affected packages
DescriptionTavis Ormandy of the Gentoo Linux Security Audit Team discovered that the Webmin ebuild contains a design flaw. It imports the encrypted local root password into the miniserv.users file before building binary packages that include this file. ImpactA remote attacker could retrieve Portage-built Webmin binary packages and recover the encrypted root password from the build host. WorkaroundUsers who never built or shared a Webmin binary package are unaffected by this. ResolutionWebmin users should delete any old shared Webmin binary package as soon as possible. They should also consider their buildhost root password potentially exposed and follow proper audit procedures. If you plan to build binary packages, you should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/webmin-1.170-r3"
AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200502-12.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200502-13
Severity: High SynopsisVulnerabilities leading to file overwriting and code execution with elevated privileges have been discovered in the perl-suid wrapper. BackgroundPerl is a stable, cross-platform programming language created by Larry Wall. The perl-suid wrapper allows the use of setuid perl scripts, i.e. user-callable Perl scripts which have elevated privileges. This function is enabled only if you have the perlsuid USE flag set. Affected packages
Descriptionperl-suid scripts honor the PERLIO_DEBUG environment variable and write to that file with elevated privileges (CAN-2005-0155). Furthermore, calling a perl-suid script with a very long path while PERLIO_DEBUG is set could trigger a buffer overflow (CAN-2005-0156). ImpactA local attacker could set the PERLIO_DEBUG environment variable and call existing perl-suid scripts, resulting in file overwriting and potentially the execution of arbitrary code with root privileges. WorkaroundYou are not vulnerable if you do not have the perlsuid USE flag set or do not use perl-suid scripts. ResolutionAll Perl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/perl
References[ 1 ] CAN-2005-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 [ 2 ] CAN-2005-0156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200502-13.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 MandrakelinuxMandrakelinux Security Update Advisory
Package name: cpio Problem Description: A vulnerability in cpio was discovered where cpio would create worldwriteable files when used in -o/--create mode and giving an output file (with -O). This would allow any user to modify the created cpio archive. The updated packages have been patched so that cpio now respects the current umask setting of the user. Update: The updated cpio packages for 10.1, while they would install with urpmi on the commandline, would not install via rpmdrake. The updated packages correct that. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572 Updated Packages:
Mandrakelinux 10.1:
Mandrakelinux 10.1/X86_64: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com
Type Bits/KeyID Date User ID Trustix Secure LinuxTrustix Secure Linux Security Advisory #2005-0003
Package name: bind clamav cpio cups mod_python perl postgresql python
squid Package description: bind: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network.
clamav:
cpio:
cups:
mod_python:
perl:
postgresql:
python:
squid:
Problem description: The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0034 to this issue.
clamav: The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0133 to this issue.
cpio: The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-1999-1572 to this issue.
cups: xpdf is not part of TSL, but a number of projects have reused this code. Of those, cups is included in TSL. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0064 to this issue.
mod_python: The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0088 to this issue.
perl: The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0155 to this issue. Executing a setuid root perl script with a very long path caused a buffer overflow if the PERLIO_DEBUG environment variable was set. This bug could be exploited to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0156 to this issue.
postgresql: This could be used to execute commands as the postgresql user.
python: On vulnerable XML-RPC servers, a remote attacker may be able to view or modify globals of the module(s) containing the registered instance's class(es), potentially leading to data loss or arbitrary code execution. If the registered object is a module, the danger is particularly serious. For example, if the registered module imports the os module, an attacker could invoke the os.system() function. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0089 to this issue.
squid: The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0094 to this issue. An integer overflow in the receiver of Web Cache Communication Protocol messages can be exploited remotely in a denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0095 to this issue. A memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and can be exploited remotely in a denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0096 to this issue. Sending a malformed NTML message to Squid 2.5.STABLE7 and earlier can cause a remore denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0097 to this issue.
Action:
Location:
About Trustix Secure Linux:
Automatic updates:
Questions?
