Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories, February 21, 2006

Feb 22, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 978-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 17th, 2006 http://www.debian.org/security/faq


Package : gnupg
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-0455

Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, verifies external signatures of files successfully even though they don't contain a signature at all.

For the old stable distribution (woody) this problem has been fixed in version 1.0.6-4woody4.

For the stable distribution (sarge) this problem has been fixed in version 1.4.1-1sarge1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your gnupg package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4.dsc
      Size/MD5 checksum: 577 ed66e73f6d4947d73533619b1d9cc102
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4.diff.gz
      Size/MD5 checksum: 5846 ffefbd4c2409630d69ead0ed9f7d1aad
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6.orig.tar.gz
      Size/MD5 checksum: 1941676 7c319a9e5e70ad9bc3bf0d7b5008a508

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_alpha.deb
      Size/MD5 checksum: 1150586 a3b16d87b786fb6fc633b616dcf51c6c

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_arm.deb
      Size/MD5 checksum: 987020 931ef6e661881caad9e28dd17a55f73d

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_i386.deb
      Size/MD5 checksum: 966300 d93be18eff2a14c035aad34eb6b32882

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_ia64.deb
      Size/MD5 checksum: 1271674 1e8cdda5551ca1683bb5dff815be4341

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_hppa.deb
      Size/MD5 checksum: 1059236 260b2b7f7bde738ea69c757e331a5a7d

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_m68k.deb
      Size/MD5 checksum: 942322 a318666f20474e6690461105919fc5d4

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_mips.deb
      Size/MD5 checksum: 1035740 1798dc8a392f3f1e72f4033d4c41ca1a

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_mipsel.deb
      Size/MD5 checksum: 1036234 ef52bb449a4a7950d5afff4451ad6be1

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_powerpc.deb
      Size/MD5 checksum: 1009544 800ef9aa2fa1bc397c8c12d327192de4

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_s390.deb
      Size/MD5 checksum: 1002048 fc850b1b0730fc35bb3e52fcb2d102c4

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody4_sparc.deb
      Size/MD5 checksum: 1003660 c37b8fd31899e090da693dd9ffb54c5d

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1.dsc
      Size/MD5 checksum: 678 a5540607baf77d1feb04a49186bbb95c
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1.diff.gz
      Size/MD5 checksum: 17526 eec60aded8b0304f654b37653c63721c
    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5 checksum: 4059170 1cc77c6943baaa711222e954bbd785e5

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_alpha.deb
      Size/MD5 checksum: 2155420 f827b1ee9f31bdfca5f121bef50debef

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_amd64.deb
      Size/MD5 checksum: 1962898 4ecee788f9743005d120cbb7bcfce928

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_arm.deb
      Size/MD5 checksum: 1898868 adf7853ea42fbc8d2678f074160e6710

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_i386.deb
      Size/MD5 checksum: 1908084 26e6e3722c9a5a7b30292eca151b08d8

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_ia64.deb
      Size/MD5 checksum: 2324110 e7164b71e25f2cea09718ac964b3f424

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_hppa.deb
      Size/MD5 checksum: 2003646 80c1b741472cd70c53f567bd9c5f5ed3

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_m68k.deb
      Size/MD5 checksum: 1810732 434cf6faf160d205ea0fba25fb703a56

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_mips.deb
      Size/MD5 checksum: 2000286 abc14aa9e9c952469bc5d7eb4d9b41e5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_mipsel.deb
      Size/MD5 checksum: 2007030 1edd20f18c6688be523c7b7c3c1a893e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_powerpc.deb
      Size/MD5 checksum: 1957304 4e62251e74578e39cc9e80f200a64d58

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_s390.deb
      Size/MD5 checksum: 1966486 d15b86e9b8ba05df24f97f5f15389eb5

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1sarge1_sparc.deb
      Size/MD5 checksum: 1896628 20dde71104fcd8ce457fded1d2b3f444

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 979-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 17th, 2006 http://www.debian.org/security/faq


Package : pdfkit.framework
Vulnerability : several
Problem type : local (remote)
Debian-specific: no

Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content.

The old stable distribution (woody) does not contain pdfkit.framework packages.

For the stable distribution (sarge) these problems have been fixed in version 0.8-2sarge3.

The unstable distribution (sid) is not affected by these problems.

We recommend that you upgrade your pdfkit.framework package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.dsc
      Size/MD5 checksum: 725 de9c519b3fa8840bcd17cbd9cb9b736d
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
      Size/MD5 checksum: 6910 ca4032bfa6f3920c7ce30f10b204d414
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
      Size/MD5 checksum: 1780533 7676643ff78a0602c10bfb97fe0bd448

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_alpha.deb
      Size/MD5 checksum: 1822264 ee7b33692e20c9036d7659fd42c3c19a

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_amd64.deb
      Size/MD5 checksum: 1797060 a013cec8d2f979ce457804cec5279ad7

ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_arm.deb
      Size/MD5 checksum: 1756444 68fa644e60388efa71484d5659db43c8

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_i386.deb
      Size/MD5 checksum: 1750746 5d9d3190e9631865b6576cc064c123fc

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_ia64.deb
      Size/MD5 checksum: 1981562 2516d48b571ddbb587d9e9e5ce3e00da

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_hppa.deb
      Size/MD5 checksum: 1862848 349dac672d42915e2a5778cbf78c62bd

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_m68k.deb
      Size/MD5 checksum: 1786208 6b9617a7449efce9eee6b65e0160e504

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_mips.deb
      Size/MD5 checksum: 1769510 f45ab741024d90bf8887217c9addfa00

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_mipsel.deb
      Size/MD5 checksum: 1755142 ef20414216a3fc828ac5686bd9bf28a2

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_powerpc.deb
      Size/MD5 checksum: 1771308 47dbcb9f76c750924441f8f5edc2d900

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_s390.deb
      Size/MD5 checksum: 1805244 76ec3454cbfa1a588ede6ed4f0a7758d

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_sparc.deb
      Size/MD5 checksum: 1780426 695eb2cc6075f70c00d73b1ed7ecc491

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2006-116
2006-02-17

Product : Fedora Core 4
Name : gnupg
Version : 1.4.2.1
Release : 1
Summary : A GNU utility for secure communication and data storage.

Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide).


Update Information:

The GNU Privacy Guard provides encryption and signing for messages and arbitrary files, and implements the OpenPGP standard as described by IETF RFC2440.

Version 1.4.2 of GnuPG would in some cases erroneously exit with status 0 (signalling no errors) if it was invoked to check a signature but found no signature to check. This should be corrected in version 1.4.2.1.


  • Wed Feb 15 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.4.2.1-1
    • update to 1.4.2.1 (fixes CVE-2006-0455)
  • Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.4.2-3.2.1
    • bump again for double-long bug on ppc(64)
  • Tue Feb 7 2006 Jesse Keating <jkeating@redhat.com> - 1.4.2-3.2
    • rebuilt for new gcc4.1 snapshot and glibc changes
  • Fri Dec 9 2005 Jesse Keating <jkeating@redhat.com>
    • rebuilt
  • Tue Aug 9 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-3
    • don't override libexecdir any more; we don't need to (#165462)
  • Thu Aug 4 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-2
    • pull in David Shaw's fix for key generation in batch mode
  • Fri Jul 29 2005 Nalin Dahyabhai <nalin@redhat.com>
    • change %post to check if the info files are there before attempting to add or remove them from the info index (#91641)
  • Wed Jul 27 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
    • update to 1.4.2

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

a1a4ce41efd41cb8ade2b4413072fb4c00e8b9e3 SRPMS/gnupg-1.4.2.1-1.src.rpm
1be912b956a9c001a8a24a4cadbaee4351710bfb ppc/gnupg-1.4.2.1-1.ppc.rpm
644518c6e8d05280b091d12fe9c9e541666cc47a ppc/debug/gnupg-debuginfo-1.4.2.1-1.ppc.rpm
5dd455f66408bb0b1a5080077595f45e14848fd7 x86_64/gnupg-1.4.2.1-1.x86_64.rpm
f1d7b3d77fa9f6bdae07a10a5edcf9b15c777934 x86_64/debug/gnupg-debuginfo-1.4.2.1-1.x86_64.rpm
601f36c75b78f96fe1d921edde19343997b3827e i386/gnupg-1.4.2.1-1.i386.rpm
e10f5c5707b4ba7ba65da4fdc08013af111fbedc i386/debug/gnupg-debuginfo-1.4.2.1-1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated squid package fixes security issues
Advisory ID: FLSA:152809
Issue date: 2006-02-18
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0173 CVE-2005-0174 CVE-2005-0175 CVE-2005-0194 CVE-2005-0211 CVE-2005-0241 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-2005-1345 CVE-1999-0710 CVE-2005-1519 CVE-2004-2479 CVE-2005-2794 CVE-2005-2796 CVE-2005-2917



1. Topic:

An updated Squid package that fixes several security issues is now available.

