Linux Today - Advisories: March 8, 2005

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Malware devs embrace open-source

A tale of two distros: Ubuntu and Linux Mint

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories: March 8, 2005

Advisories: March 8, 2005
Mar 9, 2005, 04 :45 UTC (0 Talkback[s]) (3462 reads)

Conectiva Linux

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : kernel
SUMMARY : Kernel fixes
DATE : 2005-03-07 17:08:00
ID : CLA-2005:930
RELEVANT RELEASES : 10

DESCRIPTION
The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system.

This announcement has the following important changes:

Security

The following issues have been fixed:

1.1 a.out local DoS (CAN-2004-1074)[1]
1.2 IGMP vulnerability (CAN-2004-1137)[2]
1.3 uselib local privilege escalation vulnerability (CAN-2004-1235)[3]
1.4 LSM Module Local Privilege Elevation (CAN 2004-1337)[4]
1.5 i386 SMP page fault handler privilege escalation (CAN-2005-0001)[5]
1.6 SHM insufficient permission checking (CAN-2005-0176)[6]
1.7 Local DoS in nls_ascii.c (CAN-2005-0177)[7]
1.8 setsid local DoS (CAN-2005-0178)[8]
1.9 mlockall local DoS (CAN-2005-0179)[9]
1.10 Integer signedness errors in scsi functions (CAN-2005-0180)[10]
1.11 NFS client O_DIRECT error (CAN-2005-0207)[11][12]
1.12 /proc heap overflow (CAN-2005-0529)[13][14]
1.13 Signedess error in n_tty.c (CAN-2005-0530)[13][15]
1.14 Possible buffer oferflow in atm_get_addr() (CAN-2005-0531)[13][16]
1.15 read/write VFS range checking [17][18]

2. Other changes

2.1 NVidia

The NVidia driver has been updated to version 6629. Unfortunately, some NVidia boards do not work well with this driver. In those cases, the workaround is to use the opensource "nv" driver or boot into the previous kernel until NVidia releases a new version which fixes the problem.

2.2 SATA modules

Some SATA modules changed behaviour and started using SCSI device names instead of IDE ones, particularly with VIA motherboards. In these machines, the hard disk device changed from /dev/hdX to /dev/sdX (for example, /dev/hde to /dev/sda). In order to be able to boot the new kernel, some manual changes are necessary.

The following example assumes the device name changed from /dev/hde to /dev/sda and that the root partition was /dev/hde3:

/boot/grub/menu.lst:
- change "root=/dev/hde3" to "root=/dev/sda3"
- if using LILO, make the same change in /etc/lilo.conf and run "lilo" afterwards
/etc/fstab
- change all occurrences of "/dev/hde" to "/dev/sda", keeping the partition number. For example, change "/dev/hde1" to "/dev/sda1" and so on.

The best way to check for the name change is to observe the boot messages from the new kernel. There would be references to SCSI devices which were previously not there such as "sda", "sdb", etc.

2.3 Winmodem modules

Some winmodem modules unfortunately do not work with the new kernel (in particular, slmodem and ltmodem). It is expected that future versions will have this fixed.

2.4 DRBD
This update finally brings back DRBD support, used in High Availability clusters.

SOLUTION
It is recommended that all Conectiva Linux users perform the upgrade.

IMPORTANT: exercise caution and preparation when upgrading the kernel, since it will require a reboot after the new packages are installed. More detailed instructions are available in Portuguese at our Q&A page[19].

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : squid
SUMMARY : Fixes for multiple squid vulnerabilities
DATE : 2005-03-08 10:06:00
ID : CLA-2005:931
RELEVANT RELEASES : 9, 10

DESCRIPTION
Squid[1] is a full-featured web proxy cache.

This announcement fixes the following vulnerabilities for Squid:

1.Strengthen Squid from HTTP response splitting cache pollution attack[2]
This patch additionaly strengthens Squid from the HTTP response splitting cache pollution attack described by Sanctum.

2.Reject malformed HTTP requests and responses that conflict with the HTTP specifications[3]
This patch makes Squid considerably stricter while parsing the HTTP protocol and also adds a new relaxed_header_parser directive which defaults to on. If set off Squid will become really strict about CR characters and whitespace in header names, while in the default on setting Squid will ignore (and automatically clean up) common deviations from these parts of the HTTP specification.

3.Correct handling of oversized reply headers[4] This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning.

4.Segmentation fault on failed PUT/POST request[5] An inconsistent state is entered on a failed PUT/POST request making a high risk for segmentation faults or other strange errors.

5.Data corruption when HTTP reply headers is split in several packets[6]
Under certain conditions involving HTTP headers split over multiple reply packets the HTTP reply may be corrupted by Squid. Symptoms range from hanging requests to corrupted data or error messages about the reply sent to the clients (usually "httpProcessReplyHeader: Too large reply header").

6.Assertion failure on certain odd DNS responses[7] Squid may abort with "xstrndup: Asserton 'n' failed" or other errors when receiving certain odd DNS responses.

For Conectiva Linux 9, the Squid package has been merged with Conectiva Linux 10 package, since both used the same base version.

SOLUTION
It is recommended that all squid users upgrade to the latest packages. This update will automatically restart the service if it is already running.

REFERENCES
1.http://www.squid-cache.org/
2.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting
3.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
4.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
5.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
6.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-split_headers
7.http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

Debian GNU/Linux

Debian Security Advisory DSA 691-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
March 7th, 2005 http://www.debian.org/security/faq

Package : abuse
Vulnerability : several
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0098 CAN-2005-0099

Several vulnerabilities have been discovered in abuse, the SDL port of the Abuse action game. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2005-0098

Erik Sjölund discovered several buffer overflows in the command line handling, which could lead to the execution of arbitrary code with elevated privileges since it is installed setuid root.

CAN-2005-0099

Steve Kemp discoverd that that abuse creates some files without dropping privileges first, which may lead to the creation and overwriting of arbitrary files.

For the stable distribution (woody) these problems have been fixed in version 2.00+-3woody4.

The unstable distribution (sid) does not contain an abuse package anymore.

We recommend that you upgrade your abuse package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4.dsc
Size/MD5 checksum: 623 7a65008ae232f2b2a3b07d093229ba21
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4.diff.gz
Size/MD5 checksum: 58555 02fdd3983b67b8ab482a9ec6156a39bd
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+.orig.tar.gz
Size/MD5 checksum: 2511544 ca758e0b9b566f374700da4e62288c1f

Alpha architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_alpha.deb
Size/MD5 checksum: 368092 5b33e629303f3e361664dd2ad68c184e

ARM architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_arm.deb
Size/MD5 checksum: 293216 889469d2dc501b17d8b397b959c43b2b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_i386.deb
Size/MD5 checksum: 481882 c6ca713c2c83bb83863fdf700282054d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_ia64.deb
Size/MD5 checksum: 470086 3cfa84160fb3daaadac03e8df13ca60d

HP Precision architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_hppa.deb
Size/MD5 checksum: 337144 54a2fe9a5b23fd84423e3420b160d728

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_m68k.deb
Size/MD5 checksum: 228178 e359e7ef29b6f79c399dc9bd99a85408

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_mips.deb
Size/MD5 checksum: 326616 bc7db32c0729ca361de0634b88cc4674

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_mipsel.deb
Size/MD5 checksum: 322142 c840c20fd82e03f45cebc0146baba7cc

PowerPC architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_powerpc.deb
Size/MD5 checksum: 282222 1ec1f756e714395821111ea8f6cb4652

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_s390.deb
Size/MD5 checksum: 270788 fd981943304e5c207b0b5877e052a478

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_sparc.deb
Size/MD5 checksum: 272080 dbecc678daa315f1b6ff418c819ca443

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 692-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
March 8th, 2005 http://www.debian.org/security/faq

Package : kdenetwork
Vulnerability : design flaw
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0205

The KDE team fixed a bug in kppp in 2002 which was now discovered to be exploitable by iDEFENSE. By opening a sufficiently large number of file descriptors before executing kppp which is installed setuid root a local attacker is able to take over privileged file descriptors.

For the stable distribution (woody) this problem has been fixed in version 2.2.2-14.7.

The testing (sarge) and unstable (sid) distributions are not affected since KDE 3.2 already contained the correction.

We recommend that you upgrade your kppp package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.dsc
Size/MD5 checksum: 902 ad4a663d3fa5d1f401c1de23b491ce24
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.diff.gz
Size/MD5 checksum: 29835 f79db588c576a8cc1d5febb65f87f545
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz
Size/MD5 checksum: 3319181 25fbfc5d2592937480c0d3796a2416e0

Alpha architecture:

ARM architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

HP Precision architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Legacy

Fedora Legacy Update Advisory

Synopsis: Updated less package fixes security issue
Advisory ID: FLSA:2404
Issue date: 2005-03-07
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2404
CVE Names: CAN-2005-0086

1. Topic:

An updated less package that fixes segmentation fault when viewing binary files is now available.

