Linux Today - Advisories, October 8, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, October 8, 2006

Advisories, October 8, 2006
Oct 9, 2006, 04 :30 UTC (0 Talkback[s]) (2610 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1192-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 6th, 2006 http://www.debian.org/security/faq

Package : mozilla
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
BugTraq ID : 20042

Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-2788

Fernando Ribeiro discovered that a vulnerability in the getRawDER functionallows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code.

CVE-2006-4340

Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

Priit Laes reported that that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site.

CVE-2006-4570

Georgi Guninski demonstrated that even with JavaScript disabled in mail (the default) an attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded.

CVE-2006-4571

Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge7.3.1.

We recommend that you upgrade your Mozilla package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1.dsc
      Size/MD5 checksum: 1131 d15b48d8e6d5bb470cffefdb98fd8c58
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1.diff.gz
      Size/MD5 checksum: 565099 9539b911c438e419cee16fdce5ccebb1
    http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
      Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a

Alpha architecture:

AMD64 architecture:

ARM architecture:

HP Precision architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200610-03

http://security.gentoo.org/

Severity: Normal
Title: ncompress: Buffer Underflow
Date: October 06, 2006
Bugs: #141728
ID: 200610-03

Synopsis

A buffer underflow vulnerability has been reported in ncompress allowing for the execution of arbitrary code.

Background

ncompress is a suite of utilities to create and extract Lempel-Ziff-Welch (LZW) compressed archives.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  app-arch/ncompress      < 4.2.4.1                      >= 4.2.4.1

Description

Tavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress.

Impact

An attacker could create a specially crafted LZW archive, that when decompressed by a user or automated system would result in the execution of arbitrary code with the permissions of the user invoking the utility.

Workaround

There is no known workaround at this time.

Resolution

All ncompress users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.1"

References

[ 1 ] CVE-2006-1168

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200610-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:180
http://www.mandriva.com/security/

Package : php
Date : October 5, 2006
Affected: 2006.0, 2007.0

Problem Description:

An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user.

Updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4812

Updated Packages:

Mandriva Linux 2006.0:
6ac30c43d712db9447f2be74ddfaa40a 2006.0/i586/libphp5_common5-5.0.4-9.15.20060mdk.i586.rpm
df476188754c1df5da3a86b91f8c1987 2006.0/i586/php-cgi-5.0.4-9.15.20060mdk.i586.rpm
6a2593131e09a34423b3cbfa74edab9b 2006.0/i586/php-cli-5.0.4-9.15.20060mdk.i586.rpm
20efe33389dbb5304d732d09dce04463 2006.0/i586/php-devel-5.0.4-9.15.20060mdk.i586.rpm
db440436a40b6f253d751714506a3e0d 2006.0/i586/php-fcgi-5.0.4-9.15.20060mdk.i586.rpm
f1e6029968873eeaf58659e6f8f56f0f 2006.0/SRPMS/php-5.0.4-9.15.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
82c8b4eb0e5bb855227846f6d3398bf9 2006.0/x86_64/lib64php5_common5-5.0.4-9.15.20060mdk.x86_64.rpm
bbd0ab99535516869b6e1eafdc4e13dd 2006.0/x86_64/php-cgi-5.0.4-9.15.20060mdk.x86_64.rpm
a27aaaf58e981e0d3cc118dec0c51f67 2006.0/x86_64/php-cli-5.0.4-9.15.20060mdk.x86_64.rpm
14388814a935ece2ca160d8423652dca 2006.0/x86_64/php-devel-5.0.4-9.15.20060mdk.x86_64.rpm
73de1863d4d02010b2061414d980e360 2006.0/x86_64/php-fcgi-5.0.4-9.15.20060mdk.x86_64.rpm
f1e6029968873eeaf58659e6f8f56f0f 2006.0/SRPMS/php-5.0.4-9.15.20060mdk.src.rpm

