Advisories: October 27, 2005
Oct 28, 2005, 04:45 (0 Talkback[s])
Debian GNU/Linux
Debian Security Advisory DSA 874-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 27th, 2005 http://www.debian.org/security/faq
Package : lynx
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3120
Ulf Härnhammar discovered a buffer overflow in lynx, a
text-mode browser for the WWW that can be remotely exploited.
During the handling of Asian characters when connecting to an NNTP
server lynx can be tricked to write past the boundary of a buffer
which can lead to the execution of arbitrary code.
For the old stable distribution (woody) this problem has been
fixed in version 2.8.4.1b-3.3.
For the stable distribution (sarge) this problem has been fixed
in version 2.8.5-2sarge1.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you upgrade your lynx package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.dsc
Size/MD5 checksum: 579
117f4e3d95a601741dc672012719042c
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.diff.gz
Size/MD5 checksum: 14448
5e5d819520415baa0d91f75f0ee4f0af
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
Size/MD5 checksum: 2557510
053a10f76b871e3944c11c7776da7f7a
Alpha architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_alpha.deb
Size/MD5 checksum: 1610266
c887b1d0598b99fe1e3f45fedaaf3321
ARM architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_arm.deb
Size/MD5 checksum: 1487698
fb290d8440ef3b2b59f10e270b1d7bb6
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_i386.deb
Size/MD5 checksum: 1442878
31da62cb1f065acc2f65f2fd4481d530
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_ia64.deb
Size/MD5 checksum: 1762578
e57e52ed11ea52b55d6a5ede09b466a8
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_hppa.deb
Size/MD5 checksum: 1555440
4beb62a33cc2c0f00a45e69bed8b5591
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_m68k.deb
Size/MD5 checksum: 1405626
7f8d46f3d143781364337b666a55fa42
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mips.deb
Size/MD5 checksum: 1507782
ae2ce1ddbe4855967d050a3e64e42e26
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mipsel.deb
Size/MD5 checksum: 1503970
08e80c500a4d57a4e47fc45dbf0ebfe3
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_powerpc.deb
Size/MD5 checksum: 1491262
2b58dece4ae0a8a98b31e2f8eba40d13
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_s390.deb
Size/MD5 checksum: 1463360
1e5419b8db89374ea1c96f1219fe6e15
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_sparc.deb
Size/MD5 checksum: 1492728
f4da20fe1ac83ee9adf37d49bb896c63
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.dsc
Size/MD5 checksum: 614
e7d5a14aafd2e9775c3175e44e3f9964
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.diff.gz
Size/MD5 checksum: 14891
59cf146b8defbfa1b78df4306b951441
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
Size/MD5 checksum: 2984352
5f516a10596bd52c677f9bfd9579bc28
Alpha architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_alpha.deb
Size/MD5 checksum: 1994554
8a9eb6cd8ee34ad17aa06b912b588659
AMD64 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_amd64.deb
Size/MD5 checksum: 1881684
5afcd53828326a0cb056681047bd48e6
ARM architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_arm.deb
Size/MD5 checksum: 1852912
de530d45ce98e68932ec4624abd67201
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_i386.deb
Size/MD5 checksum: 1852488
ba9125c2da9c21a8bcd173ff82948a28
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_ia64.deb
Size/MD5 checksum: 2128374
156c023772481f6e9f8629c44082c94d
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_hppa.deb
Size/MD5 checksum: 1909574
24bbbc72ab025249a3adaa7717b316ff
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_m68k.deb
Size/MD5 checksum: 1780590
449249ca3e257a33a5a9d7da16379076
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mips.deb
Size/MD5 checksum: 1894006
f30b06596b5ed9d881e1f3ba767aca2a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mipsel.deb
Size/MD5 checksum: 1889486
0b650edf6ca51547aedd7c7754bbda99
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_powerpc.deb
Size/MD5 checksum: 1878284
d90c1dc3fb2d5be179b827c32c14e222
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_s390.deb
Size/MD5 checksum: 1866758
60f30f0ebd7556799e565b4411a8d429
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_sparc.deb
Size/MD5 checksum: 1861536
85c12b7bd67f9800b49ab4b6b97a1dfd
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 875-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 27th, 2005 http://www.debian.org/security/faq
Package : openssl094
Vulnerability : cryptographic weakness
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-2969
Yutaka Oiwa discovered a vulnerability in the Open Secure Socket
Layer (OpenSSL) library that can allow an attacker to perform
active protocol-version rollback attacks that could lead to the use
of the weaker SSL 2.0 protocol even though both ends support SSL
3.0 or TLS 1.0.