The less utility is a text file browser that resembles more, but has extended capabilities.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

Victor Ashik discovered a heap based buffer overflow in less, caused by a patch added to the less package in Red Hat Linux 9. An attacker could construct a carefully crafted file that could cause less to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0086 to this issue.

All users of the less package should upgrade to this updated package, which resolves this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2404 - less segfault

6. RPMs required:

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/less-378-7.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/less-378-7.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name

08f54de18179fdaf849cd26d0497531426fd9cc6 redhat/9/updates/i386/less-378-7.2.legacy.i386.rpm
58ccb5a8cdb72c2a64cd8b41ba8984f2df906a18 redhat/9/updates/SRPMS/less-378-7.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0086

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org

Fedora Legacy Update Advisory

Synopsis: Updated php packages fix security issues
Advisory ID: FLSA:2344
Issue date: 2005-03-07
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2344
CVE Names: CAN-2004-0958 CAN-2004-0959 CAN-2004-1018 CAN-2004-1019 CAN-2004-1065 CAN-2004-1392

1. Topic:

Updated php packages that fix various security issues are now available.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

An information disclosure bug was discovered in the parsing of "GPC" variables in PHP (query strings or cookies, and POST form data). If particular scripts used the values of the GPC variables, portions of the memory space of an httpd child process could be revealed to the client. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0958 to this issue.

A file access bug was discovered in the parsing of "multipart/form-data" forms, used by PHP scripts which allow file uploads. In particular configurations, some scripts could allow a malicious client to upload files to an arbitrary directory where the "apache" user has write access. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0959 to this issue.

Flaws were found in shmop_write, pack, and unpack PHP functions. These functions are not normally passed user supplied data, so would require a malicious PHP script to be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-1018 to this issue.

Flaws including possible information disclosure, double free, and negative reference index array underflow were found in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-1019 to this issue.

A flaw in the exif extension of PHP was found which lead to a stack overflow. An attacker could create a carefully crafted image file in such a way that if parsed by a PHP script using the exif extension it could cause a crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-1065 to this issue.

A flaw in the PHP cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-1392 to this issue.

Users of PHP should upgrade to these updated packages, which contain fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2344 - multiple php vulns

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.14.legacy.src.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.10.legacy.src.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.10-1.1.legacy.src.rpm

7. Verification:

SHA1 sum Package Name

b88c0d83d4a9aeb974a6ee54ce66a27ecefa392a redhat/7.3/updates/i386/php-4.1.2-7.3.14.legacy.i386.rpm
48fd82779841a679e84e93f8ef1b612965acb342 redhat/7.3/updates/i386/php-devel-4.1.2-7.3.14.legacy.i386.rpm
573aad4bab9f4f4399aedea743999020b3246614 redhat/7.3/updates/i386/php-imap-4.1.2-7.3.14.legacy.i386.rpm
1a18d347e68013d29586f6a8db8283bdf7f6ff66 redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.14.legacy.i386.rpm
2a84f086225993aeccb0dfe2dd21ca8fcd78f26e redhat/7.3/updates/i386/php-manual-4.1.2-7.3.14.legacy.i386.rpm
d856fcc947e9386db2116f581cd0faf9efa5cf39 redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.14.legacy.i386.rpm
5621afdf4dd720ca24b489ccd115f6ead0b5343d redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.14.legacy.i386.rpm
41bc8b4cf9c357c8030c09c4454c0e2173e0c523 redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.14.legacy.i386.rpm
42bec2bd2e0f98fed8e01e82eef7a845c37020d2 redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.14.legacy.i386.rpm
8c6cf550cb6b6f4a75742120f56c6b77ff3d49e4 redhat/7.3/updates/SRPMS/php-4.1.2-7.3.14.legacy.src.rpm
7fdeae44517dc2ef29fbb0480f9046fc6dadc8e3 redhat/9/updates/i386/php-4.2.2-17.10.legacy.i386.rpm
e9244f6732eb2c83128d91e57439e7cc36c3c982 redhat/9/updates/i386/php-devel-4.2.2-17.10.legacy.i386.rpm
054f45490faa2d6bc641b22bade7f3db92d07cde redhat/9/updates/i386/php-imap-4.2.2-17.10.legacy.i386.rpm
76ade25210bb37b4757b535d48de39e8c2dec622 redhat/9/updates/i386/php-ldap-4.2.2-17.10.legacy.i386.rpm
53d0e83c9b10e9d84e0150c9dbdb70f4df3a930a redhat/9/updates/i386/php-manual-4.2.2-17.10.legacy.i386.rpm
81ac7899358407bbd2c38baf7547136413970372 redhat/9/updates/i386/php-mysql-4.2.2-17.10.legacy.i386.rpm
cceed4ce195fa9ff864eb6561b7bfb6297eb5bff redhat/9/updates/i386/php-odbc-4.2.2-17.10.legacy.i386.rpm
839c239b525265df7abaeac1c5f0c08092c74944 redhat/9/updates/i386/php-pgsql-4.2.2-17.10.legacy.i386.rpm
b1cd0eb61b109a2b5da15791b8781806b44c7efc redhat/9/updates/i386/php-snmp-4.2.2-17.10.legacy.i386.rpm
fe9529ca28ff2663a9b520fd5e774cf931e0b135 redhat/9/updates/SRPMS/php-4.2.2-17.10.legacy.src.rpm
dd0daa7c3d6b4f491605e698c39cb451edff50ba fedora/1/updates/i386/php-4.3.10-1.1.legacy.i386.rpm
c07635eca5d2ce4f1972c5faf3e14f4c00a19f2d fedora/1/updates/i386/php-devel-4.3.10-1.1.legacy.i386.rpm
2658aabd4ebe409b0b9532baf0894abfe15c0f38 fedora/1/updates/i386/php-domxml-4.3.10-1.1.legacy.i386.rpm
b38d0ef81f4ccc1ef914bdeb4077461d4dba2d7b fedora/1/updates/i386/php-imap-4.3.10-1.1.legacy.i386.rpm
e8d7d69f35641f915edba0eb9c5915db60e318d5 fedora/1/updates/i386/php-ldap-4.3.10-1.1.legacy.i386.rpm
f9a609b45b56e028080246ea7df8a53d1e0c33b7 fedora/1/updates/i386/php-mbstring-4.3.10-1.1.legacy.i386.rpm
f34d4ab35fc29149a8c8f84140940c9470356415 fedora/1/updates/i386/php-mysql-4.3.10-1.1.legacy.i386.rpm
71c362c35b2368348b56d8cd5f7c03812f7b7aa2 fedora/1/updates/i386/php-odbc-4.3.10-1.1.legacy.i386.rpm
de668bafb64e2f7cb8e3d1add11e8037159ce90d fedora/1/updates/i386/php-pgsql-4.3.10-1.1.legacy.i386.rpm
d2bc37081e2633c0cbd721b24cbbeadffc0196be fedora/1/updates/i386/php-snmp-4.3.10-1.1.legacy.i386.rpm
1538dab5f7b07a29191f459441478a4c9cc2c11e fedora/1/updates/i386/php-xmlrpc-4.3.10-1.1.legacy.i386.rpm
125b673172ebeb9cf0bdefe5adc0060ae10d3c9d fedora/1/updates/SRPMS/php-4.3.10-1.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org

Fedora Legacy Update Advisory

Synopsis: Updated subversion packages fix security issues
Advisory ID: FLSA:1748
Issue date: 2005-03-07
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1748
CVE Names: CAN-2004-0397 CAN-2004-0413

1. Topic:

Updated subversion packages that fix several security issues are now available.

Subversion is a concurrent version control system.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

Subversion versions up to 1.0.2 are vulnerable to a date parsing vulnerability which can be abused to allow remote code execution on Subversion servers and therefore could lead to a repository compromise. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0397 to this issue.

Subversion versions up to and including 1.0.4 have a potential Denial of Service and Heap Overflow issue related to the parsing of strings in the 'svn://' family of access protocols. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0413 to this issue.

Users of subversion are advised to upgrade to these errata packages, which contain backported patches correcting these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #1748 - subversion advisories

6. RPMs required:

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/subversion-0.27.0-4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/subversion-0.27.0-4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/subversion-devel-0.27.0-4.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name

9d08a9754083238df10241291832f90892f25e8f redhat/9/updates/i386/subversion-0.27.0-4.legacy.i386.rpm
68609fdd91802c5f3fb2f6d1a0fe9ba8e20ece39 redhat/9/updates/i386/subversion-devel-0.27.0-4.legacy.i386.rpm
64c66197355f9424d18e62e589e4d377f4dd9b29 redhat/9/updates/SRPMS/subversion-0.27.0-4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0413

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200503-11

http://security.gentoo.org/

Severity: Normal
Title: ImageMagick: Filename handling vulnerability
Date: March 06, 2005
Bugs: #83542
ID: 200503-11

Synopsis

A format string vulnerability exists in ImageMagick that may allow an attacker to execute arbitrary code.

Background

ImageMagick is a collection of tools and libraries for manipulating a wide variety of image formats.

Affected packages


     Package                /  Vulnerable  /                Unaffected

  1  media-gfx/imagemagick      < 6.2.0.4                   >= 6.2.0.4

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities.

Impact

Successful exploitation may disrupt web applications that depend on ImageMagick for image processing, potentially executing arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.0.4"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200503-12

http://security.gentoo.org/

Severity: Normal
Title: Hashcash: Format string vulnerability
Date: March 06, 2005
Bugs: #83541
ID: 200503-12

Synopsis

A format string vulnerability in the Hashcash utility could allow an attacker to execute arbitrary code.

Background

Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam.

Affected packages


     Package            /  Vulnerable  /                    Unaffected

  1  net-misc/hashcash      < 1.16-r1                       >= 1.16-r1

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address.

Impact

Successful exploitation would permit an attacker to disrupt Hashcash users, and potentially execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Hashcash users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.16-r1"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-12.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200503-13

http://security.gentoo.org/

Severity: Normal
Title: mlterm: Integer overflow vulnerability
Date: March 07, 2005
Bugs: #84174
ID: 200503-13

Synopsis

mlterm is vulnerable to an integer overflow, which could potentially allow the execution of arbitrary code.

Background

mlterm is a multi-lingual terminal emulator.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  x11-terms/mlterm       < 2.9.2                           >= 2.9.2

Description

mlterm is vulnerable to an integer overflow that can be triggered by specifying a large image file as a background. This only effects users that have compiled mlterm with the 'gtk' USE flag, which enables gdk-pixbuf support.

Impact

An attacker can create a specially-crafted image file which, when used as a background by the victim, can lead to the execution of arbitrary code with the privileges of the user running mlterm.

Workaround

Re-compile mlterm without the 'gtk' USE flag.

Resolution

All mlterm users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-terms/mlterm-2.9.2"

References

[ 1 ] mlterm ChangeLog

https://sourceforge.net/project/shownotes.php?release_id=310416

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-13.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200503-14

http://security.gentoo.org/

Severity: Normal
Title: KDE dcopidlng: Insecure temporary file creation
Date: March 07, 2005
Bugs: #81652
ID: 200503-14

Synopsis

The dcopidlng script is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Background

KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. dcopidlng is a DCOP helper script.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  kde-base/kdelibs     < 3.3.2-r5                       >= 3.3.2-r5
                                                          *>= 3.2.3-r7

Description

Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names.

Impact

A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When dcopidlng is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user.

Workaround

There is no known workaround at this time.

Resolution

All kdelibs users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdelibs

References

[ 1 ] CAN-2005-0365

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-14.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Ubuntu Linux

Ubuntu Security Notice USN-91-1 March 07, 2005
libexif vulnerabilities
https://bugzilla.ubuntulinux.org/7152

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libexif10

The problem can be corrected by upgrading the affected package to version 0.6.9-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Sylvain Defresne discovered that the EXIF library did not properly validate the structure of the EXIF tags. By tricking a user to load an image with a malicious EXIF tag, an attacker could exploit this to crash the process using the library, or even execute arbitrary code with the privileges of the process.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9-1ubuntu0.1.diff.gz
Size/MD5: 3179 e9fd1d2236959505cf178a020c188055
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9-1ubuntu0.1.dsc
Size/MD5: 601 2da73dc518844cf3461f3d962dd8c54a
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.9.orig.tar.gz
Size/MD5: 520956 0aa142335a8a00c32bb6c7dbfe95fc24

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_amd64.deb
Size/MD5: 67246 05d61f165d5dcbe88cca2c3fe241e1f3
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_amd64.deb
Size/MD5: 81306 de2d6751deca8eefd36d88436be4e9cc

