:Advisories: April 6, 2005
Advisories: April 6, 2005 0 Talkback[s]
Gentoo Linux
http://security.gentoo.org/
Severity: Normal
The mit-krb5 telnet client is vulnerable to two buffer overflows, which
could allow a malicious telnet server operator to execute arbitrary
code.
The MIT Kerberos 5 implementation provides a command line telnet client
which is used for remote login via the telnet protocol.
A buffer overflow has been identified in the env_opt_add() function,
where a response requiring excessive escaping can cause a heap-based
buffer overflow. Another issue has been identified in the
slc_add_reply() function, where a large number of SLC commands can
overflow a fixed size buffer.
Successful exploitation would require a vulnerable user to connect to
an attacker-controlled telnet host, potentially executing arbitrary
code with the permissions of the telnet user on the client.
There is no known workaround at this time.
All mit-krb5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6-r2"
[ 1 ] CAN-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
[ 2 ] CAN-2005-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
[ 3 ] MITKRB5-SA-2005-001
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200504-04.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
http://security.gentoo.org/
Severity: Low
Gaim contains multiple vulnerabilities that can lead to a Denial of
Service.
Gaim is a full featured instant messaging client which handles a
variety of instant messaging protocols.
Multiple vulnerabilities have been addressed in the latest release of
Gaim:
A buffer overread in the gaim_markup_strip_html() function, which
is used when logging conversations (CAN-2005-0965).
Markup tags are improperly escaped using Gaim's IRC plugin
(CAN-2005-0966).
Sending a specially crafted file transfer request to a Gaim Jabber
user can trigger a crash (CAN-2005-0967).
An attacker could possibly cause a Denial of Service by exploiting any
of these vulnerabilities.
There is no known workaround at this time.
All Gaim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1"
[ 1 ] CAN-2005-0967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967
[ 2 ] CAN-2005-0966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966
[ 3 ] CAN-2005-0965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965
[ 4 ] Gaim Vulnerability Index
http://gaim.sourceforge.net/security/
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200504-05.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Slackware Linux
[slackware-security] PHP (SSA:2005-095-01)
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
and -current to fix security issues.
More details about the issues may be found in the PHP ChangeLogs on
the PHP web site: http://php.net
Here are the details from the Slackware 10.1 ChangeLog:
Updated package for Slackware 8.1:ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.11-i386-1.tgz
Updated package for Slackware 9.0:ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.11-i386-1.tgz
Updated package for Slackware 9.1:ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.11-i486-1.tgz
Updated package for Slackware 10.0:ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/php-4.3.11-i486-1.tgz
Updated packages for Slackware 10.1:ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/php-4.3.11-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.1/testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz
Updated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.11-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz
Slackware 8.1 package:
Slackware 9.0 package:
Slackware 9.1 package:
Slackware 10.0 package:
Slackware 10.1 packages:
Slackware -current packages:
First, stop apache:
Next, upgrade to the new PHP package:
Finally, restart apache:
+-----+
Slackware Linux Security Teamhttp://slackware.com/gpg-key security@slackware.com
Ubuntu Linux
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libgdk-pixbuf2
The problem can be corrected by upgrading the affected package to
version 0.22.0-7ubuntu1.1 (libgdk-pixbuf2) and 2.4.10-1ubuntu1.1
(libgtk2.0-0). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Details follow:
Matthias Clasen discovered a Denial of Service vulnerability in the
BMP image module of gdk. Processing a specially crafted BMP image with
an application using gdk-pixbuf caused an allocated memory block to be
free()'ed twice, leading to a crash of the application. However, it
is believed that this cannot be exploited to execute arbitrary
attacker provided code.
Source archives:http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.diff.gz http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.dsc http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.diff.gz http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.dsc http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10.orig.tar.gz
Architecture independent packages:http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.4.10-1ubuntu1.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.4.10-1ubuntu1.1_all.deb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_amd64.deb
i386 architecture (x86 compatible Intel/AMD)http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_powerpc.deb
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mysql-server
The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.5. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
USN-32-1 fixed a database privilege escalation vulnerability; original
advisory text:
"If a user was granted privileges to a database with a name
containing an underscore ("_"), the user also gained the ability to
grant privileges to other databases with similar names.
(CAN-2004-0957)"
Recently a corner case was discovered where this vulnerability can
still be exploited, so another update is necessary.=20
Source archives:http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.5.diff.gz
Size/MD5: 176049 5327f1a5d1a3827fba4f33d7292e1b41http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.5.dsc http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz
Architecture independent packages:http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.5_all.deb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.5_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient_4.0.20-2ubuntu1.5_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.5_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.5_amd64.deb
i386 architecture (x86 compatible Intel/AMD)http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 2774158 dabd78b39cf3a747206b3e8dd09d18d0http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient_4.0.20-2ubuntu1.5_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.5_i386.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.5_i386.deb
powerpc architecture (Apple Macintosh G3/G4/G5)http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 3110200 ec39921634e29dad12e91752936b7b04http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient_4.0.20-2ubuntu1.5_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.5_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.5_powerpc.deb