The following matrix explains which version in which
distribution has this problem corrected.
| |
oldstable (woody) |
stable (sarge) |
unstable (sid) |
| openssl |
0.9.6c-2.woody.8 |
0.9.7e-3sarge1 |
0.9.8-3 |
| openssl 094 |
0.9.4-6.woody.4 |
n/a |
n/a |
| openssl 095 |
0.9.5a-6.woody.6 |
n/a |
n/a |
| openssl 096 |
n/a |
0.9.6m-1sarge1 |
n/a |
| openssl 097 |
n/a |
n/a |
0.9.7g-5 |
We recommend that you upgrade your libssl packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.dsc
Size/MD5 checksum: 624
2989b7b16a146a2f9a6ca52887bb2c3f
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.diff.gz
Size/MD5 checksum: 47116
a4db6a4e53d8f8703da86774768cb21c
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
Size/MD5 checksum: 1570392
72544daea16d6c99d656b95f77b01b2d
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_alpha.deb
Size/MD5 checksum: 445816
1eaa00c5cee084727d23a8169acdb705
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_i386.deb
Size/MD5 checksum: 358626
2d3f09ec2222ac497180a01facea470c
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_powerpc.deb
Size/MD5 checksum: 378870
58d0d41fa2005b5d05f49c557023c466
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 876-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
October 27th, 2005 http://www.debian.org/security/faq
Package : lynx-ssl
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3120
Ulf Härnhammar discovered a buffer overflow in lynx, a
text-mode browser for the WWW that can be remotely exploited.
During the handling of Asian characters when connecting to an NNTP
server lynx can be tricked to write past the boundary of a buffer
which can lead to the execution of arbitrary code.
For the old stable distribution (woody) this problem has been
fixed in version 2.8.4.1b-3.2.
For the stable distribution (sarge) this problem has been fixed
in version 2.8.5-2sarge1 of lynx.
For the unstable distribution (sid) this problem will be fixed
soon.
We recommend that you upgrade your lynx-ssl package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.dsc
Size/MD5 checksum: 609
6256bc48e63d9120301c6bdae3316675
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.diff.gz
Size/MD5 checksum: 87627
69a835be9e783a6788fd3122ec4c51d4
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
Size/MD5 checksum: 2557510
053a10f76b871e3944c11c7776da7f7a
Alpha architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_alpha.deb
Size/MD5 checksum: 1617392
d07cb6f46da183ab5c66860d90dd48c5
ARM architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_arm.deb
Size/MD5 checksum: 1491792
b20c7575d54e86838ddeff94622ce5ff
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_i386.deb
Size/MD5 checksum: 1447102
0707d60cdc076a9078ecd198d9e185c5
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_ia64.deb
Size/MD5 checksum: 1769060
9f621d66228be950732846918afb9b22
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_hppa.deb
Size/MD5 checksum: 1559592
c2c35718ba34d173fadefd3ba428695b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_m68k.deb
Size/MD5 checksum: 1410534
86eff29224e043788f98a02f4af20402
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mips.deb
Size/MD5 checksum: 1511892
7fa8c96a81238e524e870dee74d07fa4
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mipsel.deb
Size/MD5 checksum: 1507808
5c7db52ed5910884679ec9ecc8606593
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_powerpc.deb
Size/MD5 checksum: 1497302
f82ae7bc6ee25639bd8c18ab6c644fb5
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_s390.deb
Size/MD5 checksum: 1468622
72b310726d3baecfe26ba27ce9f9f46a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_sparc.deb
Size/MD5 checksum: 1497394
83d65399cb15b48bcd9024f01e3f9400
These files will probably be moved into the stable distribution
on its next update.
Fedora Core
Fedora Update Notification
FEDORA-2005-1031
2005-10-27
Product : Fedora Core 4
Name : pam
Version : 0.79
Release : 9.6
Summary : A security tool which provides authentication for
applications.
Description :
PAM (Pluggable Authentication Modules) is a system security tool
that allows system administrators to set authentication policy
without having to recompile programs that handle
authentication.
Update Information:
This update fixes a security bug in unix_chkpwd allowing brute
force attacks against passwords in /etc/shadow by a regular user
when SELinux is enabled.
- Wed Oct 26 2005 Tomas Mraz <tmraz@redhat.com> 0.79-9.6
- fixed CAN-2005-2977 unix_chkpwd should skip user verification
only if run as root (#168181)
- link pam_loginuid to libaudit
- remove spurious glib2 dependency
- support no tty in pam_access (#170467)
- support new kernel limits and unlimited limit value in
pam_limits (#171546)
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
fb348c5be5d8f694cdbd927681150989 SRPMS/pam-0.79-9.6.src.rpm
4a06122544169a7549639fa52be91bcd ppc/pam-0.79-9.6.ppc.rpm
edf3fc81ac4dfddf44f25dd37142b23c ppc/pam-devel-0.79-9.6.ppc.rpm
873dca1bc06450ede87a40b9d0241398
ppc/debug/pam-debuginfo-0.79-9.6.ppc.rpm
054d2fe06507a3c45c7ef8bcf8a595ac ppc/pam-0.79-9.6.ppc64.rpm
c7a3db12973f5182739d6adae0b25555
ppc/pam-devel-0.79-9.6.ppc64.rpm
6774937168a148b9e63e54711c26c790 x86_64/pam-0.79-9.6.x86_64.rpm
649b875ec7894c2fd855abb9a6547ef0
x86_64/pam-devel-0.79-9.6.x86_64.rpm
a70f55b7f8ce114052362e167984fdb0
x86_64/debug/pam-debuginfo-0.79-9.6.x86_64.rpm
6674a4ea75709a1e5c7f905e617db12b x86_64/pam-0.79-9.6.i386.rpm
f535f175a757f0d7b1dc66b1538fcd1c
x86_64/pam-devel-0.79-9.6.i386.rpm
6674a4ea75709a1e5c7f905e617db12b i386/pam-0.79-9.6.i386.rpm
f535f175a757f0d7b1dc66b1538fcd1c
i386/pam-devel-0.79-9.6.i386.rpm
d4ec56ab2def5974a103495169442c4c
i386/debug/pam-debuginfo-0.79-9.6.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
Fedora Update Notification
FEDORA-2005-1032
2005-10-27
Product : Fedora Core 3
Name : gdb
Version : 6.1post
Release : 1.20040607.43.0.1
Summary : A GNU source-level debugger for C, C++ and other
languages.
Description :
GDB, the GNU debugger, allows you to debug programs written in C,
C++, and other languages, by executing them in a controlled fashion
and printing their data.
Update Information:
This is an fc3 update for gdb regarding security issues:
CAN-2005-1704 Integer Overflow in gdb
This problem is that gdb's internal copy of bfd does not protect
against heap-based overflow.
CAN-2005-1705 gdb arbitrary command execution
This problem allows unprotected .gdbinit files to execute
arbitrary commands during gdb startup.
Fixes for both problems are found in:
gdb-6.1post-1.20040607.43.0.1
- Tue Oct 4 2005 Jeff Johnston <jjohnstn@redhat.com>
1.200400607.43.0.1
- Security errata to handle untrusted .gdbinit and bfd integer
overflow.
