Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories: April 13, 2005

Apr 14, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 706-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 13th, 2005 http://www.debian.org/security/faq


Package : axel
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0390
BugTraq ID : 13059

Ulf Härnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accellerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in version 1.0a-1woody1.

For the unstable distribution (sid) this problem has been fixed in version 1.0b-1.

We recommend that you upgrade your axel package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.dsc
Size/MD5 checksum: 562 9e458f6d5f1f008ea845dca78e92683c
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.diff.gz
Size/MD5 checksum: 3390 055745f2cf06c3c91aea35186dd83d19
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a.orig.tar.gz
Size/MD5 checksum: 44140 2d94c0b36b374834567f1fcec5f89119

Architecture independent components:

http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1woody1_all.deb
Size/MD5 checksum: 3838 954e797b55eb105bbe3ef57972b10071

Alpha architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_alpha.deb
Size/MD5 checksum: 41894 460f6ab4e5884cb055cfb37d84029e32

ARM architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_arm.deb
Size/MD5 checksum: 33796 e846b964a389aad2e60efca3c0a994e4

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_i386.deb
Size/MD5 checksum: 33304 0f7124e13654896568ed1d04b19c221f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ia64.deb
Size/MD5 checksum: 49084 d50de2a63ec516ca7d420e55c4f66927

HP Precision architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_hppa.deb
Size/MD5 checksum: 38552 01fbdbc4a778d6bc1964430567b96dc5

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_m68k.deb
Size/MD5 checksum: 31870 e07bc8f8895a4a03de20dfa3ecb427fe

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mips.deb
Size/MD5 checksum: 37086 0a7a17857b0b2f5d46cae69394bc44aa

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mipsel.deb
Size/MD5 checksum: 37208 e7370f632d2d84e18a59d923b4c48aec

PowerPC architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_powerpc.deb
Size/MD5 checksum: 36678 24f2fe3698ce4d4c64b0f266233874a9

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_s390.deb
Size/MD5 checksum: 34320 2aa3fc2c0e09ba46de4f3fb954580380

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_sparc.deb
Size/MD5 checksum: 37266 b5193597168fe3430754d480b29f02be

These files will probably be moved into the stable distribution on its next update.


Debian Security Advisory DSA 707-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 13th, 2005 http://www.debian.org/security/faq


Package : mysql
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0957
BugTraq ID : 12781
Debian Bug : 285276 296674 300158

Several vulnerabilities have been discovered in MySQL, a popular database. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2004-0957

Sergei Golubchik discovered a problem in the access handling for similar named databases. If a user is granted privileges to a database with a name containing an underscore ("_"), the user also gains privileges to other databases with similar names.

CAN-2005-0709

Stefano Di Paola discovered that MySQL allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls.

CAN-2005-0710

Stefano Di Paola discovered that MySQL allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table.

CAN-2005-0711

Stefano Di Paola discovered that MySQL uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

For the stable distribution (woody) these problems have been fixed in version 3.23.49-8.11.

For the unstable distribution (sid) these problems have been fixed in version 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of mysql-dfsg-4.1.

We recommend that you upgrade your mysql packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.dsc
Size/MD5 checksum: 877 df2d85bd322eb6d42287127aa911b07e
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.diff.gz
Size/MD5 checksum: 84421 13e0ec8441a97408ed4d0ab47981a333
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.11_all.deb
Size/MD5 checksum: 18094 578cfd9bbf7930981efc682c8e51b549
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
Size/MD5 checksum: 1962992 a4cacebaadf9d5988da0ed1a336b48e6

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 279398 3971a1aa23bde9baefeb5784ef0ade3a
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 780772 97e71d14a7a1d4dd21ed5deab8dd545e
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 164748 7162245a011bed2fe08d0de4f95cc4e1
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_alpha.deb
Size/MD5 checksum: 3636734 66c25c69c3579a9d69cd5b258ff5aaee

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_arm.deb
Size/MD5 checksum: 239882 4472b428cbb26a752ac0e81b051cf628
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_arm.deb
Size/MD5 checksum: 636536 ca50af2c717731c69542d5724a47fdf6
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_arm.deb
Size/MD5 checksum: 125156 e72c65ef2ec3bb5d2a4a98263ccadb2b
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_arm.deb
Size/MD5 checksum: 2808394 49c9bfb44afb893144171137b98eed12

