Linux Today - Advisories: September 1, 2005

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories: September 1, 2005

Advisories: September 1, 2005
Sep 2, 2005, 04 :45 UTC (0 Talkback[s]) (4371 reads)

Debian GNU/Linux

Debian Security Advisory DSA 779-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 1st, 2005 http://www.debian.org/security/faq

Package : mozilla-firefox
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2260 CAN-2005-2261 CAN-2005-2262 CAN-2005-2263 CAN-2005-2264 CAN-2005-2265 CAN-2005-2266 CAN-2005-2267 CAN-2005-2268 CAN-2005-2269 CAN-2005-2270
BugTraq ID : 14242
Debian Bug : 318061

We experienced that the update for Mozilla Firefox from DSA 779-1 unfortunately was a regression in several cases. Since the usual praxis of backporting apparently does not work, this update is basically version 1.0.6 with the version number rolled back, and hence still named 1.0.4-*. For completeness below is the original advisory text:

Several problems have been discovered in Mozilla Firefox, a lightweight web browser based on Mozilla. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2005-2260

The browser user interface does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.

CAN-2005-2261

XML scripts ran even when Javascript disabled.

CAN-2005-2262

The user can be tricked to executing arbitrary JavaScript code by using a JavaScript URL as wallpaper.

CAN-2005-2263

It is possible for a remote attacker to execute a callback function in the context of another domain (i.e. frame).

CAN-2005-2264

By opening a malicious link in the sidebar it is possible for remote attackers to steal sensitive information.

CAN-2005-2265

Missing input sanitising of InstallVersion.compareTo() can cause the application to crash.

CAN-2005-2266

Remote attackers could steal sensitive information such as cookies and passwords from web sites by accessing data in alien frames.

CAN-2005-2267

By using standalone applications such as Flash and QuickTime to open a javascript: URL, it is possible for a remote attacker to steal sensitive information and possibly execute arbitrary code.

CAN-2005-2268

It is possible for a Javascript dialog box to spoof a dialog box from a trusted site and facilitates phishing attacks.

CAN-2005-2269

Remote attackers could modify certain tag properties of DOM nodes that could lead to the execution of arbitrary script or code.

CAN-2005-2270

The Mozilla browser familie does not properly clone base objects, which allows remote attackers to execute arbitrary code.

The old stable distribution (woody) is not affected by these problems.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge3.

For the unstable distribution (sid) these problems have been fixed in version 1.0.6-1.

We recommend that you upgrade your Mozilla Firefox packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3.dsc
      Size/MD5 checksum: 1001 e9e343d5899bc10b64650464839db1dc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3.diff.gz
      Size/MD5 checksum: 323682 3e07c7d42de155ed01210386bc2f06f7
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_alpha.deb
      Size/MD5 checksum: 11162870 103e4b84e9d2052cb4260b96e41319aa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_alpha.deb
      Size/MD5 checksum: 166886 906bfa51b6c0cb8966fe06aec2b5816e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_alpha.deb
      Size/MD5 checksum: 58708 1b3025f62bb3cb67b32c73c9f20ac5ba

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_amd64.deb
      Size/MD5 checksum: 9397790 6b14119f896013d55826cb59dac50c3b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_amd64.deb
      Size/MD5 checksum: 161636 33635aa0e4e18a2f8868bb49969a37a6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_amd64.deb
      Size/MD5 checksum: 57194 a46c10258c9929c8e9f8001838dc4fe4

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_arm.deb
      Size/MD5 checksum: 8216696 f39cae6e1e57a572c316c14cc6c0b3d6
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_arm.deb
      Size/MD5 checksum: 153076 c634b6a8d6f42008526607877071bcaa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_arm.deb
      Size/MD5 checksum: 52548 04b5b1e840e77b56837e1991c11a9ff6

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_i386.deb
      Size/MD5 checksum: 8889628 c7730b4e3df2f6a0bb12186a52884a9e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_i386.deb
      Size/MD5 checksum: 156844 806fd550f9a5283e4fab73443c73fbcd
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_i386.deb
      Size/MD5 checksum: 54096 9eb9d71896406a619bd186bfe10ed0f2