- Bugzilla 158683 and bugzilla 158686
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
b8b1221e0bee3f36f56d97a5a14f967e
SRPMS/gdb-6.1post-1.20040607.43.0.1.src.rpm
5888949940a560c9ba95df6e06d844c1
x86_64/gdb-6.1post-1.20040607.43.0.1.x86_64.rpm
503a943143b7d0493f138db9d3884829
x86_64/debug/gdb-debuginfo-6.1post-1.20040607.43.0.1.x86_64.rpm
1c0c3d31110fef65ebde55bc1c77bde1
i386/gdb-6.1post-1.20040607.43.0.1.i386.rpm
36c25e23d587ebf23099e4bf300e8ae2
i386/debug/gdb-debuginfo-6.1post-1.20040607.43.0.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
Fedora Update Notification
FEDORA-2005-1033
2005-10-27
Product : Fedora Core 4
Name : gdb
Version : 6.3.0.0
Release : 1.84
Summary : A GNU source-level debugger for C, C++, Java and other
languages.
Description :
GDB, the GNU debugger, allows you to debug programs written in C,
C++, Java, and other languages, by executing them in a controlled
fashion and printing their data.
Update Information:
This is an fc4 update for gdb that includes security issues:
CAN-2005-1704 Integer Overflow in gdb
This problem is that gdb's internal copy of bfd does not protect
against heap-based overflow.
CAN-2005-1705 gdb arbitrary command execution
This problem allows unprotected .gdbinit files to execute
arbitrary commands during gdb startup.
Fixes for both problems are found in:
gdb-6.3.0.0-1.84
This release also contains some additional fixes from the last
update.
- Tue Oct 18 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.84
- Tue Oct 18 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.82
- Modify attach patch to add missing fclose.
- Bugzilla 166712
- Tue Oct 11 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.81
- Tue Oct 11 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.78
- Support gdb attaching to a stopped process.
- Thu Sep 29 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.77
- Thu Sep 29 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.74
- Fix up DSO read logic when process is attached.
- Mon Sep 26 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.73
- Mon Sep 26 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.70
- Fix frame pointer calculation for ia64 sigtramp frame.
- Thu Sep 22 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.69
- Thu Sep 22 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.66
- Wed Sep 7 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.65
- Wed Sep 7 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.62
- Wed Jul 27 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.61
- Tue Jul 26 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.57
- Tue Jul 26 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.54
- Add testcase to verify printing of inherited members
- Bugzilla 146835
- Mon Jul 25 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.53
- Mon Jul 25 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.50
- Fix bug with info frame and cursor address on ia64.
- Add testcase to verify pseudo-registers calculated for ia64
sigtramp.
- Bugzilla 160339
- Fri Jul 22 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.49
- Fri Jul 22 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.46
- Fix attaching to 32-bit processes on 64-bit systems.
- Bugzilla 160254
- Thu Jul 14 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.45
- Thu Jul 14 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.42
- Add work-around to make ia64 gcore work faster.
- Bugzilla 147436
- Thu Jul 14 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.41
- Mon Jul 11 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.38
- Fix backtracing across sigaltstack for ia64
- Bugzilla 151741
- Fri Jul 8 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.37
- Fri Jul 8 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.35
- Build pseudo-registers properly for sigtramp frame.
- Bugzilla 160339
- Fri Jul 8 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.34
- Thu Jul 7 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.31
- Modify security errata to include additional bfd robustness
updates
- Bugzilla 158680
- Fri Jun 10 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.30
- Fri Jun 10 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.28
- Security errata for bfd and .gdbinit file usage
- Bugzilla 158680
- Wed May 18 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.24
- Wed May 18 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.23
- Wed May 18 2005 Jeff Johnston <jjohnstn@redhat.com>
6.3.0.0-1.22
- Specify SA_RESTART for linux-nat.c handlers and use my_waitpid
which handles EINTR.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
13dc7a0519af07517322966a31755c14
SRPMS/gdb-6.3.0.0-1.84.src.rpm
105ad05894d1a6473ac22bf923e59f63 ppc/gdb-6.3.0.0-1.84.ppc.rpm
983c714df523fe92774bc77a99660c47
ppc/debug/gdb-debuginfo-6.3.0.0-1.84.ppc.rpm
b46209774e0b189c93bd45565dbd57a2
x86_64/gdb-6.3.0.0-1.84.x86_64.rpm
ea77f6d39f6e994be2f81335f0925de8
x86_64/debug/gdb-debuginfo-6.3.0.0-1.84.x86_64.rpm
5456f46ec1b03267210b9f045612a9b8 i386/gdb-6.3.0.0-1.84.i386.rpm
fc72f8be341eaf9142aa768de9ad06e1
i386/debug/gdb-debuginfo-6.3.0.0-1.84.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2005:200
http://www.mandriva.com/security/
Package : apache-mod_auth_shadow
Date : October 27, 2005
Affected: 10.1, 10.2, 2006.0
Problem Description:
The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache
with AuthShadow enabled uses shadow authentication for all
locations that use the require group directive, even when other
authentication mechanisms are specified, which might allow remote
authenticated users to bypass security restrictions.
This update requires an explicit "AuthShadow on" statement if
website authentication should be checked against /etc/shadow.
The updated packages have been patched to address this
issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2963
Updated Packages:
Mandriva Linux 10.1:
528cdab76158def18a53ce798f06efbf
10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.i586.rpm
670e7f53e4d7ec420cc0ce529a11a423
10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
43f45a988397a72e7a00485055f00ca1
x86_64/10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.x86_64.rpm
670e7f53e4d7ec420cc0ce529a11a423
x86_64/10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm
Mandriva Linux 10.2:
aa10a068cf7bc453cd8935b48afed141
10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.i586.rpm
c7d15fcb80581c1169366d6ae56f9a1c
10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
caa1cb7195baf33a5ea8e07f31a84825
x86_64/10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.x86_64.rpm
c7d15fcb80581c1169366d6ae56f9a1c
x86_64/10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm
Mandriva Linux 2006.0:
e720a14ca9e445ae9aca32a8bd077f59
2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.i586.rpm
29be94c1a29d1c1400d84781fe25fd2d
2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
19778e61e14975aa3f749068d985cf34
x86_64/2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.x86_64.rpm
29be94c1a29d1c1400d84781fe25fd2d
x86_64/2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2005:201
http://www.mandriva.com/security/
Package : sudo
Date : October 27, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi
Network Firewall 2.0
Problem Description:
Tavis Ormandy discovered that sudo does not perform sufficient
environment cleaning; in particular the SHELLOPTS and PS4 variables
are still passed to the program running as an alternate user which
can result in the execution of arbitrary commands as the alternate
user when a bash script is executed.
The updated packages have been patched to correct this
problem.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2959
Updated Packages:
Corporate Server 2.1:
f7a973c064788876a3927e23698165e7
corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.i586.rpm
9d41a3e0d779287d5d6defe3effeadb6
corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
11dee7cd0ef65739fbcb74eb4435abb7
x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.x86_64.rpm
9d41a3e0d779287d5d6defe3effeadb6
x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm
Mandriva Linux 10.1:
3ac90a3cd189ea0326d927370fdb250e
10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.i586.rpm
d0f1e39453c3efa42829959452b10f85
10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
e4522d2cc1241b549143cdfd384b1e84
x86_64/10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.x86_64.rpm
d0f1e39453c3efa42829959452b10f85
x86_64/10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm
Corporate 3.0:
7f961e981298b0e17db2206b0c173c94
corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.i586.rpm
541ec48ae7f199c9e02209552541c93a
corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
0baca1e5dd528d9a0746812c3f70b6aa
x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.x86_64.rpm
541ec48ae7f199c9e02209552541c93a
x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm
Multi Network Firewall 2.0:
73f5119120b2f173d2a5b529bc4b94b1
mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.3.M20mdk.i586.rpm
6711bd6886115f5e5ec429eb739af719
mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.3.M20mdk.src.rpm
Mandriva Linux 10.2:
d1145addcb3d305aa1149baaad74bee4
10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.i586.rpm
7cfd46cb455cc00b091849726d4763f5
10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
9d59bab72f413dd21013add16252a48a
x86_64/10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.x86_64.rpm
7cfd46cb455cc00b091849726d4763f5
x86_64/10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm
Mandriva Linux 2006.0:
bf2035af2ac556c3bcb013e80c4fbbd9
2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.i586.rpm
4c708ebf20c38db338e909e6e461888f
2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
569e58db33c0a58b0548e3ea699e86fa
x86_64/2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.x86_64.rpm
4c708ebf20c38db338e909e6e461888f
x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10
Mandriva Security Team <security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2005:808-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-808.html
Issue date: 2005-10-27
Updated on: 2005-10-27
Product: Red Hat Enterprise Linux
Obsoletes: RHSA-2005:514
CVE Names: CVE-2005-3053 CVE-2005-3108 CVE-2005-3110 CVE-2005-3119
CVE-2005-3180 CVE-2005-3181
1. Summary:
Updated kernel packages that fix several security issues and a
page attribute mapping bug are now available for Red Hat Enterprise
Linux 4.
