Linux Today - Advisories, July 16, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, July 16, 2006

Advisories, July 16, 2006
Jul 17, 2006, 04 :45 UTC (0 Talkback[s]) (2459 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1109-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 16th, 2006 http://www.debian.org/security/faq

Package : rssh
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-1320
Debian Bug : 346322

Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions.

For the stable distribution (sarge) this problem has been fixed in version 2.2.3-1.sarge.2.

For the unstable distribution (sid) this problem has been fixed in version 2.3.0-1.1.

We recommend that you upgrade your rssh package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2.dsc
      Size/MD5 checksum: 589 a8ccbaa1d14d0aa30b3eb0bb1aefd4e5
    http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2.diff.gz
      Size/MD5 checksum: 52207 00e3ad8c7944ed55e1316e414ab3d388
    http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3.orig.tar.gz
      Size/MD5 checksum: 107216 74f40a4fd5d2b097af34a817e21a33cf

Alpha architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_alpha.deb
Size/MD5 checksum: 48782 0388514b947030f42219c9a615527dd9

AMD64 architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_amd64.deb
Size/MD5 checksum: 44472 021a58e5c2591e2a15e4f1804816aa7b

ARM architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_arm.deb
Size/MD5 checksum: 41974 98eb40b5011e7868b02edfc07591f005

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_i386.deb
Size/MD5 checksum: 42596 7236c31d25f8b4cbbb8894112aa585aa

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_ia64.deb
Size/MD5 checksum: 55530 9c61a904a78c4c6d93763cdb73f9c009

HP Precision architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_hppa.deb
Size/MD5 checksum: 44098 334ae1019286051be323bf6994d51c99

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_m68k.deb
Size/MD5 checksum: 41522 0efafd5a441d6d392d1a2490bfb2dcc4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_mips.deb
Size/MD5 checksum: 49520 7126170731d1b5ad12d7afb6d68c16b7

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_mipsel.deb
Size/MD5 checksum: 49546 7d8859c87eeb09f3b2502cfbed3c3f66

PowerPC architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_powerpc.deb
Size/MD5 checksum: 42936 f68184985e1ec6c27518ac74404afbec

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_s390.deb
Size/MD5 checksum: 42596 29243bae45e1dca2c07ca609617c0bfa

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_sparc.deb
Size/MD5 checksum: 42532 59db16aa282bc182f79418fdd99341c0

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1110-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 16th, 2006 http://www.debian.org/security/faq

Package : samba
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-3403

Gerald Carter discovered that the smbd daemon from Samba, a free implementation of the SMB/CIFS protocol, imposes insufficient limits in the code to handle shared connections, which can be exploited to exhaust system memory by sending maliciously crafted requests, leading to denial of service.

For the stable distribution (sarge) this problem has been fixed in version 3.0.14a-3sarge2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your samba package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2.dsc
      Size/MD5 checksum: 1081 228209482ce7dcac4555cf01ad5accd8
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2.diff.gz
      Size/MD5 checksum: 113550 e67c59189e5392bf968a09b3e63aa43f
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
      Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8

Architecture independent components:

http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge2_all.deb
Size/MD5 checksum: 12116952 608638d037d8a05c239f3c70895859cb

Alpha architecture:

AMD64 architecture:

ARM architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

HP Precision architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1111-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
Jul 16th, 2006 http://www.debian.org/security/faq

Package : kernel-source-2.6.8 et. al.
Vulnerability : race condition
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-3625

It was discovered that a race condition in the process filesystem can lead to privilege escalation.

The following matrix explains which kernel version for which architecture fixes the problem mentioned above:

                                 Debian 3.1 (sarge)
     Source                      2.6.8-16sarge4
     Alpha architecture          2.6.8-16sarge4
     AMD64 architecture          2.6.8-16sarge4
     Intel IA-32 architecture    2.6.8-16sarge4
     Intel IA-64 architecture    2.6.8-14sarge4
     PowerPC architecture        2.6.8-12sarge4
     Sun Sparc architecture      2.6.8-15sarge4

As an exploit for this issue in the wild, this advisory was sent out without builds for the IBM S/390, Motorola 680x0 and HP Precision architectures being available. They will be released in a followup-advisory as soon as they are available. Also, the kernels for the FAI installer haven't been updated yet. As a workaround we recommend to mount proc with the nosuid and noexec options.

We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge4_all.deb
      Size/MD5 checksum: 6183402 a4efe296e5fd14d33c6b1ae1f40265c3
    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge4_all.deb
      Size/MD5 checksum: 1081512 562d408fa5cd936f557eceb74621bff2
    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge4_all.deb
      Size/MD5 checksum: 34943124 7b65a57ca6a2376d8042143244b8f5ab
    http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge4_all.deb
      Size/MD5 checksum: 35134 80f1a94b1542bf3f89bd77d0a69c67c4

Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge4_alpha.deb
      Size/MD5 checksum: 2759858 310b0ddfee56412d0fdf827fbb53ad04
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge4_alpha.deb
      Size/MD5 checksum: 232256 264fb1d8c9107950918e02b3c8d1b2c5
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge4_alpha.deb
      Size/MD5 checksum: 227366 3c43da6bd0a369e67be02af8e3498d60
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge4_alpha.deb
      Size/MD5 checksum: 20220764 714e37e85c5387ef44ef8ca96608934a
    http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge4_alpha.deb
      Size/MD5 checksum: 20073926 24005f33bb551a3dec6cdbbdae45efdf

Intel IA-32 architecture:

Intel IA-64 architecture:

Sun Sparc architecture:

PowerPC architecture:

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:122
http://www.mandriva.com/security/

Package : php
Date : July 13, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function. One instance in gd_io_dp.c does not appear to be corrected in the embedded copy of GD used in php to build the php-gd package. (CVE-2004-0941)

Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. PHP, as packaged in Mandriva Linux, contains an embedded copy of the GD library, used to build the php-gd package. (CVE-2004-0990)

The c-client library 2000, 2001, or 2004 for PHP 3.x, 4.x, and 5.x, when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. (CVE-2006-1017)

Integer overflow in the wordwrap function in string.c in might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. (CVE-2006-1990) The previous update for this issue did not resolve the issue on 64bit platforms.

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing nul characters. (CVE-2006-2563)

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. (CVE-2006-2660)

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. PHP, as packaged in Mandriva Linux, contains an embedded copy of the GD library, used to build the php-gd package. (CVE-2006-2906)

The error_log function in PHP allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. (CVE-2006-3011)

An unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names", including special characters that are frequently associated with CRLF injection, SQL injection, and cross-site scripting (XSS) vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). (CVE-2006-3016)

An unspecified vulnerability in PHP before 5.1.3 can prevent a variable from being unset even when the unset function is called, which might cause the variable's value to be used in security-relevant operations. (CVE-2006-3017)

An unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unkown impact and attack vectors related to heap corruption. (CVE-2006-3018)

The GD related issues (CVE-2004-0941, CVE-2004-0990, CVE-2006-2906) affect only Corporate 3 and Mandrake Network Firewall 2.

The php-curl issue (CVE-2006-2563) affects only Mandriva 2006.0.

Updated packages have been patched to address all these issues. Once these packages have been installed, you will need to restart Apache (service httpd restart) in order for the changes to take effect.

References:

Updated Packages:

Mandriva Linux 10.2:
78c38db9594e6f378a541d8656a348cd 10.2/RPMS/libphp_common432-4.3.10-7.14.102mdk.i586.rpm
20874c0f88c0eabb71227562e7b76d99 10.2/RPMS/php432-devel-4.3.10-7.14.102mdk.i586.rpm
959e27855da01eeda3bce928b81a505e 10.2/RPMS/php-cgi-4.3.10-7.14.102mdk.i586.rpm
af8f5d5d30248a0dceeb5f477f243521 10.2/RPMS/php-cli-4.3.10-7.14.102mdk.i586.rpm
3490de40093a12603e1fa2e52fe44936 10.2/RPMS/php-imap-4.3.10-6.3.102mdk.i586.rpm
ed6c4147816b189ba23131f30246a953 10.2/SRPMS/php-4.3.10-7.14.102mdk.src.rpm
396e14746eb0f291e212b2d53bea520c 10.2/SRPMS/php-imap-4.3.10-6.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
aea78fff707fcf9313f8ea705fe49304 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.14.102mdk.x86_64.rpm
24825f38408b5e17ddb030cb6cafbebc x86_64/10.2/RPMS/php432-devel-4.3.10-7.14.102mdk.x86_64.rpm
c01955be46b9ee3c01f34cd3ff96fdd5 x86_64/10.2/RPMS/php-cgi-4.3.10-7.14.102mdk.x86_64.rpm
7b0ea6ea8a37f89fa00240a88d667a13 x86_64/10.2/RPMS/php-cli-4.3.10-7.14.102mdk.x86_64.rpm
3f2f4c714be10ca1931be7fab5f16ed7 x86_64/10.2/RPMS/php-imap-4.3.10-6.3.102mdk.x86_64.rpm
ed6c4147816b189ba23131f30246a953 x86_64/10.2/SRPMS/php-4.3.10-7.14.102mdk.src.rpm
396e14746eb0f291e212b2d53bea520c x86_64/10.2/SRPMS/php-imap-4.3.10-6.3.102mdk.src.rpm

Mandriva Linux 2006.0:
ac3a35ac0db18fe07aed82c55bc9495c 2006.0/RPMS/libphp5_common5-5.0.4-9.12.20060mdk.i586.rpm
eddf792e9ac30c60ba29967469c94721 2006.0/RPMS/php-cgi-5.0.4-9.12.20060mdk.i586.rpm
7ad40230e703fb0dbddb9b6b864305de 2006.0/RPMS/php-cli-5.0.4-9.12.20060mdk.i586.rpm
847ea3aa279af20470a4e4fc0ccefc7f 2006.0/RPMS/php-curl-5.0.4-1.3.20060mdk.i586.rpm
e81718f6e31cb7aced9d2ff7462c0b80 2006.0/RPMS/php-devel-5.0.4-9.12.20060mdk.i586.rpm
188757b3e34afb445a288f4156232b77 2006.0/RPMS/php-fcgi-5.0.4-9.12.20060mdk.i586.rpm
b8487a338e7c0be6baf08f3231169574 2006.0/RPMS/php-imap-5.0.4-2.3.20060mdk.i586.rpm
cdda5acab01891036e955b4b89509552 2006.0/SRPMS/php-5.0.4-9.12.20060mdk.src.rpm
6f59b73dc4ad989fc1cf82981a78447b 2006.0/SRPMS/php-curl-5.0.4-1.3.20060mdk.src.rpm
1ca1cd0433f93e7a5338d265e5fe31a1 2006.0/SRPMS/php-imap-5.0.4-2.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
91133e3df28354e321a52b868605f5b4 x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.12.20060mdk.x86_64.rpm
348350bfa9bb17ac01b574d1ce53e212 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.12.20060mdk.x86_64.rpm
c33ab51b3b82a33140625c1dda6ed397 x86_64/2006.0/RPMS/php-cli-5.0.4-9.12.20060mdk.x86_64.rpm
070e8e1f3d4a5035cd2ca7b4b9dc6f61 x86_64/2006.0/RPMS/php-curl-5.0.4-1.3.20060mdk.x86_64.rpm
d1cae6289e3625693902b52730dbf95f x86_64/2006.0/RPMS/php-devel-5.0.4-9.12.20060mdk.x86_64.rpm
e8ae1224fab30562d7d66c981893897c x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.12.20060mdk.x86_64.rpm
991c3a4f7cb708aa3c2f9ef4b525017e x86_64/2006.0/RPMS/php-imap-5.0.4-2.3.20060mdk.x86_64.rpm
cdda5acab01891036e955b4b89509552 x86_64/2006.0/SRPMS/php-5.0.4-9.12.20060mdk.src.rpm
6f59b73dc4ad989fc1cf82981a78447b x86_64/2006.0/SRPMS/php-curl-5.0.4-1.3.20060mdk.src.rpm
1ca1cd0433f93e7a5338d265e5fe31a1 x86_64/2006.0/SRPMS/php-imap-5.0.4-2.3.20060mdk.src.rpm

Corporate 3.0:
8bfc40ebf399d5742075eeb33c1a8a72 corporate/3.0/RPMS/libphp_common432-4.3.4-4.18.C30mdk.i586.rpm
ea00cd47c8a866b07c6081a8e1a3475b corporate/3.0/RPMS/php432-devel-4.3.4-4.18.C30mdk.i586.rpm
cfc50d1bc5aaf96760938648d8f30715 corporate/3.0/RPMS/php-cgi-4.3.4-4.18.C30mdk.i586.rpm
66b65fce45465361ead9272a8fc6146d corporate/3.0/RPMS/php-cli-4.3.4-4.18.C30mdk.i586.rpm
219f2fa835442a1b4f3fab1cf9433de7 corporate/3.0/RPMS/php-gd-4.3.4-1.3.C30mdk.i586.rpm
6d3b9ba8bc1dcb77f00308e54dc2ab64 corporate/3.0/RPMS/php-imap-4.3.4-1.3.C30mdk.i586.rpm
6ec95f80b1f1cf3644847b1c83c33a16 corporate/3.0/SRPMS/php-4.3.4-4.18.C30mdk.src.rpm
37bada32aaafa6e85e936543a2a28b9b corporate/3.0/SRPMS/php-gd-4.3.4-1.3.C30mdk.src.rpm
d5b7b08aa1cff8aba9d3e6c011529d33 corporate/3.0/SRPMS/php-imap-4.3.4-1.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
e46dc14256b5ad29c193c9701aed8e71 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.18.C30mdk.x86_64.rpm
03b90618d19cfe790148a9f2f57985ba x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.18.C30mdk.x86_64.rpm
f9fc560f573ab7911abe22db70decdca x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.18.C30mdk.x86_64.rpm
eb9b7e8f2cc0eea84d0fe599bd93c902 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.18.C30mdk.x86_64.rpm
338e3f7c9c0a022a0512e7ef8252d37c x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.3.C30mdk.x86_64.rpm
e054fe6114520c57b5e9f991a362e313 x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.3.C30mdk.x86_64.rpm
6ec95f80b1f1cf3644847b1c83c33a16 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.18.C30mdk.src.rpm
37bada32aaafa6e85e936543a2a28b9b x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.3.C30mdk.src.rpm
d5b7b08aa1cff8aba9d3e6c011529d33 x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
be0aa10810884606a6378a340b170438 mnf/2.0/RPMS/libphp_common432-4.3.4-4.18.M20mdk.i586.rpm
ef8fac6784866d24b16fb9bbf15069a9 mnf/2.0/RPMS/php432-devel-4.3.4-4.18.M20mdk.i586.rpm
8132b0cdc8bfb94d7e3d4e0712eae5cc mnf/2.0/RPMS/php-cgi-4.3.4-4.18.M20mdk.i586.rpm
5783b1dc5c2f5ac6d3392d284ca5e42e mnf/2.0/RPMS/php-cli-4.3.4-4.18.M20mdk.i586.rpm
d88b4c66f31f707bb46098658497876f mnf/2.0/RPMS/php-gd-4.3.4-1.3.M20mdk.i586.rpm
0b563d4b740e9d5d21d1eb6464fc573b mnf/2.0/SRPMS/php-4.3.4-4.18.M20mdk.src.rpm
05b34d21c7d168fcbb4404dbe08f45ac mnf/2.0/SRPMS/php-gd-4.3.4-1.3.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:123
http://www.mandriva.com/security/

Package : kernel
Date : July 13, 2006
Affected: 2006.0

Problem Description:

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel:

The kernel did not clear sockaddr_in.sin_zero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt() is called with SO_ORIGINAL_DST (CVE-2006-1343).

Prior to 2.6.16, a buffer overflow in the USB Gadget RNDIS implementation could allow a remote attacker to cause a Denial of Service via a remote NDIS response (CVE-2006-1368).

Prior to 2.6.13, local users could cause a Denial of Service (crash) via a dio transfer from the sg driver to memory mapped IO space (CVE-2006-1528).

Prior to and including 2.6.16, the kernel did not add the appropriate LSM file_permission hooks to the readv and writev functions, which could allow an attacker to bypass intended access restrictions (CVE-2006-1856).

Prior to 2.6.16.17, a buffer oveflow in SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk (CVE-2006-1857).

Prior to 2.6.16.17, SCTP could allow a remote attacker to cause a DoS (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters (CVE-2006-1858).

Prior to 2.6.16.16, a memory leak in fs/locks.c could allow an attacker to cause a DoS (memory consumption) via unspecified actions (CVE-2006-1859).

Prior to 2.6.16.16, lease_init in fs/locks.c could allow an attacker to cause a DoS (fcntl_setlease lockup) via certain actions (CVE-2006-1860).

Prior to 2.6.17, SCTP allowed remote attackers to cause a DoS (infinite recursion and crash) via a packet that contains two or more DATA fragments (CVE-2006-2274).

Prior to 2.6.16.21, a race condition in run_posix_cpu timers could allow a local user to cause a DoS (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting (CVE-2006-2445).

Prior to 2.6.17.1, xt_sctp in netfilter could allow an attacker to cause a DoS (infinite loop) via an SCTP chunk with a 0 length (CVE-2006-3085).

As well, an issue where IPC could hit an unmapped vmalloc page when near the page boundary has been corrected.

In addition to these security fixes, other fixes have been included such as:

avoid automatic update of kernel-source without updating the kernel
fix USB EHCI handoff code, which made some machines hang while booting
disable USB_BANDWIDTH which corrects a known problem in some USB sound devices
fix a bluetooth refcounting bug which could hang the machine
fix a NULL pointer dereference in USB-Serial's serial_open() function
add missing wakeup in pl2303 TIOCMIWAIT handling
fix a possible user-after-free in USB-Serial core
suspend/resume fixes
HPET timer fixes
prevent fixed button event to reach userspace on S3 resume
add sysfs support in ide-tape
fix ASUS P5S800 reboot

Finally, a new drbd-utils package is provided that is a required upgrade with this new kernel due to a logic bug in the previously shipped version of drbd-utils that could cause a kernel panic on the master when a slave went offline.

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

References:

Updated Packages:

Mandriva Linux 2006.0:
6deeff1b4604a7423cd0836bb47cf22c 2006.0/RPMS/drbd-utils-0.7.19-2.1.20060mdk.i586.rpm
e0a9422ea0372348d0e7f9bf643321dd 2006.0/RPMS/drbd-utils-heartbeat-0.7.19-2.1.20060mdk.i586.rpm
1f31130ae26f66e224148bcb0afa3b82 2006.0/RPMS/kernel-2.6.12.23mdk-1-1mdk.i586.rpm
c257931ad599d5c3a59a3f5c5444496e 2006.0/RPMS/kernel-BOOT-2.6.12.23mdk-1-1mdk.i586.rpm
5212cd3d7c4dcc8da030fc20bdeecd29 2006.0/RPMS/kernel-i586-up-1GB-2.6.12.23mdk-1-1mdk.i586.rpm
b8a96e33ad5df3198c60f7302c695a1f 2006.0/RPMS/kernel-i686-up-4GB-2.6.12.23mdk-1-1mdk.i586.rpm
ffb0b1c7e4919b28b89d7636b3d27c52 2006.0/RPMS/kernel-smp-2.6.12.23mdk-1-1mdk.i586.rpm
e5caf57af026af95b40151e31206c512 2006.0/RPMS/kernel-source-2.6.12.23mdk-1-1mdk.i586.rpm
27d1b92bd2cb4ca83c543888e4897288 2006.0/RPMS/kernel-source-stripped-2.6.12.23mdk-1-1mdk.i586.rpm
3dae8ba1445aac17ddcba810a1b6d4b3 2006.0/RPMS/kernel-xbox-2.6.12.23mdk-1-1mdk.i586.rpm
94ec749ac32122a16d3af409ee55f257 2006.0/RPMS/kernel-xen0-2.6.12.23mdk-1-1mdk.i586.rpm
867f834703a5699000beffc31de57de4 2006.0/RPMS/kernel-xenU-2.6.12.23mdk-1-1mdk.i586.rpm
291c47123a499c37d927cc18906eef93 2006.0/SRPMS/drbd-utils-0.7.19-2.1.20060mdk.src.rpm
008cf4d555bc98e67b6bb04a1a7fdfd8 2006.0/SRPMS/kernel-2.6.12.23mdk-1-1mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2665fcbebbbc1b8d3b111e4175b69ca5 x86_64/2006.0/RPMS/drbd-utils-0.7.19-2.1.20060mdk.x86_64.rpm
2b44612405e4424d7775f4c6ce20df6a x86_64/2006.0/RPMS/drbd-utils-heartbeat-0.7.19-2.1.20060mdk.x86_64.rpm
79a0d55afacadebc94f81b14d21f1a5c x86_64/2006.0/RPMS/kernel-2.6.12.23mdk-1-1mdk.x86_64.rpm
2fa6c0023710d65de429dd6d0e759817 x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.23mdk-1-1mdk.x86_64.rpm
de9bef05e34a3e539bcb1aceb8c713bc x86_64/2006.0/RPMS/kernel-smp-2.6.12.23mdk-1-1mdk.x86_64.rpm
ffa4baaa5a96eb88e0655559da2622f7 x86_64/2006.0/RPMS/kernel-source-2.6.12.23mdk-1-1mdk.x86_64.rpm
6b5b62941bf2c34a975b9aaf1a9efa1f x86_64/2006.0/RPMS/kernel-source-stripped-2.6.12.23mdk-1-1mdk.x86_64.rpm
291c47123a499c37d927cc18906eef93 x86_64/2006.0/SRPMS/drbd-utils-0.7.19-2.1.20060mdk.src.rpm
008cf4d555bc98e67b6bb04a1a7fdfd8 x86_64/2006.0/SRPMS/kernel-2.6.12.23mdk-1-1mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2006:0579-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0579.html
Issue date: 2006-07-13
Updated on: 2006-07-13
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3055 CVE-2005-3273 CVE-2006-1056 CVE-2006-1342 CVE-2006-1343 CVE-2006-1864 CVE-2006-2071

1. Summary:

Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures)

This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386
Red Hat Linux Advanced Workstation 2.1 -
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described below:

a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate)
a flaw in ROSE due to missing verification of the ndigis argument of new routes (CVE-2005-3273, moderate)
an info leak on AMD-based x86 systems that allowed a local user to retrieve the floating point exception state of a process run by a different user (CVE-2006-1056, important)
a minor info leak in socket name handling in the network code (CVE-2006-1342, low)
a minor info leak in socket option handling in the network code (CVE-2006-1343, low)
a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences (CVE-2006-1864, moderate)
a flaw in the mprotect system call that allowed to give write permission to a readonly attachment of shared memory (CVE-2006-2071, moderate)

A performance bug in the NFS implementation that caused clients to frequently pause when sending TCP segments during heavy write loads was also addressed.

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to these updated packages, which contain backported fixes to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155362 - CVE-2005-3273 ROSE ndigis verification
169262 - CVE-2005-3055 async usb devio oops
186245 - CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
189344 - CVE-2006-1056 FPU Information leak on i386/x86-64 on AMD CPUs
189438 - CVE-2006-1864 smbfs chroot issue
190076 - CVE-2006-2071 mprotect gives write permission to a readonly attachment

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.70.src.rpm
5bb4eb687f9657fbc9270e2ac34bfd43 kernel-2.4.9-e.70.src.rpm

i386:
a01f8a420613698289df25b15b37c347 kernel-2.4.9-e.70.athlon.rpm
8cc3614816ac844acbd7a6f5939fcbb8 kernel-2.4.9-e.70.i686.rpm
b7e4f94752fb561c436bd284bb3bb33b kernel-BOOT-2.4.9-e.70.i386.rpm
31a3335b0203bfa6841751446142dd12 kernel-debug-2.4.9-e.70.i686.rpm
366548fb753d8e153e1099575acb67e1 kernel-doc-2.4.9-e.70.i386.rpm
8a3e9b19eea831131c5d983716e71b5d kernel-enterprise-2.4.9-e.70.i686.rpm
b97f9e32f89e35b7da18c1aca2a279c7 kernel-headers-2.4.9-e.70.i386.rpm
909da40944a1664786e7881119735cad kernel-smp-2.4.9-e.70.athlon.rpm
783c75ba154ba2892ba824ea90eb3214 kernel-smp-2.4.9-e.70.i686.rpm
2ef4bbc4b4bf2549ca884e9ad9b5e1f3 kernel-source-2.4.9-e.70.i386.rpm
414c6991ff9f596f4903ab5a74efd47a kernel-summit-2.4.9-e.70.i686.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kernel-2.4.9-e.70.src.rpm
5bb4eb687f9657fbc9270e2ac34bfd43 kernel-2.4.9-e.70.src.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.70.src.rpm
5bb4eb687f9657fbc9270e2ac34bfd43 kernel-2.4.9-e.70.src.rpm

i386:
a01f8a420613698289df25b15b37c347 kernel-2.4.9-e.70.athlon.rpm
8cc3614816ac844acbd7a6f5939fcbb8 kernel-2.4.9-e.70.i686.rpm
b7e4f94752fb561c436bd284bb3bb33b kernel-BOOT-2.4.9-e.70.i386.rpm
31a3335b0203bfa6841751446142dd12 kernel-debug-2.4.9-e.70.i686.rpm
366548fb753d8e153e1099575acb67e1 kernel-doc-2.4.9-e.70.i386.rpm
b97f9e32f89e35b7da18c1aca2a279c7 kernel-headers-2.4.9-e.70.i386.rpm
909da40944a1664786e7881119735cad kernel-smp-2.4.9-e.70.athlon.rpm
783c75ba154ba2892ba824ea90eb3214 kernel-smp-2.4.9-e.70.i686.rpm
2ef4bbc4b4bf2549ca884e9ad9b5e1f3 kernel-source-2.4.9-e.70.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.70.src.rpm
5bb4eb687f9657fbc9270e2ac34bfd43 kernel-2.4.9-e.70.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Moderate: kernel security update
Advisory ID: RHSA-2006:0580-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0580.html
Issue date: 2006-07-13
Updated on: 2006-07-13
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3055 CVE-2005-3273 CVE-2006-1342 CVE-2006-1343 CVE-2006-1864 CVE-2006-2071 CVE-2006-2444

1. Summary:

Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (64 bit architectures)

This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64 Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described below:

a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate)
a flaw in ROSE due to missing verification of the ndigis argument of new routes (CVE-2005-3273, moderate)
a minor info leak in socket name handling in the network code (CVE-2006-1342, low)
a minor info leak in socket option handling in the network code (CVE-2006-1343, low)
a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences (CVE-2006-1864, moderate)
a flaw in the mprotect system call that allowed to give write permission to a readonly attachment of shared memory (CVE-2006-2071, moderate)
a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, moderate)

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to these updated packages, which contain backported fixes to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

155363 - CVE-2005-3273 ROSE ndigis verification
169263 - CVE-2005-3055 async usb devio oops (ipf)
186247 - CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
189439 - CVE-2006-1864 smbfs chroot issue
190077 - CVE-2006-2071 mprotect gives write permission to a readonly attachment
192634 - CVE-2006-2444 SNMP NAT netfilter memory corruption

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.18-e.63.src.rpm
c61d463283afa0bed053f3161756733b kernel-2.4.18-e.63.src.rpm

ia64:
32532fafc62a1f79c87e8a108237eb45 kernel-2.4.18-e.63.ia64.rpm
19dedbf7215f9a415361a7ef3e492e76 kernel-doc-2.4.18-e.63.ia64.rpm
06caba179a589bc80a3dc985a631a235 kernel-smp-2.4.18-e.63.ia64.rpm
02e26e237854382d5df668e8dc65c0b3 kernel-source-2.4.18-e.63.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kernel-2.4.18-e.63.src.rpm
c61d463283afa0bed053f3161756733b kernel-2.4.18-e.63.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2444
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Slackware Linux

[slackware-security] Samba DoS (SSA:2006-195-01)

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related (but in my own and also the Samba's team member who made their WHATSNEW.txt entry, "minor") denial of service issue.

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.23-i486-1_slack10.2.tgz:
Upgraded to samba-3.0.23.
This fixes a minor memory exhaustion DoS in smbd.
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
(* Security fix *)
+--------------------------+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.23-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.23-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.23-i486-1_slack10.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.23-i486-1.tgz

MD5 signatures:

Slackware 10.0 package:
bbe8f1335a0910ed5cd86aec39eda5a0 samba-3.0.23-i486-1_slack10.0.tgz

Slackware 10.1 package:
dfcc3ab0969556d0d99f9eb8a01c8604 samba-3.0.23-i486-1_slack10.1.tgz

Slackware 10.2 package:
05d92f6414aee1d335a91fb44f3113dc samba-3.0.23-i486-1_slack10.2.tgz

Slackware -current package:
024dc7b378815828dd6558d6923a677f samba-3.0.23-i486-1.tgz

Installation instructions:

Upgrade the packages as root:
# upgradepkg samba-3.0.23-i486-1_slack10.2.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Ubuntu Linux

Ubuntu Security Notice USN-317-1 July 13, 2006
zope2.8 vulnerability
CVE-2006-3458

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
zope2.8 2.8.1-5ubuntu0.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:
Unsaved Document 1
Zope did not deactivate the 'raw' command when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8_2.8.1-5ubuntu0.2.diff.gz
      Size/MD5: 13282 2eb94321cd899b8a270205d63d922cc0
    http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8_2.8.1-5ubuntu0.2.dsc
      Size/MD5: 826 1014a9617f2404bb2a812c2f5755e106
    http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8_2.8.1.orig.tar.gz
      Size/MD5: 5343921 0ec441a35175bb8d8c557b7d3c63f6f6

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8-sandbox_2.8.1-5ubuntu0.2_all.deb
Size/MD5: 18638 352dfb3302c6b8c6e39f3b5067124975

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8_2.8.1-5ubuntu0.2_amd64.deb
Size/MD5: 5521472 f0ad0cb3f4f5d31bca8dc4df67efef80

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8_2.8.1-5ubuntu0.2_i386.deb
Size/MD5: 5463698 22c8680d3649ae19e90c41224b5fbb3b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8_2.8.1-5ubuntu0.2_powerpc.deb
Size/MD5: 5551806 074782e4b777904545647f39ca52cc0f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/z/zope2.8/zope2.8_2.8.1-5ubuntu0.2_sparc.deb
Size/MD5: 5478804 4a7978b8921b0789d75857d893d706c9

Ubuntu Security Notice USN-318-1 July 13, 2006
libtunepimp vulnerability
http://bugs.musicbrainz.org/ticket/1764

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
libtunepimp2 0.3.0-2ubuntu5.1

Ubuntu 5.10:
libtunepimp2c2 0.3.0-2ubuntu7.1

Ubuntu 6.06 LTS:
libtunepimp2c2a 0.3.0-9.1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Kevin Kofler discovered several buffer overflows in the tag parser. By tricking a user into opening a specially crafted tagged multimedia file (such as .ogg or .mp3 music) with an application that uses libtunepimp, this could be exploited to execute arbitrary code with the user's privileges.

This particularly affects the KDE applications 'Amarok' and 'Juk'.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-2ubuntu5.1.diff.gz
      Size/MD5: 6871 816d083ad0010b6ba3f4c2c027ffe4c8
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-2ubuntu5.1.dsc
      Size/MD5: 1016 0bb89c217e868b97c8ecece58d70d521
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
      Size/MD5: 524889 f1f506914150c4917ec730f847ad4709

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu5.1_amd64.deb
      Size/MD5: 24124 2bafeba28a4e75afc24b9d84ca89e4a4
    http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu5.1_amd64.deb
      Size/MD5: 65002 f6d69554dc0d49e9b43a8a86d3ad1595
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu5.1_amd64.deb
      Size/MD5: 307302 524eec25e6670177cef5f3923ca13bcb
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2_0.3.0-2ubuntu5.1_amd64.deb
      Size/MD5: 166714 65cc3f239ff8a2e4b71d9681c7a399d4
    http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu5.1_amd64.deb
      Size/MD5: 7620 8efc67adb855d09ee6163296d2a5dcc8
    http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu5.1_amd64.deb
      Size/MD5: 35906 fabd759fc946dc8da916ac4aea98344c
    http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu5.1_amd64.deb
      Size/MD5: 35906 ad81916e88a3041a29aa1d0b0381f807