Ayman Hourieh discovered that Drupal, a dynamic website platform,
performs insufficient input sanitising in the user module, which
might lead to cross-site scripting.
For the stable distribution (sarge) this problem has been fixed in
version 4.5.3-6.1sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 4.5.8-2.
If you are using the apt-get package manager, use the line for
sources.list as given below:
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on
its next update.
Tavis Ormandy from the Google Security Team discovered a missing
boundary check in ncompress, the original Lempel-Ziv compress and
uncompress programs, which allows a specially crafted datastream to
underflow a buffer with attacker controlled data.
For the stable distribution (sarge) this problem has been fixed in
version 4.2.4-15sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 4.2.4-15sarge2.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
You may use an automated update by adding the resources from the
footer to the proper configuration.
These files will probably be moved into the stable distribution on
its next update.
Some applications shipped with MIT Kerberos 5 are vulnerable to local
privilege escalation.
MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol. It is designed to provide strong authentication for
client/server applications by using secret-key cryptography.
Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked
calls to seteuid() in kftpd and in ksu, have been found in the MIT
Kerberos 5 program suite and may lead to a local root privilege
escalation.
A local attacker could exploit this vulnerability to execute arbitrary
code with elevated privileges.
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Warzone 2100 Resurrection server and client are vulnerable to separate
buffer overflows, potentially allowing remote code execution.
Warzone 2100 Resurrection is a real-time strategy game, developed by
Pumpkin Studios and published by Eidos Interactive.
Package / Vulnerable / Unaffected
1 games-strategy/warzone2100 <= 2.0.3 Vulnerable!
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
Luigi Auriemma discovered two buffer overflow vulnerabilities in
Warzone 2100 Resurrection. The recvTextMessage function of the Warzone
2100 Resurrection server and the NETrecvFile function of the client use
insufficiently sized buffers.
A remote attacker could exploit these vulnerabilities by sending
specially crafted input to the server, or enticing a user to load a
specially crafted file from a malicious server. This may result in the
execution of arbitrary code with the permissions of the user running
Warzone 2100 Resurrection.
Warzone 2100 Resurrection has been masked in Portage pending the
resolution of these issues. Warzone 2100 Resurrection players are
advised to uninstall the package until further notice:
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
libwmf is vulnerable to an integer overflow potentially resulting in
the execution of arbitrary code.
libwmf is a library for reading and converting vector images in
Microsoft's native Windows Metafile Format (WMF).
infamous41md discovered that libwmf fails to do proper bounds checking
on the MaxRecordSize variable in the WMF file header. This could lead
to an head-based buffer overflow.
By enticing a user to open a specially crafted WMF file, a remote
attacker could cause a heap-based buffer overflow and execute arbitrary
code with the permissions of the user running the application that uses
libwmf.
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
A format string vulnerability has been reported in Net::Server which
can be exploited to cause a Denial of Service.
Net::Server is an extensible, generic Perl server engine. It is used by
several Perl applications like Postgrey.
The log function of Net::Server does not handle format string
specifiers properly before they are sent to syslog.
By sending a specially crafted datastream to an application using
Net::Server, an attacker could cause a Denial of Service.
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Tavis Ormandy, of the Google Security Team, discovered that ncompress,
when uncompressing data, performed no bounds checking, which could
allow a specially crafted datastream to underflow a .bss buffer with
attacker controlled data.
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
1. Summary:
Updated elfutils packages that address a minor security issue and various
other issues are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
2. Relevant releases/architectures:
3. Problem description:
The elfutils packages contain a number of utility programs and libraries
related to the creation and maintenance of executable code.
The elfutils packages that originally shipped with Red Hat Enterprise Linux 4
were GPL-licensed versions which lacked some functionality. Previous
updates provided fully functional versions of elfutils only under the OSL
license. This update provides a fully functional, GPL-licensed version of
elfutils.
In the OSL-licensed elfutils versions provided in previous updates, some
tools could sometimes crash when given corrupted input files. (CVE-2005-1704)
Also, when the eu-strip tool was used to create separate debuginfo files
from relocatable objects such as kernel modules (.ko), the resulting
debuginfo files (.ko.debug) were sometimes corrupted. Both of these
problems are fixed in the new version.
Users of elfutils should upgrade to these updated packages, which resolve
these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory only contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
156342 - eu-strip mangles separate debuginfo with relocation sections
159888 - CVE-2005-1704 Integer overflow in libelf
186992 - Elfutils license upgrade
6. RPMs required:
