|
|
| Top White Papers
Current Newswire:
Advisories, January 30, 2006Jan 31, 2006, 04:45 (0 Talkback[s])Debian GNU/LinuxDebian Security Advisory DSA 951-2 security@debian.org Package : trac This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update. For completeness please find below the original advisory text: Several vulnerabilies have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems: CVE-2005-4065 Due to missing input sanitising it is possible to inject arbitrary SQL code into the SQL statements. CVE-2005-4644 A cross-site scripting vulnerability has been discovered that allows remote attackers to inject arbitrary web script or HTML. The old stable distribution (woody) does not contain trac packages. For the stable distribution (sarge) these problems have been fixed in version 0.8.1-3sarge4. For the unstable distribution (sid) these problems have been fixed in version 0.9.3-1. We recommend that you upgrade your trac package. Upgrade Instructions wget url will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge Source archives: http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4.dsc Architecture independent components: http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4_all.deb These files will probably be moved into the stable distribution on its next update. Debian Security Advisory DSA 959-1 security@debian.org Package : unalz Ulf Hürnhammer from the Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive. The old stable distribution (woody) does not contain unalz. For the stable distribution (sarge) this problem has been fixed in version 0.30.1 For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your unalz package. Upgrade Instructions wget url will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge Source archives: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1.dsc Alpha architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_alpha.deb AMD64 architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_amd64.deb ARM architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_arm.deb Intel IA-32 architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_i386.deb Intel IA-64 architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_ia64.deb HP Precision architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_hppa.deb Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_m68k.deb Big endian MIPS architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mips.deb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mipsel.deb PowerPC architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_powerpc.deb IBM S/390 architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_s390.deb Sun Sparc architecture: http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_sparc.deb These files will probably be moved into the stable distribution on its next update. Gentoo LinuxGentoo Linux Security Advisory GLSA 200601-15 Severity: High SynopsisParos's database component is installed without a password, allowing execution of arbitrary system commands. BackgroundParos is an intercepting proxy between a web server and a client meant to be used for security assessments. It allows the user to watch and modify the HTTP(S) traffic. Affected packages
Package / Vulnerable / Unaffected
1 net-proxy/paros <= 3.2.5 > 3.2.5 DescriptionAndrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator "sa". ImpactSince the database listens globally by default, an attacker can connect and issue arbitrary commands, including execution of binaries installed on the host. WorkaroundThere is no known workaround at this time. ResolutionAll Paros users should upgrade to the latest version:
# emerge --snyc
# emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8"
References[ 1 ] CVE-2005-3280 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3280 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200601-15.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200601-16 Severity: Normal SynopsisMyDNS contains a vulnerability that may lead to a Denial of Service attack. BackgroundMyDNS is a DNS server using a MySQL database as a backend. It is designed to allow for fast updates and small resource usage. Affected packages
Package / Vulnerable / Unaffected
1 net-dns/mydns < 1.1.0 >= 1.1.0 DescriptionMyDNS contains an unspecified flaw that may allow a remote Denial of Service. ImpactAn attacker could cause a Denial of Service by sending malformed DNS queries to the MyDNS server. WorkaroundThere is no known workaround at this time. ResolutionAll MyDNS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/mydns-1.1.0"