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_i386.deb
Size/MD5 checksum: 236058 a166e82ba1b7444bf86273f6e2d06022
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_i386.deb
Size/MD5 checksum: 578064 a95797aa335d8f09ec119c553a766b08
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_i386.deb
Size/MD5 checksum: 123672 3bd8648dd73e9f8f435029907d7d8a32
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_i386.deb
Size/MD5 checksum: 2802056 dd4a223b162e6e13e0517220cc756fd3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 316690 8c537c85c8485fc053b05aa7647e9c95
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 850412 9b580b32697b20bd420682e2da02b55a
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 174958 4529edb2a8ed5275b858ddda14cafc9c
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_ia64.deb
Size/MD5 checksum: 4001168 dffcaa4ea670a963c2e1c87f86ca790b

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 282304 3192982a2bf0d1f4b4c898ffa45ee977
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 745680 1746b48072bcc93c4588d1e6f0c12b44
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 141770 b497d2bdd7032816a696985a65e32174
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_hppa.deb
Size/MD5 checksum: 3516268 216cbce37769115fe9d393b9193f4ad5

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 229238 0c5ae0cdfb69ee2e8eaff52119bbfdf5
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 559260 11b3be08f6cd4c916a56349908e73bc7
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 119552 291df2ccd20afd3ba5b426bc232e1681
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_m68k.deb
Size/MD5 checksum: 2648664 32253029744281d67cc32516d4415a7b

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mips.deb
Size/MD5 checksum: 252512 9f0d13488d1ef1d46b1cf954247c5d73
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mips.deb
Size/MD5 checksum: 690782 65245ff95983c58c49e5675e61ee3629
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mips.deb
Size/MD5 checksum: 135060 5382f4e78411fcb8364df226d27b6480
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mips.deb
Size/MD5 checksum: 2850534 1f6cbd34b484d6f57259c9c10d49c643

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 252176 fe3be8acd75ccb1206d32b66f4a7f696
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 690178 9bc96dee918e627234f5aba08e8ed174
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 135402 219d4706babc06c8995c8674687bdd3b
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mipsel.deb
Size/MD5 checksum: 2840476 f9feb1a4254acb12cd974fe7abdd7430

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 249246 d2433c23f8a83fbb7cfabaa7f1996ba0
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 654366 fc5f0eb155c521a8a2f2a621c58026ef
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 130604 06d0a734db8a480d31acfff1a032a1b2
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_powerpc.deb
Size/MD5 checksum: 2825402 7cb05dadadbdf7b2aeaebff9b1c57bdd

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_s390.deb
Size/MD5 checksum: 251522 0b0425e22e503cca3044457d1afb96a0
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_s390.deb
Size/MD5 checksum: 609212 f2e48ad9b41cd1aed57b0cf06a350c51
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_s390.deb
Size/MD5 checksum: 127578 e716610259ca1a56a5cc709bb0f39d8f
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_s390.deb
Size/MD5 checksum: 2692988 dc5da2e28c240fc7cd5d7a57038324c4

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 242480 7fdfd764be3bc3eaccb2370b6d55f501
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 617570 900be3d64a19cc29f7e20449a3cb95e0
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 131548 890954cb23d89714d7645fa60587854c
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_sparc.deb
Size/MD5 checksum: 2942040 5f234f648e9d269ca3df7167536bd2ae

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-316
2005-04-13

Product : Fedora Core 3
Name : openoffice.org
Version : 1.1.3
Release : 11.5.0.fc3
Summary : OpenOffice.org comprehensive office suite.

Description :
OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary.

The OpenOffice.org team hopes you enjoy working with OpenOffice.org!

Note: Non-.vor templates covered under the GPL license.


Update Information:

This update fixes many International Input issues with the IIIMF input framework, and also fixes the CAN-2005-0941 security issue recently made public.