Squid is a full-featured Web proxy cache.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A buffer overflow was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could potentially execute arbitrary code by sending a lengthy password. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-0541 to this issue.

An out of bounds memory read bug was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could send a carefully crafted NTLM authentication packet and cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-0832 to this issue.

iDEFENSE reported a flaw in the squid SNMP module. This flaw could allow an attacker who has the ability to send arbitrary packets to the SNMP port to restart the server, causing it to drop all open connections. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-0918 to this issue.

A buffer overflow flaw was found in the Gopher relay parser. This bug could allow a remote Gopher server to crash the Squid proxy that reads data from it. Although Gopher servers are now quite rare, a malicious web page (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0094 to this issue.

An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0095 to this issue.

A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0096 to this issue.

A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0097 to this issue.

A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0173 to this issue.

The way Squid handles HTTP responses was found to need strengthening. It is possible that a malicious web server could send a series of HTTP responses in such a way that the Squid cache could be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2005-0174 and CVE-2005-0175 to these issues.

When processing the configuration file, Squid parses empty Access Control Lists (ACLs) and proxy_auth ACLs without defined auth schemes in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0194 to this issue.

A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0211 to this issue.

A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0241 to this issue.

A bug was found in the way Squid handles FQDN lookups. It was possible to crash the Squid server by sending a carefully crafted DNS response to an FQDN lookup. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0446 to this issue.

A race condition bug was found in the way Squid handles the now obsolete Set-Cookie header. It is possible that Squid can leak Set-Cookie header information to other clients connecting to Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0626 to this issue.

A bug was found in the way Squid handles PUT and POST requests. It is possible for an authorised remote user to cause a failed PUT or POST request which can cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0718 to this issue.

A bug was found in the way Squid processes errors in the access control list. It is possible that an error in the access control list could give users more access than intended. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-1345 to this issue.

A bug was found in the way Squid handles access to the cachemgr.cgi script. It is possible for an authorised remote user to bypass access control lists with this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-1999-0710 to this issue.

A bug was found in the way Squid handles DNS replies. If the port Squid uses for DNS requests is not protected by a firewall it is possible for a remote attacker to spoof DNS replies, possibly redirecting a user to spoofed or malicious content. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-1519 to this issue.

A bug was found in the way Squid displays error messages. A remote attacker could submit a request containing an invalid hostname which would result in Squid displaying a previously used error message. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-2479 to this issue.

Two denial of service bugs were found in the way Squid handles malformed requests. A remote attacker could submit a specially crafted request to Squid that would cause the server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2005-2794 and CVE-2005-2796 to these issues.

A bug was found in the way Squid handles certain request sequences while performing NTLM authentication. It is possible for an attacker to cause Squid to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-2917 to this issue.

Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152809

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


5db383926b0358e7b1a74cd0c84d3c253fae82a6 redhat/7.3/updates/i386/squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
8d2b75252ee52b9fe943d4478960e30508bae4ea redhat/7.3/updates/SRPMS/squid-2.4.STABLE7-0.73.3.legacy.src.rpm
d90f37a598d6789876d85fc41297fb6d6957711d redhat/9/updates/i386/squid-2.5.STABLE1-9.10.legacy.i386.rpm
c6f5927ebca3000a5d9cb2d52912e9ea989ee8eb redhat/9/updates/SRPMS/squid-2.5.STABLE1-9.10.legacy.src.rpm
4e1d0e1546e50f3f694617ce641b31230b3989ad fedora/1/updates/i386/squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
03e318f01302e6305d368349ea778ac9f104839d fedora/1/updates/SRPMS/squid-2.5.STABLE3-2.fc1.6.legacy.src.rpm
9eb87b9c886d2c72d6ecefa3f70e016d65de9574 fedora/2/updates/i386/squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
6aab32f2cb1e01196722d2ee6e980dc3915d788b fedora/2/updates/SRPMS/squid-2.5.STABLE9-1.FC2.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2917

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated openssh packages fix security issues
Advisory ID: FLSA:168935
Issue date: 2006-02-18
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-2069 CVE-2006-0225



1. Topic:

Updated openssh packages that fix security issues are now available.

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH replaces rlogin and rsh, and provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over a secure channel. Public key authentication can be used for "passwordless" access to servers.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. A malicious user could connect to the SSH daemon in such a way that it would prevent additional logins from occuring until the malicious connections are closed. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-2069 to this issue.

The scp command was found to expose filenames twice to shell expansion. A malicious user could execute arbitrary commands by using specially crafted filenames containing shell metacharacters or spaces. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2006-0225 to this issue.

Users of openssh should upgrade to these updated packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168935

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/openssh-3.1p1-14.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssh-3.1p1-14.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssh-askpass-3.1p1-14.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssh-askpass-gnome-3.1p1-14.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssh-clients-3.1p1-14.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/openssh-server-3.1p1-14.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openssh-3.5p1-11.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/openssh-3.5p1-11.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssh-askpass-3.5p1-11.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssh-askpass-gnome-3.5p1-11.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssh-clients-3.5p1-11.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/openssh-server-3.5p1-11.4.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openssh-3.6.1p2-19.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/openssh-3.6.1p2-19.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssh-askpass-3.6.1p2-19.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssh-askpass-gnome-3.6.1p2-19.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssh-clients-3.6.1p2-19.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/openssh-server-3.6.1p2-19.4.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/openssh-3.6.1p2-34.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/openssh-3.6.1p2-34.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssh-askpass-3.6.1p2-34.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssh-askpass-gnome-3.6.1p2-34.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssh-clients-3.6.1p2-34.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/openssh-server-3.6.1p2-34.4.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/openssh-3.9p1-8.0.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/openssh-3.9p1-8.0.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/openssh-askpass-3.9p1-8.0.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/openssh-askpass-gnome-3.9p1-8.0.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/openssh-clients-3.9p1-8.0.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/openssh-server-3.9p1-8.0.4.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/openssh-3.9p1-8.0.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/openssh-askpass-3.9p1-8.0.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/openssh-askpass-gnome-3.9p1-8.0.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/openssh-clients-3.9p1-8.0.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/openssh-server-3.9p1-8.0.4.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


5c732eac2396d1dbc767c6706b936177b04e3ba9 redhat/7.3/updates/i386/openssh-3.1p1-14.3.legacy.i386.rpm
ac522209cbabd3638e8ca2b08bdf5453c1d9a8d4 redhat/7.3/updates/i386/openssh-askpass-3.1p1-14.3.legacy.i386.rpm
a79e45b1fd78f517a2dfb846e1814aeff35ab86d redhat/7.3/updates/i386/openssh-askpass-gnome-3.1p1-14.3.legacy.i386.rpm
daa5d5518e33835ef47f41f3bb379d9659e2bc3f redhat/7.3/updates/i386/openssh-clients-3.1p1-14.3.legacy.i386.rpm
28d3e3a66e6c786db875c5ea8d629b6abcc7fe5b redhat/7.3/updates/i386/openssh-server-3.1p1-14.3.legacy.i386.rpm
d838db35baa90040dec9df7459af4682f8976b7a redhat/7.3/updates/SRPMS/openssh-3.1p1-14.3.legacy.src.rpm
2e4da4da715512dccb420fc67f3bb24dae2d9a40 redhat/9/updates/i386/openssh-3.5p1-11.4.legacy.i386.rpm
af36bd2aa23d16986072cf15c6906add540f8b8a redhat/9/updates/i386/openssh-askpass-3.5p1-11.4.legacy.i386.rpm
0cc2cf34bde4b876944c8f19c1cd58d9f4503757 redhat/9/updates/i386/openssh-askpass-gnome-3.5p1-11.4.legacy.i386.rpm
f0e967606a821ec50f6d0af708935a9f04b52d11 redhat/9/updates/i386/openssh-clients-3.5p1-11.4.legacy.i386.rpm
d49d40f814c95319dff11a49f8bb66dcdd3f808c redhat/9/updates/i386/openssh-server-3.5p1-11.4.legacy.i386.rpm
38544ce3e39dbebcb15ce213f4aff9bf3edb93a7 redhat/9/updates/SRPMS/openssh-3.5p1-11.4.legacy.src.rpm
c962909e215becff41ab14353a0b1ef3f5a499fd fedora/1/updates/i386/openssh-3.6.1p2-19.4.legacy.i386.rpm
61ca655031b498ba8c66a97f0792c4f9dbd0f795 fedora/1/updates/i386/openssh-askpass-3.6.1p2-19.4.legacy.i386.rpm
0201fe8254733f85cde19e17911015c38ae6f8fa fedora/1/updates/i386/openssh-askpass-gnome-3.6.1p2-19.4.legacy.i386.rpm
3818241e59db35fe61773f7e59d9d83fafd4b16a fedora/1/updates/i386/openssh-clients-3.6.1p2-19.4.legacy.i386.rpm
202bec4605eaf6054433a170a6432a3d449862cb fedora/1/updates/i386/openssh-server-3.6.1p2-19.4.legacy.i386.rpm
e5b385dbba09ec63225c2eb25e22827d0e6fd789 fedora/1/updates/SRPMS/openssh-3.6.1p2-19.4.legacy.src.rpm
ca85182633a97ce1bb8c3bcb683d44242881703f fedora/2/updates/i386/openssh-3.6.1p2-34.4.legacy.i386.rpm
f49c8368fe790df101b671a368f0ff47fdc0fad3 fedora/2/updates/i386/openssh-askpass-3.6.1p2-34.4.legacy.i386.rpm
281fe61d517ebff0a297cd4c6342c398debcd33f fedora/2/updates/i386/openssh-askpass-gnome-3.6.1p2-34.4.legacy.i386.rpm
d25c9ca4c55732cc3368587cfd6b4b7629c52ee8 fedora/2/updates/i386/openssh-clients-3.6.1p2-34.4.legacy.i386.rpm
ec570330a25c600803dd2f88ff140726a66d3c7e fedora/2/updates/i386/openssh-server-3.6.1p2-34.4.legacy.i386.rpm
4bf28b7a7d7a9fad922b6a1e96a0433320cab26e fedora/2/updates/SRPMS/openssh-3.6.1p2-34.4.legacy.src.rpm
75001fc461867ff3b5f608423de99b5c0d9705e6 fedora/3/updates/i386/openssh-3.9p1-8.0.4.legacy.i386.rpm
e4a4bfc7866e2ace0c9b0a0a3b4598e9594fd6ae fedora/3/updates/i386/openssh-askpass-3.9p1-8.0.4.legacy.i386.rpm
4df1fe9ad8bfcdee35dcddbc9fb124e513718275 fedora/3/updates/i386/openssh-askpass-gnome-3.9p1-8.0.4.legacy.i386.rpm
f53b372fcab1724ac8a073aebc9b04718439c894 fedora/3/updates/i386/openssh-clients-3.9p1-8.0.4.legacy.i386.rpm
8b800276ec20d03452cf1e39883315baa9c7a7df fedora/3/updates/i386/openssh-server-3.9p1-8.0.4.legacy.i386.rpm
61a70c9f0cf6c152fb7f48c5857b5e002dc0527a fedora/3/updates/x86_64/openssh-3.9p1-8.0.4.legacy.x86_64.rpm
b8e38615db4f431c1e87204a0ecaefbabde2479b fedora/3/updates/x86_64/openssh-askpass-3.9p1-8.0.4.legacy.x86_64.rpm
5cd606345fb8b3ba1f7c1d6f005d18c50d0886bd fedora/3/updates/x86_64/openssh-askpass-gnome-3.9p1-8.0.4.legacy.x86_64.rpm
db5f2a76871dc0e6987702a492ad84252a5211c4 fedora/3/updates/x86_64/openssh-clients-3.9p1-8.0.4.legacy.x86_64.rpm
18f578efebdc634ee6ab363064f9ac8d81fa5cf0 fedora/3/updates/x86_64/openssh-server-3.9p1-8.0.4.legacy.x86_64.rpm
8dc6ca866a0a5d0e2c01f4b898bbaa798399fa40 fedora/3/updates/SRPMS/openssh-3.9p1-8.0.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated Apache httpd packages fix security issues
Advisory ID: FLSA:175406
Issue date: 2006-02-18
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2970 CVE-2005-3352 CVE-2005-3357



1. Topic:

Updated Apache httpd packages that correct three security issues are now available.

The Apache HTTP Server is a popular and freely-available Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM.

A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352)

A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357)

Users of httpd should update to these erratum packages which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175406

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/apache-1.3.27-9.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-1.3.27-9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/apache-devel-1.3.27-9.legacy.i3