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_ia64.deb
      Size/MD5 checksum: 11617476 564858f6b1f36f84a1fa9e8c7cb71316
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_ia64.deb
      Size/MD5 checksum: 167224 b574fe291d5537628022434ef13c9587
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_ia64.deb
      Size/MD5 checksum: 61876 4625f067b0cdb1a0de04829a9edbc6d7

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_hppa.deb
      Size/MD5 checksum: 10266194 05ebaf745a3854b8a4dc8dd0e1cff53c
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_hppa.deb
      Size/MD5 checksum: 164592 902df65efa25b497b99a62d1a38acc2e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_hppa.deb
      Size/MD5 checksum: 57692 2221b941de975d360a6f2123d83a73ea

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_m68k.deb
      Size/MD5 checksum: 8167252 23f5666813a7118b5a1e841337b2b9aa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_m68k.deb
      Size/MD5 checksum: 155742 f46394239362846cfdbe2f2d316bbc18
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_m68k.deb
      Size/MD5 checksum: 53352 619ac605ca4c6d0b449f6b2652b76463

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_mips.deb
      Size/MD5 checksum: 9919620 0f246fc3335b23e9975d78b0f86a2682
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_mips.deb
      Size/MD5 checksum: 154596 90a7786ea46368235be9b052b07eb7d0
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_mips.deb
      Size/MD5 checksum: 54366 ccec0a41faf2945c6ec426311fe4bf77

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_mipsel.deb
      Size/MD5 checksum: 9803502 117b7e5ea7a0d7b78518218009024eaa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_mipsel.deb
      Size/MD5 checksum: 154172 a090df008b2336d500d772cf538dbe3e
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_mipsel.deb
      Size/MD5 checksum: 54180 1dde88657a7740f8261f8804a5bc3a13

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_powerpc.deb
      Size/MD5 checksum: 8561832 f6dd2ad6a53d96b8779fcecd022733ae
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_powerpc.deb
      Size/MD5 checksum: 155236 88e76f256f6aa39c93ca73b95141e6fc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_powerpc.deb
      Size/MD5 checksum: 56482 1525d1b14855694f62110a8fd2ad4b61

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_s390.deb
      Size/MD5 checksum: 9635736 770eca99436ee1646cc9af8eb1f4bce4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_s390.deb
      Size/MD5 checksum: 162228 c17de607a44ebdd3838d07a8d784f9b8
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_s390.deb
      Size/MD5 checksum: 56664 ead0e97932f0bc9ad8c756d46cf6540f

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_sparc.deb
      Size/MD5 checksum: 8651242 7b87e6d2fca175b70259035c0d5506cf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_sparc.deb
      Size/MD5 checksum: 155458 2ae1ce848a6ea81a485f2f1240f894cc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_sparc.deb
      Size/MD5 checksum: 52906 89b1bb81288c9fa1f156ba6354292484

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 792-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 31st, 2005 http://www.debian.org/security/faq

Package : pstotext
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2536
BugTraq ID : 14378
Debian Bug : 319758

Max Vozeler discovered that pstotext, a utility to extract text from PostScript and PDF files, did not execute ghostscript with the -dSAFER argument, which prevents potential malicious operations to happen.

For the old stable distribution (woody) this problem has been fixed in version 1.8g-5woody1.

For the stable distribution (sarge) this problem has been fixed in version 1.9-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 1.9-2.

We recommend that you upgrade your pstotext package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1.dsc
      Size/MD5 checksum: 569 5e4999fac3cb50533b8fa55fa9b8d839
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1.diff.gz
      Size/MD5 checksum: 5551 e8656ca1e70907515dea96f646defbeb
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g.orig.tar.gz
      Size/MD5 checksum: 36193 dfabf95fffea52cc03d8728617ca1b1e

Alpha architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_alpha.deb
Size/MD5 checksum: 33478 dc7994b7f762a99cda3f6e9eebfd5078

ARM architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_arm.deb
Size/MD5 checksum: 31158 64eb3bb5eaf13a54356bd8b55212ac93

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_i386.deb
Size/MD5 checksum: 31140 ed687aa111ef4d56fd7b2fb220f8118a

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_ia64.deb
Size/MD5 checksum: 37056 7ac97b49306cf896bb3d62b6b076ecb0

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_hppa.deb
Size/MD5 checksum: 32884 6e7b79977d550e6981b0a6849face1b9

