Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, November 27, 2006

Nov 28, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA-1219-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
November 27, 2006


Package : texinfo
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2005-3011 CVE-2006-4810
BugTraq ID : 14854 20959

Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output.

CVE-2005-3011
Handling of temporary files is performed in an insecure manner, allowing an attacker to overwrite any file writable by the victim.

CVE-2006-4810
A buffer overflow in util/texindex.c could allow an attacker to execute arbitrary code with the victim's access rights by inducing the victim to run texindex or tex2dvi on a specially crafted texinfo file.

For the stable distribution (sarge), these problems have been fixed in version 4.7-2.2sarge2 Note that binary packages for the mipsel architecture are not currently available due to technical problems with the build host. These packages will be made available as soon as possible.

For unstable (sid) and the upcoming stable release (etch), these problems have been fixed in version 4.8.dfsg.1-4

We recommend that you upgrade your texinfo package.

Upgrade instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian 3.1 (stable)


Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.dsc
      Size/MD5 checksum: 622 f146d738696417a3f14e04875066ef9a
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7.orig.tar.gz
      Size/MD5 checksum: 1979183 72a57e378efb9898c9e41ca839554dae
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.diff.gz
      Size/MD5 checksum: 10614 07a591b00a79ba8e2acf13d7654bf3e8

alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_alpha.deb
      Size/MD5 checksum: 207720 1fce59e479c10386d5bab3d8aec99ddd
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_alpha.deb
      Size/MD5 checksum: 884956 93a3606294fd0059390b7da3c5803a1a

amd64 architecture (AMD x86_64 (AMD64))

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_amd64.deb
      Size/MD5 checksum: 191308 035c9fb7bffa818819e6e104218d5911
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_amd64.deb
      Size/MD5 checksum: 863680 8300c746fbb75231a09229f32f57d126

arm architecture (ARM)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_arm.deb
      Size/MD5 checksum: 178812 d8781c075692500d4d6a799019697a72
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_arm.deb
      Size/MD5 checksum: 848862 4d31ba02e3004a5e290d6204ba402b19

hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_hppa.deb
      Size/MD5 checksum: 867668 934d2a72b73c4342066f1fba21c35fff
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_hppa.deb
      Size/MD5 checksum: 195122 07ea3515643ddb8dc29791802974ec40

i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_i386.deb
      Size/MD5 checksum: 846972 eb370f53f4db1681ead784353f6711c4
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_i386.deb
      Size/MD5 checksum: 179614 ee08c755b1eb00043173acfdae2420d7

ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_ia64.deb
      Size/MD5 checksum: 912350 c99196682ffe5436a1f99da332e77f91
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_ia64.deb
      Size/MD5 checksum: 229398 e9e6dca2f2250bd07c0605e393105339

m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_m68k.deb
      Size/MD5 checksum: 171354 93b5762ecf847bba77396f08b04e225e
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_m68k.deb
      Size/MD5 checksum: 838386 2d63f36ef81c84ae8bdad8f2be5f1797

mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_mips.deb
      Size/MD5 checksum: 197790 a4995ad93353790e9c65c1670013ee9d
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_mips.deb
      Size/MD5 checksum: 871394 33293634348c2de181f44a1cde80a296

powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_powerpc.deb
      Size/MD5 checksum: 858718 15af021f7fcc9f8725e6148fcbc7ea45
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_powerpc.deb
      Size/MD5 checksum: 190392 0ad24b055c5c6db61c81120a9a3931ee

s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_s390.deb
      Size/MD5 checksum: 190132 5d21d2dbfe5625f0a16a9016869ebd07
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_s390.deb
      Size/MD5 checksum: 862776 79880b6208371510574f131376c01097

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_sparc.deb
      Size/MD5 checksum: 179676 ff45ad02e7f8a92ce2c99225a3671f3e
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_sparc.deb
      Size/MD5 checksum: 849696 5ebdcaed10e4bf038162a6a937f1bc1a

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1220-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 26th, 2006 http://www.debian.org/security/faq


Package : pstotext
Vulnerability : insecure file name quoting
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-5869
Debian Bug : 356988

Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands.

For the stable distribution (sarge) this problem has been fixed in version 1.9-1sarge2. The build for the mipsel architecture is not yet available due to technical problems with the build host.

For the upcoming stable distribution (etch) this problem has been fixed in version 1.9-4.

For the unstable distribution (sid) this problem has been fixed in version 1.9-4.