This update has been rated as having important security impact
by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc,
s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch,
x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch,
x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch,
x86_64
3. Problem description:
The Linux kernel handles the basic functions of the operating
system.
An issue was discovered that affects how page attributes are
changed by the kernel. Video drivers, which sometimes map kernel
pages with a different caching policy than write-back, are now
expected to function correctly. This change affects the x86, AMD64,
and Intel EM64T architectures.
In addition the following security bugs were fixed:
The set_mempolicy system call did not check for negative numbers
in the policy field. An unprivileged local user could use this flaw
to cause a denial of service (system panic). (CVE-2005-3053)
A flaw in ioremap handling on AMD 64 and Intel EM64T systems. An
unprivileged local user could use this flaw to cause a denial of
service or minor information leak. (CVE-2005-3108)
A race condition in the ebtables netfilter module. On a SMP
system that is operating under a heavy load this flaw may allow
remote attackers to cause a denial of service (crash).
(CVE-2005-3110)
A memory leak was found in key handling. An unprivileged local
user could use this flaw to cause a denial of service.
(CVE-2005-3119)
A flaw in the Orinoco wireless driver. On systems running the
vulnerable drive, a remote attacker could send carefully crafted
packets which would divulge the contents of uninitialized kernel
memory. (CVE-2005-3180)
A memory leak was found in the audit system. An unprivileged
local user could use this flaw to cause a denial of service.
(CVE-2005-3181)
All Red Hat Enterprise Linux 4 users are advised to upgrade
their kernels to the packages associated with their machine
architectures and configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
160135 - kernel panic in ioremap with four 1GB DIMMs
(2.6.9-11.ELsmp)
168217 - CAN-2005-3108 [RHEL 4] ioremap_nocache causes panic, only
on one motherboard, not on upstream 2.6.12.5 or later at least
168936 - System instability when using the NVIDIA driver (i.e bad
caching on address)
168993 - CAN-2005-3053 RHEL 4 sys_set_mempolicy allows invalid
policy leading to panic
170264 - CAN-2005-3108 ioremap x86_64 DoS
170268 - CAN-2005-3110 ebtables race
170274 - CAN-2005-3119 config_keys memleak
170277 - CAN-2005-3180 orinoco driver information leakage
170283 - CAN-2005-3181 names_cache memory leak
170563 - kernel crash in HP Compaq dc7100 CMT(DX438AV)
171154 - RHEL4 [NETFILTER]: Fix deadlock in ip4_queue.
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52 kernel-2.6.9-22.0.1.EL.src.rpm
i386:
7b6290bc039c15259d579a06c395896c
kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c
kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64
kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631
kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54
kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c
kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm
ia64:
5a51ab10cffc50cb078bd13fc8a5414a
kernel-2.6.9-22.0.1.EL.ia64.rpm
c31e6f11fedeecda7d22ffc1d4844fc3
kernel-devel-2.6.9-22.0.1.EL.ia64.rpm
noarch:
fad9b931780bd1ac8939de42f45ff97b
kernel-doc-2.6.9-22.0.1.EL.noarch.rpm
ppc:
b42d460c270ebcef5b7060326bbc5605
kernel-2.6.9-22.0.1.EL.ppc64.rpm
09f2f62975e14f2c3548216ac213b81b
kernel-2.6.9-22.0.1.EL.ppc64iseries.rpm
057920195917f3e207c89528ddcd671e
kernel-devel-2.6.9-22.0.1.EL.ppc64.rpm
ed97b76d4d5c4030e8534fa2490b1dd5
kernel-devel-2.6.9-22.0.1.EL.ppc64iseries.rpm
s390:
1683e74a2788aaacd97c37e377531053
kernel-2.6.9-22.0.1.EL.s390.rpm
87032a8964416a5528d6ada8c73bd516
kernel-devel-2.6.9-22.0.1.EL.s390.rpm
s390x:
073b6e7e7ab0c75f6f7eee3ab9e5c978
kernel-2.6.9-22.0.1.EL.s390x.rpm
7aa4a6814166a3d21dc368a63f7a3a29
kernel-devel-2.6.9-22.0.1.EL.s390x.rpm
x86_64:
1df1f4b6332f734de942ee24ac392dab
kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f
kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52
kernel-2.6.9-22.0.1.EL.src.rpm
i386:
7b6290bc039c15259d579a06c395896c
kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c
kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64
kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631
kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54
kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c
kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm
noarch:
fad9b931780bd1ac8939de42f45ff97b
kernel-doc-2.6.9-22.0.1.EL.noarch.rpm
x86_64:
1df1f4b6332f734de942ee24ac392dab
kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f
kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52
kernel-2.6.9-22.0.1.EL.src.rpm
i386:
7b6290bc039c15259d579a06c395896c
kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c
kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64
kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631
kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54
kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c
kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm
ia64:
5a51ab10cffc50cb078bd13fc8a5414a
kernel-2.6.9-22.0.1.EL.ia64.rpm
c31e6f11fedeecda7d22ffc1d4844fc3
kernel-devel-2.6.9-22.0.1.EL.ia64.rpm
noarch:
fad9b931780bd1ac8939de42f45ff97b
kernel-doc-2.6.9-22.0.1.EL.noarch.rpm
x86_64:
1df1f4b6332f734de942ee24ac392dab
kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f
kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-22.0.1.EL.src.rpm
a5556584e16702cb85ca37a64d9cdf52
kernel-2.6.9-22.0.1.EL.src.rpm
i386:
7b6290bc039c15259d579a06c395896c
kernel-2.6.9-22.0.1.EL.i686.rpm
432daa8fe4a9da2b970cb78500da7d4c
kernel-devel-2.6.9-22.0.1.EL.i686.rpm
b6478d292099a0278e7f4294d8324b64
kernel-hugemem-2.6.9-22.0.1.EL.i686.rpm
50eee5abb14da6bbf8dd0cf41726d631
kernel-hugemem-devel-2.6.9-22.0.1.EL.i686.rpm
532741540a653577ca248bf9ba84ac54
kernel-smp-2.6.9-22.0.1.EL.i686.rpm
36f7781eee1091e70f2c3d60090c3e9c
kernel-smp-devel-2.6.9-22.0.1.EL.i686.rpm
ia64:
5a51ab10cffc50cb078bd13fc8a5414a
kernel-2.6.9-22.0.1.EL.ia64.rpm
c31e6f11fedeecda7d22ffc1d4844fc3
kernel-devel-2.6.9-22.0.1.EL.ia64.rpm
noarch:
fad9b931780bd1ac8939de42f45ff97b
kernel-doc-2.6.9-22.0.1.EL.noarch.rpm
x86_64:
1df1f4b6332f734de942ee24ac392dab
kernel-2.6.9-22.0.1.EL.x86_64.rpm
c6b5364f055aced104b6261a3f02347f
kernel-devel-2.6.9-22.0.1.EL.x86_64.rpm
9d2820794ce05766fd31a6ed490db23f
kernel-smp-2.6.9-22.0.1.EL.x86_64.rpm
7459acc9a4ece3527fbb1b032d3f3163
kernel-smp-devel-2.6.9-22.0.1.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
