|
 |
Gentoo LinuxGentoo Linux Security Advisory GLSA 200502-33
Severity: Low SynopsisMediaWiki is vulnerable to cross-site scripting, data manipulation and security bypass attacks. BackgroundMediaWiki is a collaborative editing software, used by big projects like Wikipedia. Affected packages
DescriptionA security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code does not sufficiently sanitize input parameters. ImpactBy tricking a user to load a carefully crafted URL, a remote attacker could hijack sessions and authentication cookies to inject malicious script code that will be executed in a user's browser session in context of the vulnerable site, or use JavaScript submitted forms to perform restricted actions. Using the image deletion flaw, it is also possible for authenticated administrators to delete arbitrary files via directory traversal. WorkaroundThere is no known workaround at this time. ResolutionAll MediaWiki users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.3.11"
References[ 1 ] Secunia Advisory SA14125 http://secunia.com/advisories/14125/ [ 2 ] CAN-2005-0534 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0534 [ 3 ] CAN-2005-0535 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0535 [ 4 ] CAN-2005-0536 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0536 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200502-33.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200503-01
Severity: Normal SynopsisQt may load shared libraries from an untrusted, world-writable directory, resulting in the execution of arbitrary code. BackgroundQt is a cross-platform GUI toolkit used by KDE. Affected packages
DescriptionTavis Ormandy of the Gentoo Linux Security Audit Team has discovered that Qt searches for shared libraries in an untrusted, world-writable directory. ImpactA local attacker could create a malicious shared object that would be loaded by Qt, resulting in the execution of arbitrary code with the privileges of the Qt application. WorkaroundThere is no known workaround at this time. ResolutionAll Qt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r2"
AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-01.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200503-02
Severity: Normal SynopsisSeveral vulnerabilities allow remote attackers to gain phpBB administrator rights or expose and manipulate sensitive data. BackgroundphpBB is an Open Source bulletin board package. Affected packages
DescriptionIt was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the "Enable remote avatars" and "Enable avatar uploading" options are set (CAN-2005-0259). He also found out that incorrect input validation in "usercp_avatar.php" and "usercp_register.php" makes phpBB vulnerable to directory traversal attacks, if the "Gallery avatars" setting is enabled (CAN-2005-0258). ImpactRemote attackers can exploit the session handling flaw to gain phpBB administrator rights. By providing a local and a remote location for an avatar and setting the "Upload Avatar from a URL:" field to point to the target file, a malicious local user can read arbitrary local files. By inserting "/../" sequences into the "avatarselect" parameter, a remote attacker can exploit the directory traversal vulnerability to delete arbitrary files. A flaw in the "viewtopic.php" script can be exploited to expose the full path of PHP scripts. WorkaroundThere is no known workaround at this time. ResolutionAll phpBB users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.13"
References[ 1 ] CAN-2005-0258 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0258 [ 2 ] CAN-2005-0259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0259 [ 3 ] phpBB announcement http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-02.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200503-03
Severity: Normal SynopsisMultiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application. BackgroundGaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Affected packages
DescriptionSpecially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML code could lead to invalid memory accesses (CAN-2005-0208 and CAN-2005-0473). ImpactRemote attackers could exploit these issues, resulting in a Denial of Service. WorkaroundThere is no known workaround at this time. ResolutionAll Gaim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.1.4"
References[ 1 ] CAN-2005-0208 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208 [ 2 ] CAN-2005-0472 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472 [ 3 ] CAN-2005-0473 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-03.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200503-04
Severity: High SynopsisRemote attackers can upload and execute arbitrary PHP scripts, another flaw reveals the full path of scripts. BackgroundphpWebSite provides a complete web site content management system. Affected packages
DescriptionNST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. ImpactA remote attacker can exploit this issue to upload files to a directory within the web root. By calling the uploaded script the attacker could then execute arbitrary PHP code with the rights of the web server. By passing specially crafted requests to the search module, remote attackers can also find out the full path of PHP scripts. WorkaroundThere is no known workaround at this time. ResolutionAll phpWebSite users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.0-r2"
References[ 1 ] Secunia Advisory SA14399 http://secunia.com/advisories/14399/ [ 2 ] phpWebSite announcement http://phpwebsite.appstate.edu/index.php?module=announce&ANN_id=922&ANN_user_op=view AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-04.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Ubuntu LinuxUbuntu Security Notice USN-86-1 February 28, 2005 curl vulnerability CAN-2005-0940 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected:
libcurl2 The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: infamous41md discovered a buffer overflow in cURL's NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library. Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1.diff.gz amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb Ubuntu Security Notice USN-87-1 February 28, 2005 cyrus21-imapd vulnerability CAN-2005-0546 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: cyrus21-imapd The problem can be corrected by upgrading the affected package to version 2.1.16-6ubuntu0.3. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sean Larsson discovered a buffer overflow in the IMAP "annotate" extension. This possibly allowed an authenticated IMAP client to execute arbitrary code with the privileges of the Cyrus IMAP server. Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3.diff.gz Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-admin_2.1.16-6ubuntu0.3_all.deb amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_powerpc.deb Ubuntu Security Notice USN-88-1 February 28, 2005 reportbug information disclosure https://bugzilla.ubuntulinux.org/6600 https://bugzilla.ubuntulinux.org/6717 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: reportbug The problem can be corrected by upgrading the affected package to version 2.62ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. However, if your users already have ~/.reportbugrc files with SMTP passwords, you need to manually change their permissions with chmod 600 .reportbugrc Details follow: Rolf Leggewie discovered two information disclosure bugs in reportbug. The per-user configuration file ~/.reportbugrc was created world-readable. If it contained email smarthost passwords, these were readable by any other user on the computer storing the home directory. reportbug usually includes the settings from ~/.reportbugrc in generated bug reports. This included the "smtppasswd" setting (the password for an SMTP email smarthost) as well. The password is now hidden from reports. Source archives:
http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1.dsc Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1_all.deb Ubuntu Security Notice USN-89-1 February 28, 2005 libxml vulnerabilities CAN-2004-0989 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libxml1 The problem can be corrected by upgrading the affected package to version 1:1.8.17-8ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several buffer overflows have been discovered in libxml's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml. This does not affect the core XML parsing code, which is what the majority of programs use this library for. Note: The same vulnerability was already fixed for libxml2 in USN-10-1. Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17-8ubuntu0.1.diff.gz amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_powerpc.deb  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
