Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories, January 30, 2006

Jan 31, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 951-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 30th, 2006 http://www.debian.org/security/faq


Package : trac
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-4065 CVE-2005-4644
BugTraq IDs : 15720 16198
Debian Bug : 348791

This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update. For completeness please find below the original advisory text:

Several vulnerabilies have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:

CVE-2005-4065

Due to missing input sanitising it is possible to inject arbitrary SQL code into the SQL statements.

CVE-2005-4644

A cross-site scripting vulnerability has been discovered that allows remote attackers to inject arbitrary web script or HTML.

The old stable distribution (woody) does not contain trac packages.

For the stable distribution (sarge) these problems have been fixed in version 0.8.1-3sarge4.

For the unstable distribution (sid) these problems have been fixed in version 0.9.3-1.

We recommend that you upgrade your trac package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4.dsc
      Size/MD5 checksum: 656 2afc7d22430b36a751b23c4bf140777c
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4.diff.gz
      Size/MD5 checksum: 12886 2f5cbdedc833e862f328b70c88ad6f4f
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
      Size/MD5 checksum: 236791 1b6c44fae90c760074762b73cdc88c8d

Architecture independent components:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4_all.deb
      Size/MD5 checksum: 198590 a06bca97069edda61ab12ed76caf9a5c

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 959-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 30th, 2006 http://www.debian.org/security/faq


Package : unalz
Vulnerability : buffer overflow
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-3862
Debian Bug : 340842

Ulf Hürnhammer from the Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.

The old stable distribution (woody) does not contain unalz.

For the stable distribution (sarge) this problem has been fixed in version 0.30.1

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your unalz package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1.dsc
      Size/MD5 checksum: 505 6946e7c6ae2e663674cb968a17517d6b
    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1.tar.gz
      Size/MD5 checksum: 108993 9b45066980a87f11db43f24b0756be33

Alpha architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_alpha.deb
      Size/MD5 checksum: 54350 5cf460c260a651fa6c48a39a350fea19

AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_amd64.deb
      Size/MD5 checksum: 47924 21585b3182e29c28c4871bd75d2b8565

ARM architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_arm.deb
      Size/MD5 checksum: 49050 7e2bb36975ff0f6e601be3c4ac5de5a9

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_i386.deb
      Size/MD5 checksum: 42794 c9ca20d6840ca8381eee1dcfa34ad89a

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_ia64.deb
      Size/MD5 checksum: 77534 4e626bf47842d551ed1761336259fcfe

HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_hppa.deb
      Size/MD5 checksum: 51558 34d2c5c50af71e9ade2c3b608041cbc5

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_m68k.deb
      Size/MD5 checksum: 42514 747eeb6b49dc1c7e43f6d0e4034fa2c7

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mips.deb
      Size/MD5 checksum: 54364 9e797dbb849cbe5f65f61d5e052902e5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mipsel.deb
      Size/MD5 checksum: 53938 aef1b01344791cdefed5f837b66bf9aa

PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_powerpc.deb
      Size/MD5 checksum: 45412 621dafe9070b461d0f86655a1dda9507

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_s390.deb
      Size/MD5 checksum: 49970 2f6a285270fcd8084f9e2948e87ebfc4

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_sparc.deb
      Size/MD5 checksum: 46612 2142655456c03385e69d156a7831005c

These files will probably be moved into the stable distribution on its next update.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200601-15

http://security.gentoo.org/


Severity: High
Title: Paros: Default administrator password
Date: January 29, 2006
Bugs: #120352
ID: 200601-15


Synopsis

Paros's database component is installed without a password, allowing execution of arbitrary system commands.

Background

Paros is an intercepting proxy between a web server and a client meant to be used for security assessments. It allows the user to watch and modify the HTTP(S) traffic.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  net-proxy/paros      <= 3.2.5                             > 3.2.5

Description

Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator "sa".

Impact

Since the database listens globally by default, an attacker can connect and issue arbitrary commands, including execution of binaries installed on the host.

Workaround

There is no known workaround at this time.

Resolution

All Paros users should upgrade to the latest version:

    # emerge --snyc
    # emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8"

References

[ 1 ] CVE-2005-3280

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3280

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200601-16

http://security.gentoo.org/


Severity: Normal
Title: MyDNS: Denial of Service
Date: January 30, 2006
Bugs: #119548
ID: 200601-16


Synopsis

MyDNS contains a vulnerability that may lead to a Denial of Service attack.

Background

MyDNS is a DNS server using a MySQL database as a backend. It is designed to allow for fast updates and small resource usage.

