Package : cscope
Vulnerability : buffer overflows
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-4262
Debian Bug : 385893
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code.
For the stable distribution (sarge) this problem has been fixed in
version cscope_15.5-1.1sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 15.5+cvs20060902-1.
We recommend that you upgrade your cscope package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : migrationtools
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-0512
Debian Bug : 338920
Jason Hoover discovered that migrationtools, a collection of scripts
to migrate user data to LDAP creates several temporary files insecurely,
which might lead to denial of service through a symlink attack.
For the stable distribution (sarge) this problem has been fixed in
version 46-1sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 46-2.1.
We recommend that you upgrade your migrationtools package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Previous versions of the openssl package are vulnerable to multiple
attacks. Three of the vulnerabilities are denials of service,
but the other is a buffer overflow that is expected to create
remote unauthorized access vulnerabilities in other applications.
In particular, any connection that the mysql daemon will accept
may be vulnerable. In the default configuration of mysql, that
would be a local unauthorized access vulnerability, but mysql can
be configured to listen for network connections from remote hosts,
which would then enable remote unauthorized access. Any program
that calls the SSL_get_shared_ciphers() function may be vulnerable.
29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.
rPath Security Advisory: 2006-0176-1
Published: 2006-09-29
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Local Deterministic Privilege Escalation
Updated Versions: openldap=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
openldap-clients=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
openldap-servers=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
Previous versions of the openldap package contain a slapd daemon
which allows remote authenticated users with selfwrite Access
Control List (ACL) privileges to modify arbitrary Distinguished
Names (DN), a privilege escalation vulnerability.
Slackware Linux
[slackware-security] openssl (SSA:2006-272-01)
New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix security issues.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to shared libraries from openssl-0.9.7l.
See openssl package update below.
(* Security fix *)
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to openssl-0.9.7l.
This fixes a few security related issues:
During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
A buffer overflow was discovered in the SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer.
(CVE-2006-3738)
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a malicious
server, that server could cause the client to crash (CVE-2006-4343).
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
Links to the CVE entries will be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
(* Security fix *)
+--------------------------+
HINT: Getting slow download speeds from ftp ftp.slackware.com?
Give slackware.osuosl.org/ a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz:
Upgraded to openssh-4.4p1.
This fixes a few security related issues. From the release notes found at
http://www.openssh.com/txt/release-4.4:
Fix a pre-authentication denial of service found by Tavis Ormandy,
that would cause sshd(8) to spin until the login grace time
expired.
Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote.
On portable OpenSSH, fix a GSSAPI authentication abort that could
be used to determine the validity of usernames on some platforms.
HINT: Getting slow download speeds from ftp ftp.slackware.com?
Give slackware.osuosl.org/ a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Package names: openssh, openssl
Summary: Multiple vulnerabilities
Date: 2006-09-29
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
Package description:
openssh
Ssh (Secure Shell) is a program for logging into a remote machine and
for executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
openssl
A C library that provides various crytographic algorithms and
protocols, including DES, RC4, RSA, and SSL. Includes shared libraries.
SECURITY Fix: Tavis Ormandy of Google Security Team has reported a
vulnerability in OpenSSH, which can be exploited by malicious people
to cause a DoS. If ssh protocol 1 is enabled, this can be exploited
to cause a DoS due to CPU consumption by sending specially crafted
ssh packets.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the names CVE-2006-4924 to this issue.
openssl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
New Upstream.
SECURITY Fix: Dr. S. N. Henson has discovered vulnerabilities in
OpenSSL which could be exploited by attackers to cause denial of
service.
During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory.
Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack.
Tavis Ormandy and Will Drewry of the Google Security Team has
discovered the following two vulnerabilities in OpenSSL :
Fix buffer overflow in SSL_get_shared_ciphers() utility function
which could allow an attacker to send a list of ciphers to an
application that uses it and overrun a buffer.
A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a
malicious server, that server could cause the client to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738
and CVE-2006-4343 to these issues.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