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_m68k.deb
Size/MD5 checksum: 30124 5b23f0c04107d284c561d1621c4fd9d1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_mips.deb
Size/MD5 checksum: 32978 56283a3ef2931d2c4759c4c56218f83a

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_mipsel.deb
Size/MD5 checksum: 32624 29ed7091abca377c4b91fa68d7bc48cb

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_powerpc.deb
Size/MD5 checksum: 32082 c8b4af3f34d681f9dabe4ff31bf0434a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_s390.deb
Size/MD5 checksum: 31354 ce7f8f5b398350e9d779a847b7c5ef2f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_sparc.deb
Size/MD5 checksum: 35050 e6e74a1ccfc2cb7246911b2f0427609f

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1.dsc
      Size/MD5 checksum: 566 a4a25eaf8322a20742fb0eac628c096c
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1.diff.gz
      Size/MD5 checksum: 7817 634b242dbb68cbb6cf1595e6fa390d0e
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz
      Size/MD5 checksum: 37461 64576e8a10ff5514e285d98b3898ae78

Alpha architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_alpha.deb
Size/MD5 checksum: 34084 82b71b24a4248ea05d243aa1d7b00e7c

AMD64 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_amd64.deb
Size/MD5 checksum: 33670 b5911eb9b067b55315dadfba9c8cb590

ARM architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_arm.deb
Size/MD5 checksum: 32260 426147c50900aba089a9eb430e2094bb

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_i386.deb
Size/MD5 checksum: 32632 e2f9a3859fe3061c85d4f1a54253062e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_ia64.deb
Size/MD5 checksum: 37624 76f3ed1bb870504692fe7fadbeb6e9b7

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_hppa.deb
Size/MD5 checksum: 34282 7570594eef38d55ebb26e981c8de306b

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_m68k.deb
Size/MD5 checksum: 31370 b9bd589dbbaf0d516cefb4f0b40397be

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_mips.deb
Size/MD5 checksum: 34196 ac148736eaeedd368b6114c79c45b569

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_mipsel.deb
Size/MD5 checksum: 33800 f9bad656d356e522daf2de44c0cc5f26

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_powerpc.deb
Size/MD5 checksum: 33408 1b7b3cf7e04b3bf313d798ee822f7e92

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_s390.deb
Size/MD5 checksum: 32948 b10976913ca43591166801bb9844f096

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_sparc.deb
Size/MD5 checksum: 32992 c15517e727b7c38adec0f5f85282c430

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 793-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 1st, 2005 http://www.debian.org/security/faq

Package : courier
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2724
Debian Bug : 325631

Jakob Balle discovered a vulnerability in the handling of attachments in sqwebmail, a web mail application provided by the courier mail suite, which can be exploited by an attacker to conduct script insertion attacks.

For the old stable distribution (woody) this problem has been fixed in version 0.37.3-2.6.

For the stable distribution (sarge) this problem has been fixed in version 0.47-4sarge2.

For the unstable distribution (sid) this problem has been fixed in version 0.47-8.

We recommend that you upgrade your sqwebmail package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.6.dsc
      Size/MD5 checksum: 913 9e519251e523fe1c3cb5b13438e256b3
    http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.6.diff.gz
      Size/MD5 checksum: 33752 bbb1f5cd5cc2733f1701c11d3ceddd8c
    http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
      Size/MD5 checksum: 3238013 350cbb2e8b5f384409bdf2a15d605bc9

Architecture independent components:

http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.6_all.deb
Size/MD5 checksum: 313516 a3469989b9f87d801c0cf57b82c03992

Alpha architecture:

ARM architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

HP Precision architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge2.dsc
      Size/MD5 checksum: 1216 f29934cae094798bd4316f7640973bde
    http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge2.diff.gz
      Size/MD5 checksum: 93616 61ca0d34db0b5f0184cb3bf1696bdb38
    http://security.debian.org/pool/updates/main/c/courier/courier_0.47.orig.tar.gz
      Size/MD5 checksum: 6350808 361a84e497148ce557c150d3576ec24b

Architecture independent components:

http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.47-4sarge2_all.deb
Size/MD5 checksum: 370472 9c8ba4d37266adc45e76acdb97d34979

Alpha architecture:

AMD64 architecture:

ARM architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

HP Precision architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 794-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 1st, 2005 http://www.debian.org/security/faq

Package : polygen
Vulnerability : programming error
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-2656
Debian Bug : 325468

Justin Rye noticed that polygen generates precompiled grammar objects world-writable, which can be exploited by a local attacker to at least fill up the filesystem.