Affected packages


     Package        /  Vulnerable  /                        Unaffected

  1  net-dns/mydns       < 1.1.0                              >= 1.1.0

Description

MyDNS contains an unspecified flaw that may allow a remote Denial of Service.

Impact

An attacker could cause a Denial of Service by sending malformed DNS queries to the MyDNS server.

Workaround

There is no known workaround at this time.

Resolution

All MyDNS users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dns/mydns-1.1.0"

References

[ 1 ] CVE-2006-0351

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0351

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-16.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200601-17

http://security.gentoo.org/


Severity: Normal
Title: Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
Date: January 30, 2006
Bugs: #117481, #117494, #117495, #115789, #118665
ID: 200601-17


Synopsis

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer overflows that may be exploited to execute arbitrary code.

Background

Xpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. libextractor is a library which includes Xpdf code to extract arbitrary meta-data from files. pdftohtml is a utility to convert PDF files to HTML or XML formats that makes use of Xpdf code to decode PDF files.

Affected packages


     Package                  /   Vulnerable   /            Unaffected


1 app-text/xpdf < 3.01-r5 >= 3.01-r5 2 app-text/poppler < 0.4.3-r4 >= 0.4.3-r4 3 app-text/gpdf < 2.10.0-r3 >= 2.10.0-r3 4 media-libs/libextractor < 0.5.9 >= 0.5.9 5 app-text/pdftohtml < 0.36-r4 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 5 affected packages on all of their supported architectures.

Description

Chris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files.

Impact

By sending a specially crafted PDF file to a victim, an attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Xpdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5"

All Poppler users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4"

All GPdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3"

All libextractor users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9"

All pdftohtml users should migrate to the latest stable version of Poppler.

References

[ 1 ] CVE-2005-3627

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

[ 2 ] CVE-2005-3626

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626

[ 3 ] CVE-2005-3625

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625

[ 4 ] CVE-2005-3624

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:026
http://www.mandriva.com/security/


Package : bzip2
Date : January 30, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

A bug was found in the way that bzgrep processed file names. If a user could be tricked into running bzgrep on a file with a special file name, it would be possible to execute arbitrary code with the privileges of the user running bzgrep.

As well, the bzip2 package provided with Mandriva Linux 2006 did not the patch applied to correct CVE-2005-0953 which was previously fixed by MDKSA-2005:091; those packages are now properly patched.

The updated packages have been patched to correct these problems.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953


Updated Packages:

Mandriva Linux 10.1:
9ba66ec27bbf76ba782127e9d35b47cf 10.1/RPMS/bzip2-1.0.2-20.4.101mdk.i586.rpm
aa67aef5d33f2d63dbe1970b75feeb6c 10.1/RPMS/libbzip2_1-1.0.2-20.4.101mdk.i586.rpm
39ac11e51b9891bdbc781a5f57802532 10.1/RPMS/libbzip2_1-devel-1.0.2-20.4.101mdk.i586.rpm
7af647d2bd9ed2235ce9f48e45b88510 10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
c482a9d432f31f6ae2de7b2a68547b97 x86_64/10.1/RPMS/bzip2-1.0.2-20.4.101mdk.x86_64.rpm
e9ae19f83d4156ff00b64c3bb738094e x86_64/10.1/RPMS/lib64bzip2_1-1.0.2-20.4.101mdk.x86_64.rpm
464e89b49a8e8b50bf90c2591d0fe773 x86_64/10.1/RPMS/lib64bzip2_1-devel-1.0.2-20.4.101mdk.x86_64.rpm
7af647d2bd9ed2235ce9f48e45b88510 x86_64/10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

Mandriva Linux 10.2:
7df4a217662f8c37e245eb93d93a371d 10.2/RPMS/bzip2-1.0.2-20.3.102mdk.i586.rpm
8f786bbbddacf81ccf78858566f4b61e 10.2/RPMS/libbzip2_1-1.0.2-20.3.102mdk.i586.rpm
560e3fcafd35a390acc92b3585c3e209 10.2/RPMS/libbzip2_1-devel-1.0.2-20.3.102mdk.i586.rpm
70536dcc4a48fd2c927533f5610e4c30 10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
fbb29ba214b192f71f93e1651e2859f6 x86_64/10.2/RPMS/bzip2-1.0.2-20.3.102mdk.x86_64.rpm
fad0d57ba24c7c2564a052621dabef6f x86_64/10.2/RPMS/lib64bzip2_1-1.0.2-20.3.102mdk.x86_64.rpm
e88392d200f33e476e43ff9d07576173 x86_64/10.2/RPMS/lib64bzip2_1-devel-1.0.2-20.3.102mdk.x86_64.rpm
70536dcc4a48fd2c927533f5610e4c30 x86_64/10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

Mandriva Linux 2006.0:
4e0529ee4c44182a0595aafaa4cc5f07 2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.i586.rpm
bce98fe9a3066968923b0bd067908777 2006.0/RPMS/libbzip2_1-1.0.3-1.2.20060mdk.i586.rpm
cbed01da9b0111e3f47f59735ec16a09 2006.0/RPMS/libbzip2_1-devel-1.0.3-1.2.20060mdk.i586.rpm
d099cf8e4a81702f32efbd9afe92f208 2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c2c65e542f1e9b34a801f578f3ce0920 x86_64/2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.x86_64.rpm
e401cf58458c72b0fa8de87352f81ecf x86_64/2006.0/RPMS/lib64bzip2_1-1.0.3-1.2.20060mdk.x86_64.rpm
920aa42c55fc7a97912433ca2c9f5adb x86_64/2006.0/RPMS/lib64bzip2_1-devel-1.0.3-1.2.20060mdk.x86_64.rpm
d099cf8e4a81702f32efbd9afe92f208 x86_64/2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

Corporate Server 2.1:
521d044c36980ad67d31d235cf1290bf corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.i586.rpm
dafdb66e984581813890aa05a9e597e3 corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.i586.rpm
5470771fb2586bf4c28439d7923cbf60 corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.i586.rpm
9215603a9dc985117ec1f5476fb0e05e corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
ec9760c37823edd74fbe67e4f7467607 x86_64/corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.x86_64.rpm
709e7e4d97e553500c334d443a99289d x86_64/corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.x86_64.rpm
032616025d51bb2e2c0d957deb606016 x86_64/corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.x86_64.rpm
9215603a9dc985117ec1f5476fb0e05e x86_64/corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

Corporate 3.0:
abf848e7e0779c5df11a9f52a33c952e corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.i586.rpm
ea41c2d1db6197763b8ae5602de69d47 corporate/3.0/RPMS/libbzip2_1-1.0.2-17.4.C30mdk.i586.rpm
ae5a1944fc833de24f3d6845e815fb91 corporate/3.0/RPMS/libbzip2_1-devel-1.0.2-17.4.C30mdk.i586.rpm
8f3a578903df91bcc206e20f51219063 corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
66856ec28ef826f1eeaca20fb71d1555 x86_64/corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.x86_64.rpm
9e46e6e8bc7eb84d74578339ab19dbd3 x86_64/corporate/3.0/RPMS/lib64bzip2_1-1.0.2-17.4.C30mdk.x86_64.rpm
8a15e6bfcfcf7daee02a3c4770b85b25 x86_64/corporate/3.0/RPMS/lib64bzip2_1-devel-1.0.2-17.4.C30mdk.x86_64.rpm
8f3a578903df91bcc206e20f51219063 x86_64/corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
99d1d85e93178ef63268c0127b22b0ab mnf/2.0/RPMS/bzip2-1.0.2-17.4.M20mdk.i586.rpm
624b0cca4f32689662f41862783ec701 mnf/2.0/RPMS/libbzip2_1-1.0.2-17.4.M20mdk.i586.rpm
384d5f1755aac9bef93454c394a38ba0 mnf/2.0/RPMS/libbzip2_1-devel-1.0.2-17.4.M20mdk.i586.rpm
2426bf6007f6ed217ccbab7304a7bae6 mnf/2.0/SRPMS/bzip2-1.0.2-17.4.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:027
http://www.mandriva.com/security/


Package : gzip
Date : January 30, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

This was previously corrected in MDKSA-2005:092, however the fix was incomplete. These updated packages provide a more comprehensive fix to the problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758


Updated Packages:

Mandriva Linux 10.1:
62937bbc65984b8f32a8817ca9d0a83a 10.1/RPMS/gzip-1.2.4a-13.3.101mdk.i586.rpm
03b66c3fff9a34edf0f714f773755d94 10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
fc3cc9dbcf1ca6b67f19a512ca555ed9 x86_64/10.1/RPMS/gzip-1.2.4a-13.3.101mdk.x86_64.rpm
03b66c3fff9a34edf0f714f773755d94 x86_64/10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.2:
431066b4062f9f23a09a137edb20b7b6 10.2/RPMS/gzip-1.2.4a-14.2.102mdk.i586.rpm
15e833f4126a3708773a7f055c24e21e 10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b18f7f611c82083e8e5605687165f1f3 x86_64/10.2/RPMS/gzip-1.2.4a-14.2.102mdk.x86_64.rpm
15e833f4126a3708773a7f055c24e21e x86_64/10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 2006.0:
9a496bbbe2e1a07096c7ac536fc2456c 2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.i586.rpm
da6e6cd98d8e37904c6e5140950367ac 2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
e1e5bf8168bdd95291364b4078504df5 x86_64/2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.x86_64.rpm
da6e6cd98d8e37904c6e5140950367ac x86_64/2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Corporate Server 2.1:
3b8cb2a9448fc5411bd8e49bb7037ffe corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.i586.rpm
3baf958e1a8159e1621f7d1694b24a24 corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
996b5e2b2b3f330fa9387e18e9f7d422 x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.x86_64.rpm
3baf958e1a8159e1621f7d1694b24a24 x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate 3.0:
8d5bbe00592a9830ce4ac5d2b120e867 corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.i586.rpm
5baa56e8feb905c9fb48629344a88b02 corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
0fd942e8d92942d5cee224263a27db9c x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.x86_64.rpm
5baa56e8feb905c9fb48629344a88b02 x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
1c2352fc2445c452769181be3d4e85a1 mnf/2.0/RPMS/gzip-1.2.4a-13.3.M20mdk.i586.rpm
601229e6188ad8ee34ff12f1147c5381 mnf/2.0/SRPMS/gzip-1.2.4a-13.3.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Trustix Secure Linux


Trustix Secure Linux Security Advisory #2006-0004

Package names: kernel, openssh
Summary: Multiple vulnerabilities
Date: 2006-01-27
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2


Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

openssh
Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.

Problem description:
kernel < TSL 3.0 >

  • SECURITY Fix: Missing validation of the "nlmsg_len" value in "netlink_rcv_skb()" can cause an infinite loop which can be exploited by local users to cause a DoS by setting the value to 0.
  • An error in the PPTP NAT helper in the handling of inbound PPTP_IN_CALL_REQUEST packets can cause an error in offset calculation. This can be exploited to cause random memory corruption and can crash the kernel.
  • ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used.
  • Stefan Rompf has reported a vulnerability caused due to the "dm-crypt" driver failing to clear memory before freeing it. This can be exploited by local users to obtain sensitive information.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-0035, CVE-2006-0036, CVE-2006-0037 and CVE-2006-0095 to these issues.

openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

  • SECURITY Fix: Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the "system()" function in scp when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-0225 to this issue.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0004/>

MD5sums of the packages:


027cea1f2f987f710fe2680337a4774f 3.0/rpms/kernel-2.6.15.1-1tr.i586.rpm
9f6cc359c94b874a8160b2744fb6d510 3.0/rpms/kernel-doc-2.6.15.1-1tr.i586.rpm
f6c272fadee97f280adee5f9a00576b0 3.0/rpms/kernel-headers-2.6.15.1-1tr.i586.rpm
31150a8b714720f20e290dccec845826 3.0/rpms/kernel-smp-2.6.15.1-1tr.i586.rpm
fce9c0bf230300cec808aea31ff7f718 3.0/rpms/kernel-smp-headers-2.6.15.1-1tr.i586.rpm
cf6368abb17f22b64826d00bd8336cf5 3.0/rpms/kernel-source-2.6.15.1-1tr.i586.rpm
0608ad6bd8e97ddadd0b501206a11d20 3.0/rpms/kernel-utils-2.6.15.1-1tr.i586.rpm
ab20e49ff562fa8accc40ecbf13e7799 3.0/rpms/openssh-4.2p1-2tr.i586.rpm
ade6e066afe6e83bd99975bfa252f608 3.0/rpms/openssh-clients-4.2p1-2tr.i586.rpm
7290bb4c93f08314b72b589e6ed3b0b3 3.0/rpms/openssh-server-4.2p1-2tr.i586.rpm
934477d687fb6cb48b78fceb87e187e2 3.0/rpms/openssh-server-config-4.2p1-2tr.i586.rpm

3bfc8e25184b964391c8c71ad95b2778 2.2/rpms/openssh-4.2p1-2tr.i586.rpm
8a3a8e810c8121ac10846922e0bffe6a 2.2/rpms/openssh-clients-4.2p1-2tr.i586.rpm
33c754e2048bb85822145c2063f63463 2.2/rpms/openssh-server-4.2p1-2tr.i586.rpm
0abb95f1c3c13c491e0233ae6f3a9944 2.2/rpms/openssh-server-config-4.2p1-2tr.i586.rpm


Trustix Security Team