Mandriva Linux 2007.0:
af43f53c775a56613baa08becc0ffd8e 2007.0/i586/libphp5_common5-5.1.6-1.1mdv2007.0.i586.rpm
4a7616b81b7b44690d743fa731e10c77 2007.0/i586/php-cgi-5.1.6-1.1mdv2007.0.i586.rpm
a37c23311a003f8736ec0a3b3b29fa63 2007.0/i586/php-cli-5.1.6-1.1mdv2007.0.i586.rpm
c6d085ba649258ae2ab6d092be64cdff 2007.0/i586/php-devel-5.1.6-1.1mdv2007.0.i586.rpm
8b2e2ab58f18a242ff3d2bc44859d144 2007.0/i586/php-fcgi-5.1.6-1.1mdv2007.0.i586.rpm
f43ef0b533e7844b8320bbb2862a7a3e 2007.0/SRPMS/php-5.1.6-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
477c4dc57c253f33464a562ece238537 2007.0/x86_64/lib64php5_common5-5.1.6-1.1mdv2007.0.x86_64.rpm
0e437323d4dc15f9445de8991a9b69c9 2007.0/x86_64/php-cgi-5.1.6-1.1mdv2007.0.x86_64.rpm
75ffda1f5d0946401257f3f1f59c5c60 2007.0/x86_64/php-cli-5.1.6-1.1mdv2007.0.x86_64.rpm
30094b00441d0af123bc6170f7945ea4 2007.0/x86_64/php-devel-5.1.6-1.1mdv2007.0.x86_64.rpm
ed779aabad5448745c9ef23f0eab9d63 2007.0/x86_64/php-fcgi-5.1.6-1.1mdv2007.0.x86_64.rpm
f43ef0b533e7844b8320bbb2862a7a3e 2007.0/SRPMS/php-5.1.6-1.1mdv2007.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

rPath Linux

rPath Security Advisory: 2006-0182-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
php=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
php-mysql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
php-pgsql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3017
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486
    https://issues.rpath.com/browse/RPL-683

Description:

Previous versions of the php package contain multiple vulnerabilities, or weaknesses that may enable vulnerabilities in applications written in php. The most severe of these vulnerabilities may enable remote unauthorized access vulnerabilities, depending on the application or applications involved. Other vulnerabilities or weaknesses involve SQL injection attacks, cross-site scripting (XSS), information exposure, and denial of service vulnerabilities.

rPath Security Advisory: 2006-0183-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Deterministic Unauthorized Access
Updated Versions:
nss_ldap=/conary.rpath.com@rpl:devel//1/239-9.1-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170
    https://issues.rpath.com/browse/RPL-680

Description:

Previous versions of the nss_ldap package do not properly handle accounts locked using the PasswordPolicyResponse control response, allowing potential unauthorized access from locked accounts when systems are configured to use LDAP authentication. rPath Linux is not configured to use LDAP authentication by default.

rPath Security Advisory: 2006-0185-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
gnome-ssh-askpass=/conary.rpath.com@rpl:devel//1/4.4p1-0.1-1
openssh=/conary.rpath.com@rpl:devel//1/4.4p1-0.1-1
openssh-client=/conary.rpath.com@rpl:devel//1/4.4p1-0.1-1
openssh-server=/conary.rpath.com@rpl:devel//1/4.4p1-0.1-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4925
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
    https://issues.rpath.com/browse/RPL-681

Description:

Previous versions of the openssh package are vulnerable to a remote denial of service attack. They are also vulnerable to a minor information exposure attack that may expose valid usernames in some configurations.

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2006-0055

Package names: openldap, php, php4
Summary: Multiple vulnerabilities
Date: 2006-10-06
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2

Package description:
openldap
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. This package contains the slapd and slurpd servers, migration scripts, and related files.

php
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages.

php4
PHP4 is an HTML-embedded scripting language. PHP4 attempts to make it easy for developers to write dynamically generated web pages. PHP4 also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages.

Problem description:
openldap < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

SECURITY Fix: Howard Chu has reported a security issue in OpenLDAP, caused due to an error within the Access Control List processing. If a user has "selfwrite" access to an attribute, this can be exploited to modify arbitrary values of the attribute.

The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4600 to this issue.

php < TSL 3.0 > < TSL 2.2 >

SECURITY Fix: A vulnerability has been reported in PHP, caused due to an integer overflow within the "_ecalloc" function. This can potentially be exploited to execute arbitrary code via specially crafted requests if a PHP script allocates memory based on attacker supplied data.

The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4812 to this issue.

php4 < TSL 2.2 >

SECURITY Fix: A vulnerability has been reported in PHP, caused due to an integer overflow within the "_ecalloc" function. This can potentially be exploited to execute arbitrary code via specially crafted requests if a PHP script allocates memory based on attacker supplied data.