The old stable distribution (woody) does not contain the polygen package.

For the stable distribution (sarge) this problem has been fixed in version 1.0.6-7sarge1.

For the unstable distribution (sid) this problem has been fixed in version 1.0.6-9.

We recommend that you upgrade your polygen package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6-7sarge1.dsc
      Size/MD5 checksum: 624 5884af6c72cffb4715dec28af8f6dd6d
    http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6-7sarge1.diff.gz
      Size/MD5 checksum: 3874 2d23ba087885b09cf130c8cbd1cb69ff
    http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6.orig.tar.gz
      Size/MD5 checksum: 360877 f75f09a959069e6492845fb10f0d29e2

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/polygen/polygen-data_1.0.6-7sarge1_all.deb
      Size/MD5 checksum: 263626 f8fd3d92d9df8cab3a4e980e02af661b
    http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6-7sarge1_all.deb
      Size/MD5 checksum: 85244 09cb354582c54eb20cb78d0912ee3eef

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200508-21

http://security.gentoo.org/

Severity: High
Title: phpWebSite: Arbitrary command execution through XML-RPC and SQL injection
Date: August 31, 2005
Bugs: #102785
ID: 200508-21

Synopsis

phpWebSite is vulnerable to multiple issues which result in the execution of arbitrary code and SQL injection.

Background

phpWebSite is a web site content management system.

Affected packages


     Package              /   Vulnerable   /                Unaffected

  1  www-apps/phpwebsite     < 0.10.2_rc2                >= 0.10.2_rc2

Description

phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrix_killer" reported that phpWebSite is vulnerable to an SQL injection attack.

Impact

A malicious remote user could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document, and also inject SQL commands to access the underlying database directly.

Workaround

There is no known workaround at this time.

Resolution

All phpWebSite users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.2_rc2"

References

[ 1 ] CAN-2005-2498

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

[ 2 ] Original Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0497.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-21.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200508-22

http://security.gentoo.org/

Severity: Normal
Title: pam_ldap: Authentication bypass vulnerability
Date: August 31, 2005
Bugs: #103659
ID: 200508-22

Synopsis

pam_ldap contains a vulnerability that may allow a remote attacker to gain system access.

Background

pam_ldap is a Pluggable Authentication Module which allows authentication against LDAP directories.

Affected packages


     Package            /  Vulnerable  /                    Unaffected

  1  sys-auth/pam_ldap        < 180                             >= 180

Description

When a pam_ldap client attempts to authenticate against an LDAP server that omits the optional error value from the PasswordPolicyResponseValue, the authentication attempt will always succeed.

Impact

A remote attacker may exploit this vulnerability to bypass the LDAP authentication mechanism, gaining access to the system possibly with elevated privileges.

Workaround

There is no known workaround at this time.

Resolution

All pam_ldap users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-auth/pam_ldap-180"

References

[ 1 ] CAN-2005-2641

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2641

[ 2 ] US-CERT VU#778916

http://www.kb.cert.org/vuls/id/778916

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-22.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200509-01

http://security.gentoo.org/

Severity: Normal
Title: MPlayer: Heap overflow in ad_pcm.c
Date: September 01, 2005
Bugs: #103555
ID: 200509-01

Synopsis

A heap overflow in MPlayer might lead to the execution of arbitrary code.

Background

MPlayer is a media player capable of handling multiple multimedia file formats.

Affected packages


     Package              /    Vulnerable    /              Unaffected

  1  media-video/mplayer      < 1.0_pre7-r1             >= 1.0_pre7-r1

Description

Sven Tantau discovered a heap overflow in the code handling the strf chunk of PCM audio streams.

Impact

An attacker could craft a malicious video or audio file which, when opened using MPlayer, would end up executing arbitrary code on the victim's computer with the permissions of the user running MPlayer.

Workaround

You can mitigate the issue by adding "ac=-pcm," to your MPlayer configuration file (note that this will prevent you from playing uncompressed audio).