Verification:
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-1.5/>, MD5sums of the packages: edf340ef53a7489be5feb31c5c40fb7a 2.2/rpms/bind-9.3.0-6tr.i586.rpm 9d97b4a4d7b177b209278fe3772f84dc 2.2/rpms/bind-devel-9.3.0-6tr.i586.rpm e90c07b0b8147e888cb0123bf200e545 2.2/rpms/bind-libs-9.3.0-6tr.i586.rpm a4ff8817412c2536934ae21a47019994 2.2/rpms/bind-light-9.3.0-6tr.i586.rpm be377c6746f0e365fe498c58ac288dab 2.2/rpms/bind-light-devel-9.3.0-6tr.i586.rpm 3f01be31c9df4e6615b3afa16011a076 2.2/rpms/bind-utils-9.3.0-6tr.i586.rpm c29d1286e69da619f925781bf2af2611 2.2/rpms/clamav-0.80-3tr.i586.rpm 158cb7e495e67358fea8d7619f4d9301 2.2/rpms/clamav-devel-0.80-3tr.i586.rpm d42c475fcbf22473dd0076991b1c2cc8 2.2/rpms/cpio-2.5-9tr.i586.rpm a44df52c5a3caa8ed66183a0ae1657ca 2.2/rpms/cups-1.1.23-2tr.i586.rpm 56935808faf04692b4cc1f4751886a65 2.2/rpms/cups-devel-1.1.23-2tr.i586.rpm 76e7adccc01aaee65379286d873e67d7 2.2/rpms/cups-libs-1.1.23-2tr.i586.rpm d897e337b57ff1769de1c2f3784ede2e 2.2/rpms/mod_python-3.1.3-2tr.i586.rpm 740159c0a1af369e1f05ca00ef0bda70 2.2/rpms/perl-5.8.5-4tr.i586.rpm 2b87e851b2ecd40f6ae3530cafaafefc 2.2/rpms/postgresql-8.0.1-1tr.i586.rpm 6d41dd9c2489460bccd004567e68cf92 2.2/rpms/postgresql-contrib-8.0.1-1tr.i586.rpm 181fec1ac113df1eaa6b0a6fedc5d447 2.2/rpms/postgresql-devel-8.0.1-1tr.i586.rpm f710edabbaa5127442e6c3682735ef70 2.2/rpms/postgresql-docs-8.0.1-1tr.i586.rpm 0b3ebc5fdd0f67f1e2d24a4c8f565b76 2.2/rpms/postgresql-libs-8.0.1-1tr.i586.rpm d16a77091ca20f1f811d9847befe4e66 2.2/rpms/postgresql-plperl-8.0.1-1tr.i586.rpm 3ca468af41ad8fadfc896502d262441a 2.2/rpms/postgresql-python-8.0.1-1tr.i586.rpm 01c63b048e332045b738c804921d026d 2.2/rpms/postgresql-server-8.0.1-1tr.i586.rpm f9a8f85a673def7737b3e7c25e3e0317 2.2/rpms/postgresql-test-8.0.1-1tr.i586.rpm 653cfb455b18d744f256ce80c9257ea4 2.2/rpms/python-2.2.3-15tr.i586.rpm 1eabd8f09a09dab9d2fc1b7f21386f05 2.2/rpms/python-dbm-2.2.3-15tr.i586.rpm 207808fabdee7cc75b91384112971d03 2.2/rpms/python-devel-2.2.3-15tr.i586.rpm 69296a45c6fbf24fdf567c1427b29f8a 2.2/rpms/python-docs-2.2.3-15tr.i586.rpm 9229c28c83df681a1d8a040b52d34449 2.2/rpms/python-gdbm-2.2.3-15tr.i586.rpm 756fe88b0e879a8bde101eea953cd949 2.2/rpms/python-modules-2.2.3-15tr.i586.rpm 081706dca8282c032198031cd3c9321c 2.2/rpms/squid-2.5.STABLE7-2tr.i586.rpm
151fc3e248b7a5bab0ace6839248c9dc 2.1/rpms/cpio-2.5-9tr.i586.rpm
b981a44d84483e3751d835423a434bd4 1.5/rpms/cpio-2.4.2-16tr.i586.rpm Trustix Security Team Ubuntu LinuxUbuntu Security Notice USN-80-1 February 11, 2005 libapache2-mod-python vulnerabilities CAN-2005-0088 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected:
libapache2-mod-python2.2 The problem can be corrected by upgrading the affected package to version 3.1.3-1ubuntu3.2. After a standard system upgrade you need to restart the Apache 2 web server using sudo /etc/init.d/apache2 restart to effect the necessary changes. Details follow: Graham Dumpleton discovered an information disclosure in the "publisher" handle of mod_python. By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible. Source archives:
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.diff.gz Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-1ubuntu3.2_all.deb amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_powerpc.deb Ubuntu Security Notice USN-81-1 February 11, 2005 iptables vulnerability CAN-2004-0986 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: iptables The problem can be corrected by upgrading the affected package to version 1.2.9-10ubuntu0.1. After a standard system upgrade you have to restart your firewall to ensure that the necessary changes take effect. Details follow: Faheem Mitha noticed that the "iptables" command did not always load the required modules on its own as it was supposed to. This could lead to firewall rules not being loaded on system startup. Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/iptables/iptables_1.2.9-10ubuntu0.1.dsc amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/iptables/iptables-dev_1.2.9-10ubuntu0.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/iptables/iptables-dev_1.2.9-10ubuntu0.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/iptables/iptables-dev_1.2.9-10ubuntu0.1_powerpc.deb  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