The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-4812 to this issue.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0055/>

MD5sums of the packages:

d80097d37fa888b41a18bd7a57ccbc9b 3.0/rpms/openldap-2.2.27-3tr.i586.rpm
c0362867bd4036abc54c699fdfe08760 3.0/rpms/openldap-devel-2.2.27-3tr.i586.rpm
e71cfc08fa0c418cfafdc334db9b4d1a 3.0/rpms/openldap-libs-2.2.27-3tr.i586.rpm
66faafb84e2ff6cd1fac6ea34264f9b5 3.0/rpms/openldap-servers-2.2.27-3tr.i586.rpm
a046fbb0717bc90dccc665e11630d0a7 3.0/rpms/openldap-utils-2.2.27-3tr.i586.rpm
69dfdf17c2faeaf941e4cf7430e4be3b 3.0/rpms/php-5.1.6-2tr.i586.rpm
1b3360646c40fc448bd83a81311a0339 3.0/rpms/php-calendar-5.1.6-2tr.i586.rpm
4eb18c44049c400071be4154f100a09b 3.0/rpms/php-cli-5.1.6-2tr.i586.rpm
38073428bc79f41ae58dc70415d70357 3.0/rpms/php-curl-5.1.6-2tr.i586.rpm
a70bab64590c1db7824ac020c46abfb4 3.0/rpms/php-dba-5.1.6-2tr.i586.rpm
5f720dd7edacf21f3b6752ed03d2e1b3 3.0/rpms/php-devel-5.1.6-2tr.i586.rpm
3a27940a8699368a8b46223ade2feefa 3.0/rpms/php-exif-5.1.6-2tr.i586.rpm
5a0452c2d37ff1f8ace2672dd1f4f00b 3.0/rpms/php-fcgi-5.1.6-2tr.i586.rpm
c97680a72955092128603eb6eee4040f 3.0/rpms/php-gd-5.1.6-2tr.i586.rpm
725e6c9831a1b3e1447f455a234a5ff0 3.0/rpms/php-imap-5.1.6-2tr.i586.rpm
e9e6471fd7961a67ed500db420048f94 3.0/rpms/php-ldap-5.1.6-2tr.i586.rpm
456fccfe4f722f49168aa8ae86abc5a4 3.0/rpms/php-mhash-5.1.6-2tr.i586.rpm
b396e7927654388d52e553833eba2631 3.0/rpms/php-mysql-5.1.6-2tr.i586.rpm
ae577271089f5f85510b49d5973cbee1 3.0/rpms/php-mysqli-5.1.6-2tr.i586.rpm
0209afbf207a556607d04085966c5555 3.0/rpms/php-pgsql-5.1.6-2tr.i586.rpm
23121b189f899f0aa6c0af87b4bd4967 3.0/rpms/php-pspell-5.1.6-2tr.i586.rpm
c3e5e6587c691ffa4204911cde208b55 3.0/rpms/php-snmp-5.1.6-2tr.i586.rpm
54440f3a46fda8ae9dde76f6fe1b2b65 3.0/rpms/php-xslt-5.1.6-2tr.i586.rpm
1a434c43b887e0eaf236f69df02b1666 3.0/rpms/php-zlib-5.1.6-2tr.i586.rpm