References[ 1 ] CVE-2006-0351 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0351 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200601-16.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200601-17 Severity: Normal SynopsisXpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer overflows that may be exploited to execute arbitrary code. BackgroundXpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. libextractor is a library which includes Xpdf code to extract arbitrary meta-data from files. pdftohtml is a utility to convert PDF files to HTML or XML formats that makes use of Xpdf code to decode PDF files. Affected packages
Package / Vulnerable / Unaffected
DescriptionChris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files. ImpactBy sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. WorkaroundThere is no known workaround at this time. ResolutionAll Xpdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5"
All Poppler users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4"
All GPdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3"
All libextractor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9"
All pdftohtml users should migrate to the latest stable version of Poppler. References[ 1 ] CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 [ 2 ] CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 [ 3 ] CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 [ 4 ] CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200601-17.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Mandriva LinuxMandriva Linux Security Advisory MDKSA-2006:026 Package : bzip2 Problem Description: A bug was found in the way that bzgrep processed file names. If a user could be tricked into running bzgrep on a file with a special file name, it would be possible to execute arbitrary code with the privileges of the user running bzgrep. As well, the bzip2 package provided with Mandriva Linux 2006 did not the patch applied to correct CVE-2005-0953 which was previously fixed by MDKSA-2005:091; those packages are now properly patched. The updated packages have been patched to correct these problems. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 Updated Packages: Mandriva Linux 10.1: Mandriva Linux 10.1/X86_64: Mandriva Linux 10.2: Mandriva Linux 10.2/X86_64: Mandriva Linux 2006.0: Mandriva Linux 2006.0/X86_64: Corporate Server 2.1: Corporate Server 2.1/X86_64: Corporate 3.0: Corporate 3.0/X86_64: Multi Network Firewall 2.0: To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com Type Bits/KeyID Date User ID Mandriva Linux Security Advisory MDKSA-2006:027 Package : gzip Problem Description: Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. This was previously corrected in MDKSA-2005:092, however the fix was incomplete. These updated packages provide a more comprehensive fix to the problem. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 Updated Packages: Mandriva Linux 10.1: Mandriva Linux 10.1/X86_64: Mandriva Linux 10.2: Mandriva Linux 10.2/X86_64: Mandriva Linux 2006.0: Mandriva Linux 2006.0/X86_64: Corporate Server 2.1: Corporate Server 2.1/X86_64: Corporate 3.0: Corporate 3.0/X86_64: Multi Network Firewall 2.0: To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com Type Bits/KeyID Date User ID Trustix Secure LinuxTrustix Secure Linux Security Advisory #2006-0004 Package names: kernel, openssh Package description: kernel The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. openssh Problem description:
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-0035, CVE-2006-0036, CVE-2006-0037 and CVE-2006-0095 to these issues. openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-0225 to this issue. Action: Location: About Trustix Secure Linux: Automatic updates: Questions? Verification: The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
and MD5sums of the packages: 027cea1f2f987f710fe2680337a4774f 3.0/rpms/kernel-2.6.15.1-1tr.i586.rpm 9f6cc359c94b874a8160b2744fb6d510 3.0/rpms/kernel-doc-2.6.15.1-1tr.i586.rpm f6c272fadee97f280adee5f9a00576b0 3.0/rpms/kernel-headers-2.6.15.1-1tr.i586.rpm 31150a8b714720f20e290dccec845826 3.0/rpms/kernel-smp-2.6.15.1-1tr.i586.rpm fce9c0bf230300cec808aea31ff7f718 3.0/rpms/kernel-smp-headers-2.6.15.1-1tr.i586.rpm cf6368abb17f22b64826d00bd8336cf5 3.0/rpms/kernel-source-2.6.15.1-1tr.i586.rpm 0608ad6bd8e97ddadd0b501206a11d20 3.0/rpms/kernel-utils-2.6.15.1-1tr.i586.rpm ab20e49ff562fa8accc40ecbf13e7799 3.0/rpms/openssh-4.2p1-2tr.i586.rpm ade6e066afe6e83bd99975bfa252f608 3.0/rpms/openssh-clients-4.2p1-2tr.i586.rpm 7290bb4c93f08314b72b589e6ed3b0b3 3.0/rpms/openssh-server-4.2p1-2tr.i586.rpm 934477d687fb6cb48b78fceb87e187e2 3.0/rpms/openssh-server-config-4.2p1-2tr.i586.rpm 3bfc8e25184b964391c8c71ad95b2778
2.2/rpms/openssh-4.2p1-2tr.i586.rpm Trustix Security Team
0 Talkback[s]
(click to add your comment)
|
