Linux Today - Advisories, August 9, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, August 9, 2006

Advisories, August 9, 2006
Aug 10, 2006, 03 :45 UTC (0 Talkback[s]) (2435 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1146-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 9th, 2006 http://www.debian.org/security/faq

Package : krb5
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE IDs : CVE-2006-3083 CVE-2006-3084
CERT advisories: VU#580124 VU#401660

In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success and which may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time.

For the stable distribution (sarge) these problems have been fixed in version 1.3.6-2sarge3.

For the unstable distribution (sid) these problems have been fixed in version 1.4.3-9.

We recommend that you upgrade your krb5 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.dsc
      Size/MD5 checksum: 782 df8c8142c32fb06bcf09d5c44d4f9ea1
    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.diff.gz
      Size/MD5 checksum: 663073 2e75d18a0b91e88b3df87439d981438a
    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
      Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919

Architecture independent components:

http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge3_all.deb
Size/MD5 checksum: 718328 f2595b87eb8731af975215775c44e00b

Alpha architecture:

AMD64 architecture:

ARM architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

HP Precision architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1147-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 9th, 2006 http://www.debian.org/security/faq

Package : drupal
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4002

Ayman Hourieh discovered that Drupal, a dynamic website platform, performs insufficient input sanitising in the user module, which might lead to cross-site scripting.

For the stable distribution (sarge) this problem has been fixed in version 4.5.3-6.1sarge3.

For the unstable distribution (sid) this problem has been fixed in version 4.5.8-2.

We recommend that you upgrade your drupal package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3.dsc
      Size/MD5 checksum: 625 bded8b7fb39d612fea45ddefca3f29ed
    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3.diff.gz
      Size/MD5 checksum: 84159 9e76069818a9187b7fe393aec84d5817
    http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
      Size/MD5 checksum: 471540 bf093c4c8aca7bba62833ea1df35702f

Architecture independent components:

http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3_all.deb
Size/MD5 checksum: 503164 196e9b4a743836d68e2668ae96d01ed1

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1148-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 9th, 2006 http://www.debian.org/security/faq

Package : gallery
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030
Debian Bug : 325285

Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-2734

A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information.

CVE-2006-0330

A cross-site scripting vulnerability in the user registration allows injection of web script code.

CVE-2006-4030

Missing input sanitising in the stats modules allows information disclosure.

For the stable distribution (sarge) these problems have been fixed in version 1.5-1sarge2.

For the unstable distribution (sid) these problems have been fixed in version 1.5-2.

We recommend that you upgrade your gallery package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.dsc
      Size/MD5 checksum: 589 f66813dbb5218b6cae62345331e73de0
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.diff.gz
      Size/MD5 checksum: 15917 4f2cb50ce35dcdce2af96dc251ee695f
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5.orig.tar.gz
      Size/MD5 checksum: 6654533 7d610b59e7bf9edbbfa0abb38e041754

Architecture independent components:

http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2_all.deb
Size/MD5 checksum: 6570476 5fd487a3d9973eb95af4eb4ee85cf545

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:138
http://www.mandriva.com/security/

Package : clamav
Date : August 8, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

Damian Put discovered a boundary error in the UPX extraction module in ClamAV which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or clamd.

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4018

Updated Packages:

Mandriva Linux 2006.0:
7160be474b24613a61e0544bc51f7f86 2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.i586.rpm
8eaf5d27daa93c18117d72991d04f6a2 2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.i586.rpm
27781d61cf85dd88b8d83586d4831e1c 2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.i586.rpm
ee41c72a28b45af3a8bc8a01b24680c1 2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.i586.rpm
0a9fb0940a123a7347920c22a9453282 2006.0/RPMS/libclamav1-0.88.4-0.1.20060mdk.i586.rpm
89af9807ff0787621c51c0a6cf2545a0 2006.0/RPMS/libclamav1-devel-0.88.4-0.1.20060mdk.i586.rpm
034456a7e7e5c583403c69b06fb2b7c0 2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
8fc81c2d735a98c48c84abc4654c947e x86_64/2006.0/RPMS/clamav-0.88.4-0.1.20060mdk.x86_64.rpm
0b306fe32d6e833e1ac45bd485fa2e93 x86_64/2006.0/RPMS/clamav-db-0.88.4-0.1.20060mdk.x86_64.rpm
fba26b042f08e0edbea94f26e3b0093e x86_64/2006.0/RPMS/clamav-milter-0.88.4-0.1.20060mdk.x86_64.rpm
50fc585d63d14daceeec889d52f4e1e1 x86_64/2006.0/RPMS/clamd-0.88.4-0.1.20060mdk.x86_64.rpm
cf9e501d41c3951c158647aeb28a018f x86_64/2006.0/RPMS/lib64clamav1-0.88.4-0.1.20060mdk.x86_64.rpm
9734f7d218bf446ac403584198d035bd x86_64/2006.0/RPMS/lib64clamav1-devel-0.88.4-0.1.20060mdk.x86_64.rpm
034456a7e7e5c583403c69b06fb2b7c0 x86_64/2006.0/SRPMS/clamav-0.88.4-0.1.20060mdk.src.rpm

Corporate 3.0:
8995669334c70e4abe03a130291ceee3 corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.i586.rpm
b4d5bb40c553484ece891b5ccf6b9946 corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.i586.rpm
beca95463cea696152f9b25f57fee24c corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.i586.rpm
35dd7bff362ed54c8e052ba3182bff91 corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.i586.rpm
620db7610ccc4c7b05d0580634217e14 corporate/3.0/RPMS/libclamav1-0.88.4-0.1.C30mdk.i586.rpm
943964d75379bfbf9db16aa44a6965a4 corporate/3.0/RPMS/libclamav1-devel-0.88.4-0.1.C30mdk.i586.rpm
2ae9a4d818dce236123140f9edbaa742 corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
873e244792ddb282ba7d5d3780644198 x86_64/corporate/3.0/RPMS/clamav-0.88.4-0.1.C30mdk.x86_64.rpm
45a538b5fc07847628b32f4346f4683e x86_64/corporate/3.0/RPMS/clamav-db-0.88.4-0.1.C30mdk.x86_64.rpm
5eef3b58eba440748a40d144adc9f36c x86_64/corporate/3.0/RPMS/clamav-milter-0.88.4-0.1.C30mdk.x86_64.rpm
e2cb732e7b7a676a330784f2414d7700 x86_64/corporate/3.0/RPMS/clamd-0.88.4-0.1.C30mdk.x86_64.rpm
686e984920647ab725f6a79249673663 x86_64/corporate/3.0/RPMS/lib64clamav1-0.88.4-0.1.C30mdk.x86_64.rpm
78e63226b709d850781813c2e5ea9b08 x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88.4-0.1.C30mdk.x86_64.rpm
2ae9a4d818dce236123140f9edbaa742 x86_64/corporate/3.0/SRPMS/clamav-0.88.4-0.1.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:139
http://www.mandriva.com/security/

Package : krb5
Date : September 9, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege.

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083

Updated Packages:

Mandriva Linux 2006.0:
9769771585fb7b7fc6cf6feea1d6852d 2006.0/RPMS/ftp-client-krb5-1.4.2-1.1.20060mdk.i586.rpm
132d70eb7cc47ac787ceb4490f87d308 2006.0/RPMS/ftp-server-krb5-1.4.2-1.1.20060mdk.i586.rpm
ebcf417d249dc28511c8e6579ad832de 2006.0/RPMS/krb5-server-1.4.2-1.1.20060mdk.i586.rpm
37eb990906dea9b113f8dde526a218ab 2006.0/RPMS/krb5-workstation-1.4.2-1.1.20060mdk.i586.rpm
12bd0420fdfdf55433beaa839d245c7d 2006.0/RPMS/libkrb53-1.4.2-1.1.20060mdk.i586.rpm
73ec87553b0dfdee4170c23fd42f9b33 2006.0/RPMS/libkrb53-devel-1.4.2-1.1.20060mdk.i586.rpm
2e9bca676a7c89a2970105ec73dfd43a 2006.0/RPMS/telnet-client-krb5-1.4.2-1.1.20060mdk.i586.rpm
309990a6c12954d0c742ae3fcc20d3f7 2006.0/RPMS/telnet-server-krb5-1.4.2-1.1.20060mdk.i586.rpm
6b8f5083efd5c04230fb732636e78269 2006.0/SRPMS/krb5-1.4.2-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
7379da32042912507b45257c3ae7527a x86_64/2006.0/RPMS/ftp-client-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
5b9c39f00856cbfe56c984636c9616ec x86_64/2006.0/RPMS/ftp-server-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
dcbd8eb16edbaeab7f96bbbd61a63a42 x86_64/2006.0/RPMS/krb5-server-1.4.2-1.1.20060mdk.x86_64.rpm
27f81fe2c23b1aadb77bf36a765f1f3a x86_64/2006.0/RPMS/krb5-workstation-1.4.2-1.1.20060mdk.x86_64.rpm
3ab0d3234686c559c0ca1363503f6632 x86_64/2006.0/RPMS/lib64krb53-1.4.2-1.1.20060mdk.x86_64.rpm
b79453018b1fdfd10cd1e67ed77eeecb x86_64/2006.0/RPMS/lib64krb53-devel-1.4.2-1.1.20060mdk.x86_64.rpm
7ec7ec461afca7f7707e010310be4532 x86_64/2006.0/RPMS/telnet-client-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
e596730793941a4aedb582abb7bec0cf x86_64/2006.0/RPMS/telnet-server-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
6b8f5083efd5c04230fb732636e78269 x86_64/2006.0/SRPMS/krb5-1.4.2-1.1.20060mdk.src.rpm

Corporate 3.0:
828af711a7bc04cee4de3fccba07543f corporate/3.0/RPMS/ftp-client-krb5-1.3-6.7.C30mdk.i586.rpm
fc41fbc471acd1d94716ba7b37094e2c corporate/3.0/RPMS/ftp-server-krb5-1.3-6.7.C30mdk.i586.rpm
d118695919843b28dc401994b2f8605f corporate/3.0/RPMS/krb5-server-1.3-6.7.C30mdk.i586.rpm
c75c0d61e7fc98123f4dbfce2b2d3109 corporate/3.0/RPMS/krb5-workstation-1.3-6.7.C30mdk.i586.rpm
156f7354acd35590c33903d5dce0697d corporate/3.0/RPMS/libkrb51-1.3-6.7.C30mdk.i586.rpm
15c4329696fbcfecc7bedc62c56cf577 corporate/3.0/RPMS/libkrb51-devel-1.3-6.7.C30mdk.i586.rpm
d88d3533f6993057eb01d9baeb8f9046 corporate/3.0/RPMS/telnet-client-krb5-1.3-6.7.C30mdk.i586.rpm
be90de149ade08f77bf15481e4a65bf6 corporate/3.0/RPMS/telnet-server-krb5-1.3-6.7.C30mdk.i586.rpm
b5ab69f2c45bd7fd8ddf24204126a0d1 corporate/3.0/SRPMS/krb5-1.3-6.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
52e38def3585a04f2cec5dff30d1dad2 x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.7.C30mdk.x86_64.rpm
02a6c33fc49fe58013e999e2a4773f70 x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.7.C30mdk.x86_64.rpm
c3a9e4068740aeb23667ed5d46f0b48d x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.7.C30mdk.x86_64.rpm
9196af8c916c889cbe234acb1393faf0 x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.7.C30mdk.x86_64.rpm
ae7336d754a485b4f24a42f3c36fbb59 x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.7.C30mdk.x86_64.rpm
d38b0395a79d4ea909aeaf0eefcdc9d4 x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.7.C30mdk.x86_64.rpm
9e9bc222b2d7cbfc47c1af0fabd6ffd5 x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.7.C30mdk.x86_64.rpm
afd4f60af3022e6c319eb38fb658ca24 x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.7.C30mdk.x86_64.rpm
b5ab69f2c45bd7fd8ddf24204126a0d1 x86_64/corporate/3.0/SRPMS/krb5-1.3-6.7.C30mdk.src.rpm

Multi Network Firewall 2.0:
99da07eef578ea9634378d30310ea6da mnf/2.0/RPMS/libkrb51-1.3-6.7.M20mdk.i586.rpm
8fd9018ab4c3bed69af2466a5e587f25 mnf/2.0/SRPMS/krb5-1.3-6.7.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:140
http://www.mandriva.com/security/

Package : ncompress
Date : August 9, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data.

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168

Updated Packages:

Mandriva Linux 2006.0:
a1e4fe7d74a1c8e043beb83baec7b34b 2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.i586.rpm
4b87e1b5ba659ce410067b09a75d669e 2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
7ce7f3a618b9c3687936145e2563733a x86_64/2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.x86_64.rpm
4b87e1b5ba659ce410067b09a75d669e x86_64/2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm

Corporate 3.0:
30ecc6154bc75783218b82961288b085 corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.i586.rpm
bda272f060534aa25bebf22ed852f647 corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
c9340a5c9bea0316f31fc61f6916f192 x86_64/corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.x86_64.rpm
bda272f060534aa25bebf22ed852f647 x86_64/corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

SUSE Linux

SUSE Security Announcement

Package: clamav
Announcement ID: SUSE-SA:2006:046
Date: Wed, 09 Aug 2006 16:00:00 +0000
Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE SLES 10 SUSE SLES 9
Vulnerability Type: remote code execution
Severity (1-10): 5
SUSE Default Package: no
Cross-References: CVE-2006-4018

Content of This Advisory:

Security Vulnerability Resolved: clamav heap buffer overflow Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SUSE Security Summary Report
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

Damian Put discovered a bug in the UPX decoder used for scanning UPX compressed Windows executables. The bug allows for a heap buffer overflow and may potentially be exploitable to execute arbitrary code. ClamAV has been version updated to version 0.88.4 in order to fix this problem.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

If you use clamd or freshclam please restart them after the update if that didn't happen automatically.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package.

x86 Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/clamav-0.88.4-0.2.i586.rpm d782f3c2ec62fca80cbb1f2bb531b758

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/clamav-0.88.4-0.1.i586.rpm 2506a173ae698bbb85077edd252bd537

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-0.88.4-0.1.i586.rpm 0cd9e4ae7f3aeeff26cad68d2fbd4ea9

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-0.88.4-0.1.i586.rpm 1f2c24cc49f1bec6b8bf1f4ad0e3be04

Power PC Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/clamav-0.88.4-0.2.ppc.rpm 466de7dbb509ed9e1d049fe4d1748d6c

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/clamav-0.88.4-0.1.ppc.rpm 294827d288e5d409fbcbe80b1bcd4a01

x86-64 Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/clamav-0.88.4-0.2.x86_64.rpm 92bd2caca792c63f3e074998e0f2966e

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/clamav-0.88.4-0.1.x86_64.rpm e200bb4c9de2706d4a549869fea85dc6

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-0.88.4-0.1.x86_64.rpm 4ff1d40fc1721bb6d4930c582ad27bfd

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-0.88.4-0.1.x86_64.rpm 4fdf8b51963cd0460b7a2febf056003c

Sources:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/clamav-0.88.4-0.2.src.rpm 071e56397a105c1ec8fb99937aba6b7d

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/clamav-0.88.4-0.1.src.rpm 183529f6fb8098c5cd592bfaf0841f5d

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/clamav-0.88.4-0.1.src.rpm 95fd6765b9ac67100b81ac321daf2867

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/clamav-0.88.4-0.1.src.rpm 0759b1e53d0148b2ad372d33ed3d1135

Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:

SUSE SLES 9
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3320ba39bded04bc189797cf280a3313.html

SUSE SLES 10
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3320ba39bded04bc189797cf280a3313.html

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report

6) Authenticity Verification and Additional Information

Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>"

where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package:
1. Using the internal gpg signatures of the rpm package
2. MD5 checksums as provided in this announcement
1. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
  rpm -v --checksig <file.rpm>
  to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
2. If you need an alternative means of verification, use the md5sum
  command to verify the authenticity of the packages. Execute the command
  md5sum <filename.rpm>
  after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified.
SUSE runs two security mailing lists to which any interested party may subscribe:
suse-security@suse.com
- General Linux and SUSE security discussion.
  All SUSE security announcements are sent to this list. To subscribe, send an e-mail to
  <suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
- SUSE's announce-only mailing list.
  Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to
  <suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (FAQ), send mail to <suse-security-info@suse.com> or <suse-security-faq@suse.com>.

SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below.

The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Ubuntu

Ubuntu Security Notice USN-333-1 August 09, 2006
libwmf vulnerability
CVE-2006-3376

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
libwmf0.2-7 0.2.8-1.1ubuntu0.1

Ubuntu 5.10:
libwmf0.2-7 0.2.8.3-2ubuntu0.1

Ubuntu 6.06 LTS:
libwmf0.2-7 0.2.8.3-3.1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.diff.gz
      Size/MD5: 5304 e7805fbd610d936cfd64a4ad5529d604
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.dsc
      Size/MD5: 699 b38be3ecef264877a0a8aa57a3ef369f
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.orig.tar.gz
      Size/MD5: 1620489 269fb225cd44f40cc877fb6c63706112

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8-1.1ubuntu0.1_all.deb
Size/MD5: 271748 8ab9644a6b59216b32c4669b8fd1d08d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5: 20734 0423e72e4668c7c706e31591e751db7d
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5: 204060 acfd872c6e935d9df25e055ceb4b1cf3
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_amd64.deb
      Size/MD5: 174006 85eab7d6300451d9cb0a05f3b0b0955f

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5: 18732 ff99549d18b4f31a21522e042d87bba6
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5: 190000 0c037a6a429249d2e95f92152cce6233
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_i386.deb
      Size/MD5: 164928 e8aa9895eedcf46955a21a5b7114895c

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5: 25900 4018e7b12756dd292734e06641d9c215
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5: 208320 8445f174ede961f90c0634e786d3d549
    http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_powerpc.deb
      Size/MD5: 178750 b0db830818c196f815c0d26f161a7141

Updated packages for Ubuntu 5.10: