|
|
| Top White Papers
Current Newswire:
Advisories, September 26, 2006Sep 27, 2006, 03:45 (0 Talkback[s])Debian GNU/LinuxDebian Security Advisory DSA 1184-2 security@debian.org Package : kernel-source-2.6.8 This advisory covers the S/390 components of the recent security update for the Linux 2.6.8 kernel that was missing due to technical problems. For reference below please see the original advisory text. Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-2660 Toshihiro Iwamoto discovered a memory leak in the handling of direct I/O writes that allows local users to cause a denial of service. CVE-2005-4798 A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service. CVE-2006-1052 Stephen Smalley discovered a bug in the SELinux ptrace handling that allows local users with ptrace permissions to change the tracer SID to the SID of another process. CVE-2006-1343 Pavel Kankovsky discovered an information leak in the getsockopt system call which can be exploited by a local program to leak potentially sensitive memory to userspace. CVE-2006-1528 Douglas Gilbert reported a bug in the sg driver that allows local users to cause a denial of service by performing direct I/O transfers from the sg driver to memory mapped I/O space. CVE-2006-1855 Mattia Belletti noticed that certain debugging code left in the process management code could be exploited by a local attacker to cause a denial of service. CVE-2006-1856 Kostik Belousov discovered a missing LSM file_permission check in the readv and writev functions which might allow attackers to bypass intended access restrictions. CVE-2006-2444 Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service. CVE-2006-2446 A race condition in the socket buffer handling allows remote attackers to cause a denial of service. CVE-2006-2935 Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD or USB storage device to execute arbitrary code. CVE-2006-2936 A bug in the serial USB driver has been discovered that could be exploited by a custom made USB serial adapter to consume arbitrary amounts of memory. CVE-2006-3468 James McKenzie discovered a denial of service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. CVE-2006-3745 Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges. CVE-2006-4093 Olof Johansson discovered that the kernel did not disable the HID0 bit on PowerPC 970 processors which could be exploited by a local attacker to cause a denial of service. CVE-2006-4145 A bug in the Universal Disk Format (UDF) filesystem driver could be exploited by a local user to cause a denial of service. CVE-2006-4535 David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system using via an SCTP socket with a certain SO_LINGER value. The following matrix explains which kernel version for which architecture fixes the problem mentioned above:
Due to some internal problems kernel packages for the S/390 are missing and will be provided later. For the unstable distribution (sid) these problems have been fixed in version 2.6.18-1. We recommend that you upgrade your kernel package and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Upgrade Instructions wget url will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge Source archives: http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge5.dsc Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge5_all.deb IBM S/390 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge5_s390.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> Gentoo LinuxGentoo Linux Security Advisory GLSA 200609-14 Severity: Normal SynopsisMultiple buffer overflows have been discovered in ImageMagick, which could potentially result in the execution of arbitrary code. BackgroundImageMagick is a free software suite to manipulate, convert, and create many image formats. Affected packages
Package / Vulnerable / Unaffected
1 media-gfx/imagemagick < 6.2.9.5 >= 6.2.9.5 DescriptionTavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder. Damian Put discovered a heap overflow in the SGI image decoder. ImpactAn attacker may be able to create a specially crafted image that, when processed with ImageMagick, executes arbitrary code with the privileges of the executing user. WorkaroundThere is no known workaround at this time. ResolutionAll ImageMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.2.9.5"
References[ 1 ] CVE-2006-3743 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3743 [ 2 ] CVE-2006-3744 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3744 [ 3 ] CVE-2006-4144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4144 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200609-14.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Gentoo Linux Security Advisory GLSA 200609-15 Severity: Normal SynopsisGnuTLS fails to handle excess data which could allow an attacker to forge a PKCS #1 v1.5 signature. BackgroundGnuTLS is an implementation of SSL 3.0 and TLS 1.0. Affected packages
Package / Vulnerable / Unaffected
1 net-libs/gnutls < 1.4.4 >= 1.4.4 Descriptionverify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. ImpactRemote attackers could forge PKCS #1 v1.5 signatures that are signed with an RSA key, preventing GnuTLS from correctly verifying X.509 and other certificates that use PKCS. WorkaroundThere is no known workaround at this time. ResolutionAll GnuTLS users should update both packages:
# emerge --sync
# emerge --update --ask --verbose ">=net-libs/gnutls-1.4.4"
References[ 1 ] CVE-2006-4790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4790 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200609-15.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Gentoo Linux Security Advisory GLSA 200609-16 Severity: High SynopsisTikiwiki contains a cross-site scripting (XSS) vulnerability as well as a second vulnerability which may allow remote execution of arbitrary code. BackgroundTikiwiki is a web-based groupware and content management system, developed with PHP, ADOdb and Smarty. Affected packages
Package / Vulnerable / Unaffected
1 www-apps/tikiwiki < 1.9.5 >= 1.9.5 DescriptionA vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of tiki-searchindex.php. ImpactAn attacker could execute arbitrary code with the rights of the user running the web server by uploading a file and executing it via a filepath parameter. The XSS could be exploited to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser. WorkaroundThere is no known workaround at this time. ResolutionAll Tikiwiki users should upgrade to the latest version:
# emerge --sync
# emerge --oneshot --verbose --ask ">=www-apps/tikiwiki-1.9.5"
References[ 1 ] CVE-2006-4299 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4299 [ 2 ] CVE-2006-4602 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4602 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200609-16.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 Red Hat LinuxRed Hat Security Advisory Synopsis: Moderate: squirrelmail security update 1. Summary: A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - noarch 3. Problem description: SquirrelMail is a standards-based webmail package written in PHP. A dynamic variable evaluation flaw was found in SquirrelMail. Users who have an account on a SquirrelMail server and are logged in could use this flaw to overwrite variables which may allow them to read or write other users' preferences or attachments. (CVE-2006-4019) Users of SquirrelMail should upgrade to this erratum package, which contains SquirrelMail 1.4.8 to correct this issue. This package also contains a number of additional patches to correct various bugs. Note: After installing this update, users are advised to restart their httpd service to ensure that the new version functions correctly. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 192236 - [Squirrelmail] sqspell_config.php not listed as a
config file 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: noarch: Red Hat Desktop version 3: SRPMS: noarch: Red Hat Enterprise Linux ES version 3: SRPMS: noarch: Red Hat Enterprise Linux WS version 3: SRPMS: noarch: Red Hat Enterprise Linux AS version 4: SRPMS: noarch: Red Hat Enterprise Linux Desktop version 4: SRPMS: noarch: Red Hat Enterprise Linux ES version 4: SRPMS: noarch: Red Hat Enterprise Linux WS version 4: SRPMS: noarch: These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. rPath LinuxrPath Security Advisory: 2006-0173-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2198 Description: Previous versions of the openoffice.org packages are susceptible to several vulnerabilities, including a denial of service (application crash) and a user-complicit unauthorized access attack that enables an attacker to cause arbitrary code to be run. These versions are not susceptible to CVE-2006-2199 because Java is not enabled in those builds. Because Java support could not be disabled in the initial release of OpenOffice.org 2.0.3, and because Java support is not included within rPath Linux 1, this update was delayed until non-Java builds were re-enabled in OpenOffice.org. SUSE LinuxSUSE Security Announcement Package: gzip Content of This Advisory:
1) Problem Description and Brief Discussion The gzip tool does not handle some specific values correctly when unpacking archives. This leads to vulnerabilities like buffer overflows or infinite loops. Various different programs like mail clients, file explorer, etc. use gzip and if a user can be deveived to unpack the archive of an attacker these bugs can lead to remote system compromise. Thanks to Tavis Ormandy, Google Security Team for informing us about this issue. 2) Solution or Work-Around The is no work-around known. 3) Special Instructions and Notes none 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: SUSE LINUX 10.0: SUSE LINUX 9.3: SUSE LINUX 9.2: Power PC Platform: SUSE LINUX 10.1: SUSE LINUX 10.0: x86-64 Platform: SUSE LINUX 10.1: SUSE LINUX 10.0: SUSE LINUX 9.3: SUSE LINUX 9.2: Sources: SUSE LINUX 10.1: SUSE LINUX 10.0: SUSE LINUX 9.3: SUSE LINUX 9.2: Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/c9a04465aadc28a00f8e67df4a55f059.html 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information
For general information or the frequently asked questions (FAQ), send mail to <suse-security-info@suse.com> or <suse-security-faq@suse.com>. SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below. The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID
0 Talkback[s]
(click to add your comment)
|