  • Tue Apr 12 2005 Dan Williams <dcbw@redhat.com> - 1.1.3-11
    • Fix CAN-2005-0941 (sot module overflow in .doc parsing)
  • Wed Apr 6 2005 Dan Williams <dcbw@redhat.com> - 1.1.3-10
    • #rh137398# [iiimgcf] general event handling - gtk_im_context_reset()
    • #rh144557# (IIIMF canna) oocalc TAB fails to cancel preedit
    • #rh153209# OO Writer crashes on tab-click in Format-Character dialog
    • Remove FC4 and RHEL4 bits from specfile since they don't use this OOo version

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

2cb5198e4f3281bae379a43b376e1c9a SRPMS/openoffice.org-1.1.3-11.5.0.fc3.src.rpm
21c972e284c66234639958c70d670a14 x86_64/openoffice.org-1.1.3-11.5.0.fc3.i386.rpm
149292db2a062be2be870cf472a12154 x86_64/openoffice.org-libs-1.1.3-11.5.0.fc3.i386.rpm
c7dc3c01930626f3a5cf23e9f4d88668 x86_64/openoffice.org-i18n-1.1.3-11.5.0.fc3.i386.rpm
21c972e284c66234639958c70d670a14 i386/openoffice.org-1.1.3-11.5.0.fc3.i386.rpm
149292db2a062be2be870cf472a12154 i386/openoffice.org-libs-1.1.3-11.5.0.fc3.i386.rpm
c7dc3c01930626f3a5cf23e9f4d88668 i386/openoffice.org-i18n-1.1.3-11.5.0.fc3.i386.rpm
5c5c22683584c33c7bffb61bface8c58 i386/openoffice.org-kde-1.1.3-11.5.0.fc3.i386.rpm
3a7419e0835daed344ceddfd2fd8372d i386/debug/openoffice.org-debuginfo-1.1.3-11.5.0.fc3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Gentoo Linux

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200504-10

http://security.gentoo.org/


Severity: High
Title: Gld: Remote execution of arbitrary code
Date: April 13, 2005
Bugs: #88904
ID: 200504-10


Synopsis

Gld contains several serious vulnerabilities, potentially resulting in the execution of arbitrary code as the root user.

Background

Gld is a standalone greylisting server for Postfix.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  mail-filter/gld       <= 1.4                               >= 1.5

Description

dong-hun discovered several buffer overflows in server.c, as well as several format string vulnerabilities in cnf.c.

Impact

An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root.

Workaround

There is no known workaround at this time.

Resolution

All Gld users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-filter/gld-1.5"

References

[ 1 ] SecurityTracker ID 1013678

http://securitytracker.com/alerts/2005/Apr/1013678.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200504-11

http://security.gentoo.org/


Severity: High
Title: JunkBuster: Multiple vulnerabilities
Date: April 13, 2005
Bugs: #88537
ID: 200504-11


Synopsis

JunkBuster is vulnerable to a heap corruption vulnerability, and under certain configurations may allow an attacker to modify settings.

Background

JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  www-proxy/junkbuster     < 2.0.2-r3                   >= 2.0.2-r3

Description

James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a specially crafted URL. Tavis Ormandy of the Gentoo Linux Security Audit Team identified a heap corruption issue in the filtering of URLs.

Impact

If JunkBuster has been configured to run in single-threaded mode, an attacker can disable or modify the filtering of Referrer: HTTP headers, potentially compromising the privacy of users. The heap corruption vulnerability could crash or disrupt the operation of the proxy, potentially executing arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All JunkBuster users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-proxy/junkbuster-2.0.2-r3"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.


Gentoo Linux Security Advisory GLSA 200504-12

http://security.gentoo.org/


Severity: High
Title: rsnapshot: Local privilege escalation
Date: April 13, 2005
Bugs: #88681
ID: 200504-12


Synopsis

rsnapshot allow a local user to take ownership of local files, resulting in privilege escalation.

Background

rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  net-misc/rsnapshot       < 1.2.1                         >= 1.2.1

Description

The copy_symlink() subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself.

Impact

Under certain circumstances, local attackers can exploit this vulnerability to take ownership of arbitrary files, resulting in local privilege escalation.

Workaround

The copy_symlink() subroutine is not called if the cmd_cp parameter has been enabled.