Resolution

All MPlayer users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre7-r1"

References

[ 1 ] CAN-2005-2718

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718

[ 2 ] Original Advisory

http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-01.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

SUSE Linux

SUSE Security Announcement

Package: kernel
Announcement ID: SUSE-SA:2005:050
Date: Thu, 01 Sep 2005 14:00:00 +0000
Affected Products: 9.1, 9.2, 9.3 SUSE Linux Enterprise Server 9 Novell Linux Desktop 9
Vulnerability Type: denial of service, local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2555 CAN-2005-2456 CAN-2005-0916

Content of This Advisory:

Security Vulnerability Resolved: various security issues and bugfixes for the Linux kernel Problem Description
Solution or Workaround
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Workarounds: See SUSE Security Summary Report.
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

The Linux kernel was updated to fix the following security issues:

CAN-2005-2457: A problem in decompression of files on "zisofs" filesystem was fixed.
CAN-2005-2458: A potential buffer overflow in the zlib decompression handling in the kernel was fixed.
CAN-2005-2459: Some return codes in zlib decoding were fixed which could have led to an attacker crashing the kernel.
CAN-2005-2555: Only processes with the CAP_NET_ADMIN capability is now allowed load socket policies.
CAN-2005-2456: Fixed a potential overflow caused by missing boundary checks of sock->sk_policy in net/xfrm/.
AMD64/EM64T/x86_64 only: A previous fix for a denial of service attack with compat 32bit mode programs was too strict and could crash the kernel. (The earlier fix had the Mitre CVE ID CAN-2005-1765.)
S/390 only: Fixed /sys/ permissions where a user could change machine states, including powering down or up partitions.
CAN-2005-0916: PowerPC only: A missing patch for a hugetlb memory context handling problem was added.

Above problems affect SUSE Linux 9.1 up to 9.3 and SUSE Linux Enterprise Server 9.

Additionally following bugs were fixed for SUSE Linux Enterprise Server 9 and SUSE Linux 9.1:

The reported process start times sometimes were incorrect.
The OCFS2 filesystem was updated to version 1.0.2. (SLES 9 only)
A potential deadlock in cpuset handling was fixed.
Fixed a potential crash on startup of the tg3 network driver.
Avoid high IRQ latencies in the VM handling.
rpm/post.sh was fixed so that initrd.previous is preserved again.
A problem in the handling of the tape ioctl MTIOCPOS was fixed.
Make the OOM process killer send SIGTERM first instead of SIGKILL.
Fixed a netfilter connection track return code mismatch.
Fixed a typo in the ipt_TTL netfilter module.
XEN was updated to version 2.0.6b. (i386 only)
Allow rsize/wsize values less than 4096 for NFS mounts.
A data corruption problem within the reiserfs filesystem in the handling of writing to mmaped regions after close of the file descriptor was fixed.

2) Solution or Workaround

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

SPECIAL INSTALLATION INSTRUCTIONS

The following paragraphs guide you through the installation process in a step-by-step fashion. The character sequence "****" marks the beginning of a new paragraph. In some cases, the steps outlined in a particular paragraph may or may not be applicable to your situation. Therefore, make sure that you read through all of the steps below before attempting any of these procedures. All of the commands that need to be executed must be run as the superuser 'root'. Each step relies on the steps before it to complete successfully.

