Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, August 13, 2006

Aug 14, 2006, 04:30 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1150-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 12th, 2006 http://www.debian.org/security/faq


Package : shadow
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-2194
BugTraq ID : 18849

A bug has been discovered in several packages that execute teh setuid() system call without checking for sucess when trying to drop privileges, which may fail with some PAM configurations.

For the stable distribution (sarge) this problem has been fixed in version 4.0.3-31sarge8.

For the unstable distribution (sid) this problem has been fixed in version 4.0.17-2.

We recommend that you upgrade your passwd package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3-31sarge8.dsc
      Size/MD5 checksum: 839 41bfb3755b2ce8757503ddacdc16ce2e
    http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3-31sarge8.diff.gz
      Size/MD5 checksum: 1319891 37ff81fdb6257fd5fbf0dac750994a17
    http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3.orig.tar.gz
      Size/MD5 checksum: 1045704 b52dfb2e5e8d9a4a2aae0ca1b266c513

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_alpha.deb
      Size/MD5 checksum: 592990 fc32b98aaa86270b24ffcbcc628c6b53
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_alpha.deb
      Size/MD5 checksum: 693290 df12c75d0cb8a4ed74cf3d9b9a42b544

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_amd64.deb
      Size/MD5 checksum: 583790 a6fa0e91cff19cce477ffa2ef9c15a51
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_amd64.deb
      Size/MD5 checksum: 598818 bd00af826eb416d84a806d3b85aae20a

ARM architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_arm.deb
      Size/MD5 checksum: 573182 ff4ee5cfa0a41db6b0d3828b85791eb1
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_arm.deb
      Size/MD5 checksum: 524146 b3163af303b9325b8b3fbd17847d5510

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_i386.deb
      Size/MD5 checksum: 575962 da7d31edbc2ae8efa062efceb7412403
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_i386.deb
      Size/MD5 checksum: 528482 674bc0f5a55b5a9c089776946881912e

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_ia64.deb
      Size/MD5 checksum: 602812 6d5bf5529766f141197e06526ad89e03
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_ia64.deb
      Size/MD5 checksum: 757510 ee72e952ae6a72ad1bb43926736fc524

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_hppa.deb
      Size/MD5 checksum: 583126 6a6fe662ce9b70b105445287f7de8350
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_hppa.deb
      Size/MD5 checksum: 573358 52982450016009a1d105026df2ed9476

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_m68k.deb
      Size/MD5 checksum: 571880 95318dd38be1768f37870ef76772d468
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_m68k.deb
      Size/MD5 checksum: 512466 84bb5dfc7a00b48331d16135659ce4b1

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_mips.deb
      Size/MD5 checksum: 588494 9fe712af58492605236207221ca86cbf
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_mips.deb
      Size/MD5 checksum: 656588 bcc61369a7b7d26c0f2deae3fcea169b

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_mipsel.deb
      Size/MD5 checksum: 587674 9d4ab58720cbeff9e77ca5e543092cfd
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_mipsel.deb
      Size/MD5 checksum: 654250 1ddb102ea0773af194c5ac4198d91b14

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_powerpc.deb
      Size/MD5 checksum: 583558 43a88fc71b1d49d0fa369008f683bf6a
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_powerpc.deb
      Size/MD5 checksum: 565848 cb039cc1d7d3b3b2197336b246a005a4

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_s390.deb
      Size/MD5 checksum: 583082 d2bc93a93d9c8d558e9928267ebcbf36
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_s390.deb
      Size/MD5 checksum: 578882 983719b3c73ce360585e49a38ba2f2e1

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_sparc.deb
      Size/MD5 checksum: 575736 1d138fefdee9b5714f002ec0dd56b7f7
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_sparc.deb
      Size/MD5 checksum: 532128 96efe104eae8a228474a5d456c3b2907

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory [UPDATE] GLSA 200511-12:03

http://security.gentoo.org/


Severity: High
Title: Scorched 3D: Multiple vulnerabilities
Date: November 15, 2005
Updated: August 10, 2006
Bugs: #111421
ID: 200511-12:03


Update

The previous versions of Scorched3D contain several vulnerabilities and had been masked in the Portage Tree. The version 40 which solves these issues has just been introduced into Portage.

The updated sections appear below.

Affected packages


     Package                    /  Vulnerable  /            Unaffected

  1  games-strategy/scorched3d       <= 39.1                     >= 40

Resolution

All Scorched 3D users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=games-strategy/scorched3d-40"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200511-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200608-19

http://security.gentoo.org/


Severity: Normal
Title: WordPress: Privilege escalation
Date: August 10, 2006
Bugs: #142142
ID: 200608-19


Synopsis

A flaw in WordPress allows registered WordPress users to elevate privileges.

Background

WordPress is a PHP and MySQL based multiuser blogging system.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  www-apps/wordpress       < 2.0.4                         >= 2.0.4

Description

The WordPress developers have confirmed a vulnerability in capability checking for plugins.

Impact

By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact depends on the configuration of WordPress and may range from trivial to critical, possibly even the execution of arbitrary PHP code.

Workaround

There is no known workaround at this time.

Resolution

All WordPress users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.4"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-19.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Trustix Secure Linux


Trustix Secure Linux Security Advisory #2006-0046

Package names: clamav, kernel
Summary: Multiple vulnerabilities
Date: 2006-08-11
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0


Package description:
clamav
Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with package, which you can use with your own software. Most importantly, the virus database is kept up to date .

kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Problem description:
clamav < TSL 3.0 > < TSL 2.2 >

  • New Upstream.
  • SECURITY Fix: Damian Put has discovered a vulnerability in ClamAV, which is caused due to an boundary error in the "pefromupx()" function in libclamav/upx.c when unpacking PE executable files compressed with UPX. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX compressed file.

The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4018 this issue.

kernel < TSL 3.0 >

  • New upstream.
  • SECURITY FIX: Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2006-3468 to this issue.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0046/>

MD5sums of the packages:


8ef80d50fdc0515d1faa429bbb921a2a 3.0/rpms/clamav-0.88.4-1tr.i586.rpm
163a3be6371898f5d6079ab20ca1c75b 3.0/rpms/clamav-devel-0.88.4-1tr.i586.rpm
3bdda169b31eb2d551cb3e072d01fa04 3.0/rpms/kernel-2.6.17.8-1tr.i586.rpm
db24646f5d08d98c992173c9712af557 3.0/rpms/kernel-doc-2.6.17.8-1tr.i586.rpm
e08c6244d967e8546548a19ff730ded7 3.0/rpms/kernel-headers-2.6.17.8-1tr.i586.rpm
f7e60992fc4b3cad1f794a17c025bc66 3.0/rpms/kernel-smp-2.6.17.8-1tr.i586.rpm
ce1b43791152a32388a28ca8e0bc0e17 3.0/rpms/kernel-smp-headers-2.6.17.8-1tr.i586.rpm
6cf8e6eb7017672dbf885d853fc642e3 3.0/rpms/kernel-source-2.6.17.8-1tr.i586.rpm
8c16f9d4e0cf85d6193b73f2ca64cd44 3.0/rpms/kernel-utils-2.6.17.8-1tr.i586.rpm

a95fb6d4ba24539b9538f117b62d7143 2.2/rpms/clamav-0.88.4-1tr.i586.rpm
5e371e6fe5b9a48406948c4c05ea0c6e 2.2/rpms/clamav-devel-0.88.4-1tr.i586.rpm


Trustix Security Team