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_i386.deb
Size/MD5: 64274 032c168632797a2a3ca36b2d994e8dcf
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_i386.deb
Size/MD5: 78850 7f55dde4ed21e72732b90407ba1138e9

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.6.9-1ubuntu0.1_powerpc.deb
Size/MD5: 68474 9005e4ceb739ab6d1866a5cd7637a0b3
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif10_0.6.9-1ubuntu0.1_powerpc.deb
Size/MD5: 80436 b4b646bd56dae9b6483450f597272cc9

Ubuntu Security Notice USN-92-1 March 07, 2005
lesstif1-1 vulnerabilities
CAN-2005-0605

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

lesstif1
lesstif2

The problem can be corrected by upgrading the affected package to version 1:0.93.94-4ubuntu1.3. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image.

Ubuntu does not contain any server applications using LessTif, so there is no possibility of privilege escalation.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.3.diff.gz
Size/MD5: 106559 10390280498a19d8bedcf41c3ad075b6
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94-4ubuntu1.3.dsc
Size/MD5: 864 ef7eb1b1a2351d703c9d472e147d6b45
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1-1_0.93.94.orig.tar.gz
Size/MD5: 4862623 9eb87b5470333ccb31425a47d24f5a96

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-doc_0.93.94-4ubuntu1.3_all.deb
Size/MD5: 342218 50dba994fe17e5f253c3b44e3bdb493a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 176958 845526d2d517b5d43722d32f7b4f96d9
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 917352 bc37061d1a23c0f9e50631e370c6e02a
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 660772 ab61d20f4cad00783adc89eb2e5ad05d
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 1068764 22057fe13cf32c6824b80b1aca8582f8
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_amd64.deb
Size/MD5: 743410 8307888562686c76a7584a437634455e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 159596 215b85f45344b66cd9e621b651dae399
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 803756 43a39b02e359fc7eba44a2acc651d77f
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 598112 fa697d9c1b794e6b5d4f98c3c445695d
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 934076 c3404cb03872cd7ad7ed71b734f74f0e
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_i386.deb
Size/MD5: 674350 22c7ce01cf8ee09172d25d494470e6ae

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/l/lesstif1-1/lesstif-bin_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 171868 4c2102527ad30213dcb759caae0b42db
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif-dev_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 946186 97efaff3cb3f0c558a65ddff84441d48
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif1_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 626094 7307c73f4fbc10560da35f87ba11ccf3
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2-dev_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 1094772 0fc4e231e5e9d032065c80b997bc5562
http://security.ubuntu.com/ubuntu/pool/main/l/lesstif1-1/lesstif2_0.93.94-4ubuntu1.3_powerpc.deb
Size/MD5: 706738 d2a53253e733c907eb48d3640024c47a

Ubuntu Security Notice USN-93-1 March 08, 2005
squid vulnerability
CAN-2005-0626

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.6. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A race condition was discovered in the handling of "Set-Cookie" headers. If the obsolete Netscape recommendation was used for handling cookies in the cache, it was possible for an attacker to steal the cookies of other users.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6.diff.gz
Size/MD5: 274718 c9d8eb20819948c3d59705745730e88e
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6.dsc
Size/MD5: 652 6e6f281efb48e36c75016b159e19f050
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.6_all.deb
Size/MD5: 190704 eff315816c0f840e3857af0ec8e2d213

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_amd64.deb
Size/MD5: 90084 0ffd6d6a57b8a20859239eb0469b913c
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_amd64.deb
Size/MD5: 812874 29194c51fdbb055aea7c0a913f49d972
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_amd64.deb
Size/MD5: 71438 f4551b3d077723a432a32dbbd1208504

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_i386.deb
Size/MD5: 88616 c02beab64129afa343022eb0a47c03fb
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_i386.deb
Size/MD5: 728856 3ccd8846f2b807c94a499e6b53daceba
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_i386.deb
Size/MD5: 70172 8d12341a1f50936da07358b66d0ebf6a

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.6_powerpc.deb
Size/MD5: 89514 9cb43b1cd9fd17c1d21664b73cbd21c0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.6_powerpc.deb
Size/MD5: 796326 c9036ad491d500cfe4ed4494c537ff26
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.6_powerpc.deb
Size/MD5: 70928 636dac5028b9475b03260b1800a37e5c