4630ca2d5a37012c816ea5b5031b2e95 2.2/rpms/openldap-2.1.30-6tr.i586.rpm
27f782c8102678ea0e1715cd69331067 2.2/rpms/openldap-devel-2.1.30-6tr.i586.rpm
a445426385a5472ec2af26086e39d05f 2.2/rpms/openldap-libs-2.1.30-6tr.i586.rpm
59ed3bb4109a0bc07d22eb32e87d2e06 2.2/rpms/openldap-servers-2.1.30-6tr.i586.rpm
5ff8d7729f81097ce29091f206bdfda9 2.2/rpms/openldap-utils-2.1.30-6tr.i586.rpm
e183e3af4afad3f60aa372ceb9b393d8 2.2/rpms/php-5.1.6-2tr.i586.rpm
3b88e2d2e7472e9ba5c9433847135c65 2.2/rpms/php-cli-5.1.6-2tr.i586.rpm
2a933212feb89a294c34318d4cd47b23 2.2/rpms/php-curl-5.1.6-2tr.i586.rpm
69a9638514ca4cf9752a95d52f9d4cd0 2.2/rpms/php-devel-5.1.6-2tr.i586.rpm
9ea02fc666fbb0debc5ac8d2480529fb 2.2/rpms/php-exif-5.1.6-2tr.i586.rpm
beb42ca22ccc1ce38ef3a16755b6e4c1 2.2/rpms/php-fcgi-5.1.6-2tr.i586.rpm
2bab3f6629b982eea87eeab200e47b60 2.2/rpms/php-gd-5.1.6-2tr.i586.rpm
6dec69c82312742ca6e7c3fa4771fed0 2.2/rpms/php-imap-5.1.6-2tr.i586.rpm
86fdd8b529914849e29f27e04a12737a 2.2/rpms/php-ldap-5.1.6-2tr.i586.rpm
16d4fc9461da95c0b4353fe28d37f7ee 2.2/rpms/php-mhash-5.1.6-2tr.i586.rpm
68f8320898a5b26df3e1c66830348df4 2.2/rpms/php-mysql-5.1.6-2tr.i586.rpm
8b1a8d9e467314a81bc3666f33e13ee7 2.2/rpms/php-mysqli-5.1.6-2tr.i586.rpm
5ec6b1fb211d3b5f17cffea84fbe02d7 2.2/rpms/php-pgsql-5.1.6-2tr.i586.rpm
7bfa50e5e10285f3d7401578d5dd21e1 2.2/rpms/php-zlib-5.1.6-2tr.i586.rpm
b1338d652fb22fe74eb2cbb446f0fbce 2.2/rpms/php4-4.4.4-3tr.i586.rpm
d5ba89d26196954e4d2ae6b1ba9396bf 2.2/rpms/php4-cli-4.4.4-3tr.i586.rpm
a9dfb7a215a91eed5613a539f88838fb 2.2/rpms/php4-curl-4.4.4-3tr.i586.rpm
8890c8df2df88cc499b2c78d12b72048 2.2/rpms/php4-devel-4.4.4-3tr.i586.rpm
3735f7aac3f7245cf868b1e265f09269 2.2/rpms/php4-domxml-4.4.4-3tr.i586.rpm
e92cc45f199b50976dcd05195031f0b0 2.2/rpms/php4-exif-4.4.4-3tr.i586.rpm
665783060d3c94580d74560f69a9aa49 2.2/rpms/php4-fcgi-4.4.4-3tr.i586.rpm
78c34d163e9f6c6e4ce06def985e8748 2.2/rpms/php4-gd-4.4.4-3tr.i586.rpm
b79bfadb979b0e360595e1effb3f0851 2.2/rpms/php4-imap-4.4.4-3tr.i586.rpm
8c37697edcdff82d513d4d22729b9be2 2.2/rpms/php4-ldap-4.4.4-3tr.i586.rpm
52d56ed1b8bac18a91bc639d179a0656 2.2/rpms/php4-mhash-4.4.4-3tr.i586.rpm
1e3b41a46af4506048bbf962a3a1a78d 2.2/rpms/php4-mysql-4.4.4-3tr.i586.rpm
ec7d2c0ef5d8894f2f0faa892d59a3d0 2.2/rpms/php4-pgsql-4.4.4-3tr.i586.rpm
8d416d025cf74b3f3eea0362cfa5e592 2.2/rpms/php4-test-4.4.4-3tr.i586.rpm

Trustix Security Team

Ubuntu

Ubuntu Security Notice USN-359-1 October 06, 2006
python2.3, python2.4 vulnerability
CVE-2006-4980

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:

python2.3 2.3.5-2ubuntu0.3
python2.4-minimal 2.4.1-0ubuntu0.2

Ubuntu 5.10:

python2.3 2.3.5-8ubuntu0.2
python2.4-minimal 2.4.2-1ubuntu0.2

Ubuntu 6.06 LTS:

python2.3-dbg 2.3.5-9ubuntu1.2
python2.4-minimal 2.4.3-0ubuntu6

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Benjamin C. Wiley Sittler discovered that Python's repr() function did not properly handle UTF-32/UCS-4 strings. If an application uses repr() on arbitrary untrusted data, this could be exploited to execute arbitrary code with the privileges of the python application.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.5-2ubuntu0.3.diff.gz
      Size/MD5: 2357500 bea365d1d6c98d54a2ba2c1300253cf9
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.5-2ubuntu0.3.dsc
      Size/MD5: 1152 b8b1b1a1ff18ddb962f059fe836bb370
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
      Size/MD5: 8512566 9c35e5ca3c487e1c1f70f2fb1ccbfffe
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.1-0ubuntu0.2.diff.gz
      Size/MD5: 2601919 042484bbb7dc5a2e03d6997de0f2a398
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.1-0ubuntu0.2.dsc
      Size/MD5: 1141 1bcd362ffbac62716bb34a1dd2f043b4
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.1.orig.tar.gz
      Size/MD5: 9205762 0475655d5c6f7919fc977c42c1103af8