Step 1: Determine the needed kernel type.
Use the following command to determine which kind of kernel is installed on your system:
```
      rpm -qf --qf '%{name}n' /boot/vmlinuz
```
Step 2: Download the packages for your system.
Download the kernel RPM package for your distribution with the name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel modules that are not free were moved to a separate package with the suffix '-nongpl' in its name. Download that package as well if you rely on hardware that requires non-free drivers, such as some ISDN adapters. The list of all kernel RPM packages is appended below. The kernel-source package does not contain a binary kernel in bootable form. Instead, it contains the sources that correspond with the binary kernel RPM packages. This package is required to build third party add-on modules.
Step 3: Verify authenticity of the packages.
Verify the authenticity of the kernel RPM package using the methods as listed in Section 6 of this SUSE Security Announcement.
Step 4: Installing your kernel rpm package.
Install the rpm package that you have downloaded in Step 2 with the command
```
         rpm -Uhv <FILE>
```
replacing <FILE> with the filename of the RPM package downloaded.
Warning: After performing this step, your system may not boot unless the following steps have been followed completely.
Step 5: Configuring and creating the initrd.
The initrd is a RAM disk that is loaded into the memory of your system together with the kernel boot image by the boot loader. The kernel uses the content of this RAM disk to execute commands that must be run before the kernel can mount its root file system. The initrd is typically used to load hard disk controller drivers and file system modules. The variable INITRD_MODULES in /etc/sysconfig/kernel determines which kernel modules are loaded in the initrd.
After a new kernel rpm has been installed, the initrd must be recreated to include the updated kernel modules. Usually this happens automatically when installing the kernel rpm. If creating the initrd fails for some reason, manually run the command
```
       /sbin/mkinitrd
```
Step 6: Update the boot loader, if necessary.
Depending on your software configuration, you either have the LILO or GRUB boot loader installed and initialized on your system. Use the command
```
       grep LOADER_TYPE /etc/sysconfig/bootloader
```
to find out which boot loader is configured.
The GRUB boot loader does not require any further action after a new kernel has been installed. You may proceed to the next step if you are using GRUB.
If you use the LILO boot loader, lilo must be run to reinitialize the boot sector of the hard disk. Usually this happens automatically when installing the kernel RPM. In case this step fails, run the command
```
       /sbin/lilo
```
Warning: An improperly installed boot loader will render your system unbootable.
Step 7: Reboot.
If all of the steps above have been successfully completed on your system, the new kernel including the kernel modules and the initrd are ready to boot. The system needs to be rebooted for the changes to be active. Make sure that all steps have been completed then reboot using the command
```
       /sbin/shutdown -r now
```
Your system will now shut down and restart with the new kernel.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command

     rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package.

Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web.

x86 Platform:

x86-64 Platform:

5) Pending Vulnerabilities, Solutions, and Workarounds:

See SUSE Security Summary Report.

6) Authenticity Verification and Additional Information

Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
```
      gpg --verify <file>
```
replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"

where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
```
      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
```
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package:
1. Using the internal gpg signatures of the rpm package
2. MD5 checksums as provided in this announcement
1. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
```
        rpm -v --checksig <file.rpm>
```
  to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA.
  This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
2. If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command
```
         md5sum <filename.rpm>
```
  after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified.
SUSE runs two security mailing lists to which any interested party may subscribe:
- suse-security@suse.com
  General Linux and SUSE security discussion.
  All SUSE security announcements are sent to this list. To subscribe, send an e-mail to
  <suse-security-subscribe@suse.com>.
- suse-security-announce@suse.com
- SUSE's announce-only mailing list.
  Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to
  <suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (FAQ), send mail to <suse-security-info@suse.com> or <suse-security-faq@suse.com>.

SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below.

The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Ubuntu Linux

Ubuntu Security Notice USN-173-4 August 31, 2005
python2.1, python2.2, python2.3, gnumeric vulnerabilities
CAN-2005-2491

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gnumeric
python2.1
python2.2
python2.3

On Ubuntu 4.10, the problem can be corrected by upgrading the affected package to version 1.2.13-1ubuntu2.1 (gnumeric), 2.1.3-24.ubuntu0.1 (python2.1), 2.2.3-10.ubuntu0.2 (python2.2), and 2.3.4-2.ubuntu0.2 (python2.3).

On Ubuntu 5.04, the problem can be corrected by upgrading the affected package to version 1.4.2-1ubuntu3.1 (gnumeric), 2.2.3dfsg-1ubuntu0.1 (python2.2), and 2.3.5-2ubuntu0.1 (python2.3).

After performing a standard system upgrade you need to restart gnumeric and all python server applications to effect the necessary changes.

Details follow:

USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was found that the various python packages and gnumeric contain static copies of the library code, so these packages need to be updated as well.

In gnumeric this bug could be exploited to execute arbitrary code with the privileges of the user if the user was tricked into opening a specially crafted spreadsheet document.

In python, the impact depends on the particular application that uses python's "re" (regular expression) module. In python server applications that process unchecked arbitrary regular expressions with the "re" module, this could potentially be exploited to remotely execute arbitrary code with the privileges of the server.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives: