Advisories, June 5, 2006 Jun 6, 2006, 04 :45 UTC (0 Talkback[s]) (3219 reads)
Slackware Linux
[slackware-security] mysql (SSA:2006-155-01)
New mysql packages are available for Slackware 9.1, 10.0, 10.1,
10.2 and -current to fix security issues.
The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1
may possibly leak sensitive information found in uninitialized
memory to authenticated users. This is fixed in the new packages,
and was already patched in Slackware 10.2 and -current.
Since the vulnerabilities require a valid login and/or access to the
database server, the risk is moderate. Slackware does not provide
network access to a MySQL database by default.
The MySQL packages in Slackware 10.2 and -current have been
upgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22
(Slackware -current) to fix an SQL injection vulnerability.
Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/mysql-4.0.27-i486-1_slack10.1.tgz:
Upgraded to mysql-4.0.27.
This fixes some minor security issues with possible information leakage.
Note that the information leakage bugs require that the attacker have
access to an account on the database. Also note that by default,
Slackware's rc.mysqld script does not allow access to the database
through the outside network (it uses the --skip-networking option).
If you've enabled network access to MySQL, it is a good idea to filter
the port (3306) to prevent access from unauthorized machines.
For more details, see the MySQL 4.0.27 release announcement here: http://lists.mysql.com/announce/359
For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
(* Security fix *)
+--------------------------+
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mysql-4.1.20-i486-1_slack10.2.tgz:
Upgraded to mysql-4.1.20. This fixes an SQL injection vulnerability.
For more details, see the MySQL 4.1.20 release announcement here: http://lists.mysql.com/announce/364
The CVE entry for this issue will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
+--------------------------+
HINT: Getting slow download speeds from ftp ftp.slackware.com?
Give slackware.osuosl.org/ a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
New Firefox and Thunderbird packages are available for Slackware
10.2 and -current to fix security issues. In addition, a new
Seamonkey package is available for Slackware -current to fix
similar issues.
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-1.5.0.4-i686-1.tgz:
Upgraded to firefox-1.5.0.4.
This upgrade fixes several possible security bugs.
For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.4-i686-1.tgz:
Upgraded to thunderbird-1.5.0.4.
This upgrade fixes several possible security bugs.
For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)
+--------------------------+
HINT: Getting slow download speeds from ftp ftp.slackware.com?
Give slackware.osuosl.org/ a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Package names: kernel, postgresql
Summary: Multiple vulnerabilities
Date: 2006-06-05
Affected versions: Trustix Secure Linux 2.2<
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc.
postgresql
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including transactions,
subselects and user-defined types and functions). The postgresql package
includes the client programs and libraries that you'll need to access a
PostgreSQL DBMS server. These PostgreSQL client programs are programs
that directly manipulate the internal structure of PostgreSQL databases
on a PostgreSQL server. These client programs can be located on the same
machine with the PostgreSQL server, or may be on a remote machine which
accesses a PostgreSQL server over a network connection. This package
contains the docs in HTML for the whole package, as well as command-line
utilities for managing PostgreSQL databases on a PostgreSQL server.
Problem description:
kernel < TSL 3.0 >
New Upstream.
SECURITY Fix: Pavel Kankovsky discovered that the getsockopt()
function, when called with an SO_ORIGINAL_DST argument, does not
properly clear the returned structure, so that a random piece of
kernel memory is exposed to the user. This could potentially
reveal sensitive data like passwords or encryption keys.
The Common Vulnerabilities and Exposures project (cve.mitre.org/)
has assigned the name CVE-2006-1343 to this issue.
postgresql < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
New Upstream.
SECURITY Fix: Akio Ishida and Yasuo Ohgaki have reported vulnerabilities
in PostgreSQL, which potentially can be exploited by malicious people
to conduct SQL injection attacks.
The first issue is due to an input validation error when handling a
parameter containing invalidly-encoded multibyte characters, which
could be exploited by malicious people to bypass standard string-escaping
methods and conduct SQL injection attacks via a supposedly secure script.
The second issue is due to an error when escaping ASCII single quote "'"
characters and operating in multibyte
encodings that allow using the "0x5c" ASCII code (backslash) as the
trailing byte of a multibyte character, which could be exploited by
attackers to inject arbitrary SQL queries.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the names CVE-2006-2313 and CVE-2006-2314 to these issues.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
