Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories: March 28, 2005

Mar 29, 2005, 04:45 (0 Talkback[s])

Conectiva Linux


CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : ethereal
SUMMARY : Fixes for security vulnerabilities in ethereal
DATE : 2005-03-28 13:52:00
ID : CLA-2005:942
RELEVANT RELEASES : 9, 10


DESCRIPTION
Ethereal[1] is a powerful network traffic analyzer with a graphical user interface (GUI).

This update fixes several vulnerabilities[2,3] in ethereal:

CAN-2005-0006[4]: The COPS dissector could go into an infinite loop.

CAN-2005-0007[5]: The DLSw dissector could cause an assertion, making Ethereal exit prematurely.

CAN-2005-0008[6]: The DNP dissector could cause memory corruption.

CAN-2005-0009[7]: The Gnutella dissector could cause an assertion, making Ethereal exit prematurely.

CAN-2005-0010[8]: The MMSE dissector could free static memory.

CAN-2005-0084[9]: The X11 protocol dissector is vulnerable to a string buffer overflow.

CAN-2005-0699[10]: Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.

CAN-2005-0704[11]: Matevz Pustisek discovered a buffer overflow in the Etheric dissector.

CAN-2005-0705[12]: The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled.

CAN-2005-0739[13]: Leon Juranic discovered a buffer overflow in the IAPP dissector.

Also, it fixes other two issues: a bug in the JXTA and sFlow dissectors that could make Ethereal crash.

SOLUTION
It is recommended that all ethereal users upgrade their packages.

REFERENCES
1.http://www.ethereal.com/
2.http://www.ethereal.com/appnotes/enpa-sa-00017.html
3.http://www.ethereal.com/appnotes/enpa-sa-00018.html
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007
6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008
7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009
8.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010
9.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084
10.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0699
11.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0704
12.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0705
13.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0739

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/ethereal-0.10.10-77079U10_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-0.10.10-77079U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-common-0.10.10-77079U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-gtk-0.10.10-77079U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-utils-0.10.10-77079U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/tethereal-0.10.10-77079U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/ethereal-0.10.10-77079U90_5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-0.10.10-77079U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-common-0.10.10-77079U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-gtk-0.10.10-77079U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-utils-0.10.10-77079U90_5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/tethereal-0.10.10-77079U90_5cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Fedora Core


Fedora Update Notification
FEDORA-2005-259
2005-03-28

Product : Fedora Core 2
Name : squirrelmail
Version : 1.4.4
Release : 1.FC2
Summary : SquirrelMail webmail client

Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.


Update Information:

Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4


  • Thu Jan 27 2005 Warren Togami <wtogami@redhat.com> 1.4.4-2
    • 1.4.4
    • re-include translations and Provide squirrelmail-i18n better compatible with upstream, but we cannot split sub-package due to support of existing distributions
    • remove unnecessary .po files

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

a238db60bcad582241e36e125eb2888a SRPMS/squirrelmail-1.4.4-1.FC2.src.rpm
196e34e86ad654beb1f44462c6148e99 x86_64/squirrelmail-1.4.4-1.FC2.noarch.rpm
196e34e86ad654beb1f44462c6148e99 i386/squirrelmail-1.4.4-1.FC2.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-260
2005-03-28

Product : Fedora Core 3
Name : squirrelmail
Version : 1.4.4
Release : 1.FC3
Summary : SquirrelMail webmail client

Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.


Update Information:

Multiple issues in squirrelmail (CAN-2005-0104) Upgrade to 1.4.4


  • Thu Jan 27 2005 Warren Togami <wtogami@redhat.com> 1.4.4-2
    • 1.4.4
    • re-include translations and Provide squirrelmail-i18n better compatible with upstream, but we cannot split sub-package due to support of existing distributions
    • remove unnecessary .po files

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

b62f0fe0b26a125239e4897a1aef60d8 SRPMS/squirrelmail-1.4.4-1.FC3.src.rpm
4df4db9e6f9b4278615c5d6189427f7a x86_64/squirrelmail-1.4.4-1.FC3.noarch.rpm
4df4db9e6f9b4278615c5d6189427f7a i386/squirrelmail-1.4.4-1.FC3.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Security Update Notification
FEDORA-2005-262
2005-03-28

Product : Fedora Core 2
Name : kernel
Version : 2.6.10
Release : 1.771_FC2
Summary : The Linux kernel (the core of the Linux operating system)

Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.


  • Sun Mar 27 2005 Dave Jones <davej@redhat.com>
    • Catch up with all recent security issues.
    • CAN-2005-0210 : dst leak
    • CAN-2005-0384 : ppp dos
    • CAN-2005-0531 : Sign handling issues.
    • CAN-2005-0400 : EXT2 information leak.
    • CAN-2005-0449 : Remote oops.
    • CAN-2005-0736 : Epoll overflow
    • CAN-2005-0749 : ELF loader may kfree wrong memory.
    • CAN-2005-0750 : Missing range checking in bluetooth
    • CAN-2005-0767 : drm race in radeon
    • CAN-2005-0815 : Corrupt isofs images could cause oops.
  • Tue Mar 22 2005 Dave Jones <davej@redhat.com>
    • Fix swapped parameters to memset in ieee802.11 code.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

279048bd2e34f477912badf1bb73d798 SRPMS/kernel-2.6.10-1.771_FC2.src.rpm
65d8acccaa8686bc8a8be34268801b5a x86_64/kernel-2.6.10-1.771_FC2.x86_64.rpm
a5a4c03beb3cd37a71789b4c40e99797 x86_64/kernel-smp-2.6.10-1.771_FC2.x86_64.rpm
28ca62a9652cca57aadc0841dd58c85c x86_64/debug/kernel-debuginfo-2.6.10-1.771_FC2.x86_64.rpm
e8d9cfc6aa998268426023a8a7bd3012 x86_64/kernel-sourcecode-2.6.10-1.771_FC2.noarch.rpm
3a14cc12fa4e6fb796edc1f8b7fa36cb x86_64/kernel-doc-2.6.10-1.771_FC2.noarch.rpm
2dd2777c4e63ee49a1fa5d0aac63198e i386/kernel-2.6.10-1.771_FC2.i586.rpm
4f85f53a459595cf69635ca98f538eea i386/kernel-smp-2.6.10-1.771_FC2.i586.rpm
f6c507301df73b72cb9636a3e7db2eb6 i386/debug/kernel-debuginfo-2.6.10-1.771_FC2.i586.rpm
c11edec2fb84f899cbc4ba21e0cf3a0a i386/kernel-2.6.10-1.771_FC2.i686.rpm
b2a94b6b94be8816b02901b4347b805c i386/kernel-smp-2.6.10-1.771_FC2.i686.rpm
3fe0f11bdf21a2d3aa9afa2956926542 i386/debug/kernel-debuginfo-2.6.10-1.771_FC2.i686.rpm
e8d9cfc6aa998268426023a8a7bd3012 i386/kernel-sourcecode-2.6.10-1.771_FC2.noarch.rpm
3a14cc12fa4e6fb796edc1f8b7fa36cb i386/kernel-doc-2.6.10-1.771_FC2.noarch.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200503-34

http://security.gentoo.org/


Severity: Normal
Title: mpg321: Format string vulnerability
Date: March 28, 2005
Bugs: #86033
ID: 200503-34


Synopsis

A flaw in the processing of ID3 tags in mpg321 could potentially lead to the execution of arbitrary code.

Background

mpg321 is a GPL replacement for mpg123, a command line audio player with support for ID3. ID3 is a tagging system that allows metadata to be embedded within media files.

Affected packages


     Package             /   Vulnerable   /                 Unaffected

  1  media-sound/mpg321      < 0.2.10-r2                  >= 0.2.10-r2

Description

A routine security audit of the mpg321 package revealed a known security issue remained unpatched. The vulnerability is a result of mpg321 printing embedded ID3 data to the console in an unsafe manner.

Impact

Successful exploitation would require a victim to play a specially crafted audio file using mpg321, potentially resulting in the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All mpg321 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-sound/mpg321-0.2.10-r2"

References

[ 1 ] CVE-2003-0969

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0969

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-34.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Ubuntu Linux


Ubuntu Security Notice USN-101-1 March 28, 2005
netkit-telnet vulnerabilities
CAN-2004-0911, CAN-2005-0469

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

telnet
telnetd

The problem can be corrected by upgrading the affected package to version 0.17-24ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the telnet client's handling of the LINEMODE suboptions. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CAN-2005-0469)

Michal Zalewski discovered a Denial of Service vulnerability in the telnet server (telnetd). A remote attacker could cause the telnetd process to free an invalid pointer, which caused the server process to crash, leading to a denial of service (inetd will disable the service if telnetd crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user). Please note that the telnet server is not officially supported by Ubuntu, it is in the "universe" component. (CAN-2004-0911)

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/netkit-telnet_0.17-24ubuntu0.1.diff.gz
Size/MD5: 25956 9128f1f018f467891fccb2f201f4b996
http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/netkit-telnet_0.17-24ubuntu0.1.dsc
Size/MD5: 607 a89242a368dcef4ecdd2edfa07b0416e
http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz
Size/MD5: 133749 d6beabaaf53fe6e382c42ce3faa05a36

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/telnet_0.17-24ubuntu0.1_amd64.deb
Size/MD5: 68950 2804dc3a5a57869a2dfdc137bb54d49c
http://security.ubuntu.com/ubuntu/pool/universe/n/netkit-telnet/telnetd_0.17-24ubuntu0.1_amd64.deb
Size/MD5: 43932 041bb557db0e071de540dae8ba703aac

i386 architecture (x86 compatible Intel/AMD)

http://security.gentoo.org/


Severity: Normal

Title: mpg321: Format string vulnerability Date: March 28, 2005 Bugs: #86033 ID: 200503-34


Synopsis

A flaw in the processing of ID3 tags in mpg321 could potentially lead to the execution of arbitrary code.

Background

mpg321 is a GPL replacement for mpg123, a command line audio player with support for ID3. ID3 is a tagging system that allows metadata to be embedded within media files.

Affected packages


Package / Vulnerable / Unaffected
1 media-sound/mpg321 < 0.2.10-r2 >= 0.2.10-r2

Description

A routine security audit of the mpg321 package revealed a known security issue remained unpatched. The vulnerability is a result of mpg321 printing embedded ID3 data to the console in an unsafe manner.

Impact

Successful exploitation would require a victim to play a specially crafted audio file using mpg321, potentially resulting in the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All mpg321 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/mpg321-0.2.10-r2"

References

[ 1 ] CVE-2003-0969

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0969

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-34.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

6.deb">http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/telnet_0.17-24ubuntu0.1_i386.deb
Size/MD5: 62892 37527def740efa14d836b69dc27f1b53
http://security.ubuntu.com/ubuntu/pool/universe/n/netkit-telnet/telnetd_0.17-24ubuntu0.1_i386.deb
Size/MD5: 40264 782d910cecdb2e54c70428ce1ab95c51

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/telnet_0.17-24ubuntu0.1_powerpc.deb
Size/MD5: 68312 0f428ccfee13a0cd327249a99bd61138
http://security.ubuntu.com/ubuntu/pool/universe/n/netkit-telnet/telnetd_0.17-24ubuntu0.1_powerpc.deb
Size/MD5: 42526 2eb26f374295a63137b8735b1225927b