Resolution

All rsnapshot users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/rsnapshot-1.2.1"

References

[ 1 ] rsnapshot Security Advisory 001

http://www.rsnapshot.org/security/2005/001.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: MySQL
Advisory ID: MDKSA-2005:070
Date: April 12th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1


Problem Description:

A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character ("_") to have the ability to grant privileges to other databases with similar names. This problem was previously discovered and fixed, but a new case where the problem still existed was recently discovered.

The updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957


Updated Packages:

Mandrakelinux 10.0:
417cd23f30451f252fea813d9f4ef3c2 10.0/RPMS/libmysql12-4.0.18-1.5.100mdk.i586.rpm
b831453eaa8fc45453e1744f8b3917f7 10.0/RPMS/libmysql12-devel-4.0.18-1.5.100mdk.i586.rpm
42b1d9cd652da8515b0380ff95b79f46 10.0/RPMS/MySQL-4.0.18-1.5.100mdk.i586.rpm
a551c71aad62c5df13a82b4056d566eb 10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.i586.rpm
685631fa240211a8184e643dc3d5f1cb 10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.i586.rpm
4e0fd82c672bc2da6dab8762c4d6b081 10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.i586.rpm
a4ac1306800921e4f4aa281061275bc4 10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.i586.rpm
90878d81d7401596b2da6b361fe2e360 10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
d8d8592e1c408b6422ac049e27619a01 amd64/10.0/RPMS/lib64mysql12-4.0.18-1.5.100mdk.amd64.rpm
092ba14f09198f4829cedefc08d00cec amd64/10.0/RPMS/lib64mysql12-devel-4.0.18-1.5.100mdk.amd64.rpm
d266108df4723f914a59053d79fb9bb7 amd64/10.0/RPMS/MySQL-4.0.18-1.5.100mdk.amd64.rpm
04ddb557422c15f8c1f8d1eaddbafec4 amd64/10.0/RPMS/MySQL-Max-4.0.18-1.5.100mdk.amd64.rpm
51973164698815c2f6c2dbb6e2139199 amd64/10.0/RPMS/MySQL-bench-4.0.18-1.5.100mdk.amd64.rpm
60f890d8b8cbf29b9685f754b5c88d5d amd64/10.0/RPMS/MySQL-client-4.0.18-1.5.100mdk.amd64.rpm
d96b21d3ae9824214b864608b3577dbf amd64/10.0/RPMS/MySQL-common-4.0.18-1.5.100mdk.amd64.rpm
90878d81d7401596b2da6b361fe2e360 amd64/10.0/SRPMS/MySQL-4.0.18-1.5.100mdk.src.rpm

Mandrakelinux 10.1:
a6f881afe9579d59a9bb1dd6ad17baa8 10.1/RPMS/libmysql12-4.0.20-3.4.101mdk.i586.rpm
39f4f644320f49c51e873359eabf7b2c 10.1/RPMS/libmysql12-devel-4.0.20-3.4.101mdk.i586.rpm
4add025687ece5f2c8d8a90d75609904 10.1/RPMS/MySQL-4.0.20-3.4.101mdk.i586.rpm
b1c67252efd4ebd6d61aec46aceb40f1 10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.i586.rpm
489792984418629f6242ac779c68f222 10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.i586.rpm
ad896c2dbc95537f27dd730c9b56ee39 10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.i586.rpm
63288467c444fb9347ec1fe309816534 10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.i586.rpm
779b911478fa081b608a68ab6e8e2970 10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
897990c787d88ae1cded68f4b0744cc0 x86_64/10.1/RPMS/lib64mysql12-4.0.20-3.4.101mdk.x86_64.rpm
5062c8704732e87a7457b7d8a78beaa4 x86_64/10.1/RPMS/lib64mysql12-devel-4.0.20-3.4.101mdk.x86_64.rpm
4ccc4901dfaccc2841f94baf3a1c15a0 x86_64/10.1/RPMS/MySQL-4.0.20-3.4.101mdk.x86_64.rpm
4da118dcd84c51df2692260d94891f12 x86_64/10.1/RPMS/MySQL-Max-4.0.20-3.4.101mdk.x86_64.rpm
af2fb55fdeaf9b535a5de92288271037 x86_64/10.1/RPMS/MySQL-bench-4.0.20-3.4.101mdk.x86_64.rpm
edfac12d91bb39fc57a2fb49a9729546 x86_64/10.1/RPMS/MySQL-client-4.0.20-3.4.101mdk.x86_64.rpm
2c3fc2282673cdaf70949400b2192f50 x86_64/10.1/RPMS/MySQL-common-4.0.20-3.4.101mdk.x86_64.rpm
779b911478fa081b608a68ab6e8e2970 x86_64/10.1/SRPMS/MySQL-4.0.20-3.4.101mdk.src.rpm

Corporate Server 2.1:
fee1c58289d49e1c519f77e9a1d13c50 corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.i586.rpm
f6551af58f46aa65c3dc6de68ec34961 corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.i586.rpm
8391e0abdbcfde47585d768819b7f361 corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.i586.rpm
2269ed0f6f7267a464b214248e0cd9fb corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.i586.rpm
27d9c33c5213b04ab8222ac10b42bd97 corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.i586.rpm
35b20bc721c1343ccbb2cdcd1c097a1a corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.i586.rpm
4bab4afbeee17e8ca6d31b57964aab10 corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
5c8d616a2cb39ae05ec8f4724707009f x86_64/corporate/2.1/RPMS/libmysql10-3.23.56-1.10.C21mdk.x86_64.rpm
acea8f383bb42d00d4256fa607c4c2ec x86_64/corporate/2.1/RPMS/libmysql10-devel-3.23.56-1.10.C21mdk.x86_64.rpm
51f588ba999d520a44093a7e75d68622 x86_64/corporate/2.1/RPMS/MySQL-3.23.56-1.10.C21mdk.x86_64.rpm
b5a0c02550feee335b4be9a3f522f722 x86_64/corporate/2.1/RPMS/MySQL-Max-3.23.56-1.10.C21mdk.x86_64.rpm
78cd60307b15749852130e11afbe3627 x86_64/corporate/2.1/RPMS/MySQL-bench-3.23.56-1.10.C21mdk.x86_64.rpm
b87924ea315b70d97dea1828fe4d411a x86_64/corporate/2.1/RPMS/MySQL-client-3.23.56-1.10.C21mdk.x86_64.rpm
4bab4afbeee17e8ca6d31b57964aab10 x86_64/corporate/2.1/SRPMS/MySQL-3.23.56-1.10.C21mdk.src.rpm

Corporate 3.0:
29f5de555916e07a2eb3334f2981b679 corporate/3.0/RPMS/libmysql12-4.0.18-1.5.C30mdk.i586.rpm
f7e02a5400d09d850b8fa7cf0682b18f corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.5.C30mdk.i586.rpm
09b527600f42ec813228487fc360ef3a corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.i586.rpm
6f63a5bd9e92fd9282c4eb1dbf837d5f corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.i586.rpm
439c0118fd7729148826b0fb62429a4e corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.i586.rpm
6930f021fdaf18fa4f5db4cfd19a2f0b corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.i586.rpm
bf38329d5b2b25640db08ca71f4b3996 corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.i586.rpm
e7a934802980f13ead8d4cbde91c9272 corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
dbf8b1639bf38cae748ce0e88e9ffa2a x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.5.C30mdk.x86_64.rpm
1363deae1247afac0d47a5ea88446ad1 x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.5.C30mdk.x86_64.rpm
1b91795ad659e8ab56e73e30a06c002c x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.5.C30mdk.x86_64.rpm
cffa0c76bfbfbbffa840b109505a8c9d x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.5.C30mdk.x86_64.rpm
3c02203cbfef60142e1686ab5574b387 x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.5.C30mdk.x86_64.rpm
fd474c00f7584a000b8727bc25f1816d x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.5.C30mdk.x86_64.rpm
90fa8c3c9656e39c4380957e41305a05 x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.5.C30mdk.x86_64.rpm
e7a934802980f13ead8d4cbde91c9272 x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.5.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>