Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, May 25, 2006

May 26, 2006, 04:45 (0 Talkback[s])

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:090
http://www.mandriva.com/security/


Package : shadow-utils
Date : May 24, 2006
Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

A potential security problem was found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed.

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174


Updated Packages:

Mandriva Linux 10.2:
825d79682662b8a0fd0d1d4074df467c 10.2/RPMS/shadow-utils-4.0.3-9.1.102mdk.i586.rpm
611b3e5406342f3a005a91f5398c0f6e 10.2/SRPMS/shadow-utils-4.0.3-9.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
eb14eb3e3ad02685d0f979af3ca9ff8c x86_64/10.2/RPMS/shadow-utils-4.0.3-9.1.102mdk.x86_64.rpm
611b3e5406342f3a005a91f5398c0f6e x86_64/10.2/SRPMS/shadow-utils-4.0.3-9.1.102mdk.src.rpm

Corporate 3.0:
cd201b43668ffac7541855917452ed27 corporate/3.0/RPMS/shadow-utils-4.0.3-8.2.C30mdk.i586.rpm
275c41183422953389e9ea5fcb59fba5 corporate/3.0/SRPMS/shadow-utils-4.0.3-8.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
7d1950aca0c535b23cc4d2697e0b9c98 x86_64/corporate/3.0/RPMS/shadow-utils-4.0.3-8.2.C30mdk.x86_64.rpm
275c41183422953389e9ea5fcb59fba5 x86_64/corporate/3.0/SRPMS/shadow-utils-4.0.3-8.2.C30mdk.src.rpm

Multi Network Firewall 2.0:
f666b2bb0f409216642756a9318ecf34 mnf/2.0/RPMS/shadow-utils-4.0.3-8.2.M20mdk.i586.rpm
3624267601a9263555d713cac566ab15 mnf/2.0/SRPMS/shadow-utils-4.0.3-8.2.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:091
http://www.mandriva.com/security/


Package : php
Date : May 24, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow (CVE-2006-1990).

The substr_compare() function in PHP 5.x and 4.4.2 could allow attackers to cause a Denial of Service (memory access violation) via an out-of-bounds offset argument (CVE-2006-1991).

The second vulnerability only affects Mandriva Linux 2006; earlier versions shipped with older versions of PHP that do not contain the substr_compare() function.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1991


Updated Packages:

Mandriva Linux 10.2:
463d4dd124e7e161159703976b35344d 10.2/RPMS/libphp_common432-4.3.10-7.12.102mdk.i586.rpm
0a71e94de99b08ba787b23ef64c10357 10.2/RPMS/php432-devel-4.3.10-7.12.102mdk.i586.rpm
cfcaf5c400bd4d7ca64a2ae25eccb0b7 10.2/RPMS/php-cgi-4.3.10-7.12.102mdk.i586.rpm
321b4cad92d82d9bcd1f18170390f8ae 10.2/RPMS/php-cli-4.3.10-7.12.102mdk.i586.rpm
1bf084222c4f33676432bfb516d71582 10.2/SRPMS/php-4.3.10-7.12.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
54243bc33bd55e326aa05f321f767442 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.12.102mdk.x86_64.rpm
c1a6b0c185e4b39404493290cb80f86f x86_64/10.2/RPMS/php432-devel-4.3.10-7.12.102mdk.x86_64.rpm
b643924edc6d25dfeecdbb1cef532341 x86_64/10.2/RPMS/php-cgi-4.3.10-7.12.102mdk.x86_64.rpm
d393dc26dadaadf34fc6b7b44ee46399 x86_64/10.2/RPMS/php-cli-4.3.10-7.12.102mdk.x86_64.rpm
1bf084222c4f33676432bfb516d71582 x86_64/10.2/SRPMS/php-4.3.10-7.12.102mdk.src.rpm

Mandriva Linux 2006.0:
cbb4891a5ab88238d462a66e7363119e 2006.0/RPMS/libphp5_common5-5.0.4-9.9.20060mdk.i586.rpm
dd77930acc185da44c6946252d445438 2006.0/RPMS/php-cgi-5.0.4-9.9.20060mdk.i586.rpm
5de2486af340d1fe387f7ecafdf85df1 2006.0/RPMS/php-cli-5.0.4-9.9.20060mdk.i586.rpm
6dd3b49d29cc28508ea3efdb69e72a79 2006.0/RPMS/php-devel-5.0.4-9.9.20060mdk.i586.rpm
8e074aedcbd3126797bbe11c93e5bd04 2006.0/RPMS/php-fcgi-5.0.4-9.9.20060mdk.i586.rpm
f144d3a41b04047b9d8c536a37aa94e1 2006.0/SRPMS/php-5.0.4-9.9.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2e0821b3b925cc9c37391b061045c303 x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.9.20060mdk.x86_64.rpm
c0ad86b0b332c058a9a18f5a41aca912 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.9.20060mdk.x86_64.rpm
3c1ed4a2f1063fc53aec7a776af24939 x86_64/2006.0/RPMS/php-cli-5.0.4-9.9.20060mdk.x86_64.rpm
855bd247b561da4284eacbab95432123 x86_64/2006.0/RPMS/php-devel-5.0.4-9.9.20060mdk.x86_64.rpm
c504785298c305fd107ea6fdeff52211 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.9.20060mdk.x86_64.rpm
f144d3a41b04047b9d8c536a37aa94e1 x86_64/2006.0/SRPMS/php-5.0.4-9.9.20060mdk.src.rpm

Corporate 3.0:
bb6a0d81b011c1f859fb741544154b07 corporate/3.0/RPMS/libphp_common432-4.3.4-4.16.C30mdk.i586.rpm
e2d7f6bc462561ade323f97558491e8a corporate/3.0/RPMS/php432-devel-4.3.4-4.16.C30mdk.i586.rpm
61f46043b662e05c6eb33ab9ca28661a corporate/3.0/RPMS/php-cgi-4.3.4-4.16.C30mdk.i586.rpm
8ca7582e4edab0bf77f260247401d94d corporate/3.0/RPMS/php-cli-4.3.4-4.16.C30mdk.i586.rpm
b411e308d530cc2879b3087eb3f0f016 corporate/3.0/SRPMS/php-4.3.4-4.16.C30mdk.src.rpm

Corporate 3.0/X86_64:
9cdb80932f1e0a551fe6e494b4fe7436 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.16.C30mdk.x86_64.rpm
9027c979fa2b6b05917941f51c621a0a x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.16.C30mdk.x86_64.rpm
b1fad86cb60c067daebba9383d033c84 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.16.C30mdk.x86_64.rpm
d43daff0afa35122d1dfa29291b94fd3 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.16.C30mdk.x86_64.rpm
b411e308d530cc2879b3087eb3f0f016 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.16.C30mdk.src.rpm

Multi Network Firewall 2.0:
9bb29e292e0f7612bd3ca38762262c85 mnf/2.0/RPMS/libphp_common432-4.3.4-4.16.M20mdk.i586.rpm
9ad22ab66b3523d634dad69e126f7f44 mnf/2.0/RPMS/php432-devel-4.3.4-4.16.M20mdk.i586.rpm
6d130a0f45e5a23b1134a2ef5a721995 mnf/2.0/RPMS/php-cgi-4.3.4-4.16.M20mdk.i586.rpm
725f1e0d0fa61e2a912f2899225b6f87 mnf/2.0/RPMS/php-cli-4.3.4-4.16.M20mdk.i586.rpm
29c7cfe26747e0fcd9168448e47dbc75 mnf/2.0/SRPMS/php-4.3.4-4.16.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu Linux


Ubuntu Security Notice USN-286-1 May 24, 2006
dia vulnerabilities
CVE-2006-2453, CVE-2006-2480

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

dia
dia-gnome

The problem can be corrected by upgrading the affected package to version 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2 (for Ubuntu 5.10). After doing a standard system upgrade you need to restart dia to effect the necessary changes.

Details follow:

Several format string vulnerabilities have been discovered in dia. By tricking a user into opening a specially crafted dia file, or a file with a specially crafted name, this could be exploited to execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.diff.gz
      Size/MD5: 17086 d5771a080f9fab65abe39fa461b0be3f
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.3.dsc
      Size/MD5: 1408 dfca9d13543432df3ff0b89dd87694ad
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5ubuntu1.3_all.deb
      Size/MD5: 2148748 fc6799fd655d1417c1c382992dd28ab1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_amd64.deb
      Size/MD5: 194954 2912894e6aa809b200c0435475a02009
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_amd64.deb
      Size/MD5: 659674 b318e38937352a027afd3772621566f9
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_amd64.deb
      Size/MD5: 193266 cd0496cef2874ef740abafe9f28d53ec

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_i386.deb
      Size/MD5: 176988 e9b27d3c32f4c683f9a0878f74b04df5
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_i386.deb
      Size/MD5: 580590 60aa194372a368dad6c15b096c74a3f4
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_i386.deb
      Size/MD5: 175510 c8bdfa25f8d165aa319b91dcdaa10004

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.3_powerpc.deb
      Size/MD5: 184652 a2616015be8f766ed36ba7a0fe6f1fa0
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.3_powerpc.deb
      Size/MD5: 675104 bca6250681070c0045dba899f6f11707
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.3_powerpc.deb
      Size/MD5: 183176 38213309ad4f232332aa62b47c2286df

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.2.diff.gz
      Size/MD5: 32541 a71619e0d5df51e905a68328c54c01d9
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-11ubuntu1.2.dsc
      Size/MD5: 1423 8d3d29b9e45d9d53f690a15643e72e96
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11ubuntu1.2_all.deb
      Size/MD5: 2148928 ed8976d604e4929c85c8e9bab40406f0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_amd64.deb
      Size/MD5: 194656 6a830bb38a1720bd19f12e96074a9418
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_amd64.deb
      Size/MD5: 659118 e831effa3a3d9b2990e4b2c3f7b9d46a
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_amd64.deb
      Size/MD5: 193170 e7ac00a876bb8e24691a8fa3933ab0f5

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_i386.deb
      Size/MD5: 171796 6ea1f835eb7c4315084190e8f628b6ec
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_i386.deb
      Size/MD5: 549270 44d546e86e6c81936c1ab278a71f2ebc
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_i386.deb
      Size/MD5: 170448 e342deec10cef78f9f83fd8e691392d0

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11ubuntu1.2_powerpc.deb
      Size/MD5: 185366 b2d487e8a89ace311fc5b9ed29088c92
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ubuntu1.2_powerpc.deb
      Size/MD5: 667448 0495b9a9ff9ea8836d9c371d254005f5
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubuntu1.2_powerpc.deb
      Size/MD5: 183888 b422aa2ae4f2ad2021e4dcd27b63cfc2