We recommend that you upgrade your pstotext package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.dsc
      Size/MD5 checksum: 566 56e79abcf02e841e78267bda1faff734
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.diff.gz
      Size/MD5 checksum: 8857 4efb7277f17fca5ebd20573d93b11a83
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz
      Size/MD5 checksum: 37461 64576e8a10ff5514e285d98b3898ae78

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_alpha.deb
      Size/MD5 checksum: 34218 57b121ba1a0f5d53412ab5587c611d68

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_amd64.deb
      Size/MD5 checksum: 33872 cc72441f0565d8225ae1e97a7df34a82

ARM architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_arm.deb
      Size/MD5 checksum: 32532 9a3cf4674a2632ac1742551cb27cbe39

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_hppa.deb
      Size/MD5 checksum: 34492 f8a9db92d0ad4d81d58fcc6e763faf47

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_i386.deb
      Size/MD5 checksum: 32864 13c32d5164243e60e2ef00878c973c2f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_ia64.deb
      Size/MD5 checksum: 38038 dcfae670ad3dd9911d5085bcc177a8eb

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_m68k.deb
      Size/MD5 checksum: 31552 9dcd158543df00f1a13012647ec842bb

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_mips.deb
      Size/MD5 checksum: 34404 32922b44fef79abce8ca78587eb55453

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_powerpc.deb
      Size/MD5 checksum: 33636 75f0beb7494479f926c19a1f7e2b8297

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_s390.deb
      Size/MD5 checksum: 33218 096e0022136b767152d2da4a1563edc5

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_sparc.deb
      Size/MD5 checksum: 33246 5e47a79b9092cae3878294f49bf211c2

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200611-21

http://security.gentoo.org/


Severity: Low
Title: Kile: Incorrect backup file permission
Date: November 27, 2006
Bugs: #155613
ID: 200611-21


Synopsis

Kile uses default permissions for backup files, potentially leading to information disclosure.

Background

Kile is a TeX/LaTeX editor for KDE.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  app-editors/kile     < 1.9.2-r1                       >= 1.9.2-r1

Description

Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920.

Impact

A kile user may inadvertently grant access to sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Kile users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-editors/kile-1.9.2-r1"

References

[ 1 ] CVE-2005-1920

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200611-21.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: jbossas security update
Advisory ID: RHSA-2006:0743-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0743.html
Issue date: 2006-11-27
Updated on: 2006-11-27
Product: Red Hat Application Stack
CVE Names: CVE-2006-5750


1. Summary:

An updated jbossas package that corrects a security vulnerability is now available for Red Hat Application Stack.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - noarch
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - noarch

3. Problem description:

JBoss Application Server is a J2EE certified platform for developing and deploying enterprise Java applications, Web applications, and Portals.

Symantec discovered a flaw in the DeploymentFileRepository class of the JBoss Application Server. A remote attacker who is able to access the console manager could read or write to files with the permissions of the JBoss user. This could potentially lead to arbitrary code execution as the jboss user. (CVE-2006-5750)

For the Red Hat Application Stack, the jbossas service is not enabled by default. Once the jbossas service is enabled, the console manager will become accessible on port 8080. Although port 8080 will be blocked from outside access by the default Red Hat Enterprise Linux firewall rules, users should ensure that the console is not available publicly and is adequately protected by authentication as explained in the JBoss documentation. A correct configuration of the JBoss Application Server would mitigate this vulnerability to only being exploitable by users who have authorization to use the console manager.

All users of Red Hat Application Stack are advised to upgrade to these updated packages, which resolve the directory traversal issue with a backported patch.

These updated packages also contain a change to the default jbossas configuration file. For users installing Red Hat Application Stack for the first time, all JBoss Application Server network services, including the management consoles, will be restricted by default to localhost. No change is made for users upgrading previously installed jbossas packages.

Users who already have Red Hat Application Stack installed should check to make sure that they have correctly followed the security guidelines and that the management consoles are not accessible to unauthorized users.

Red Hat would like to thank Symantec for reporting this issue.

4. Solution:

Before applying this update, make sure that the jbossas service is not running and all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

215828 - CVE-2006-5750 JBoss Java Class DeploymentFileRepository Directory Traversal
216177 - JBossAS needs to be bound to localhost by default
216786 - Config files in the jbossas rpm should be marked accordingly

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/jbossas-4.0.4-1.el4s1.25.src.rpm
ddcee54695279bfa2bcc1e6dc272edc5 jbossas-4.0.4-1.el4s1.25.src.rpm

noarch:
edf562a2624881d8198f23bd3e61f443 jbossas-4.0.4-1.el4s1.25.noarch.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/jbossas-4.0.4-1.el4s1.25.src.rpm
ddcee54695279bfa2bcc1e6dc272edc5 jbossas-4.0.4-1.el4s1.25.src.rpm

noarch:
edf562a2624881d8198f23bd3e61f443 jbossas-4.0.4-1.el4s1.25.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5750
http://kbase.redhat.com/faq/FAQ_107_9629.shtm
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

rPath Linux

rPath Security Advisory: 2006-0218-1
Published: 2006-11-27
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect User Deterministic Unauthorized Access
Updated Versions: ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.4-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082
    https://issues.rpath.com/browse/RPL-811
    https://issues.rpath.com/browse/RPL-389

Description:

Previous versions of the ImageMagick package contained multiple vulnerabilities. Attacker-supplied malformed image files may allow arbitrary code execution as the running user.

rPath Security Advisory: 2006-0219-1
Published: 2006-11-27
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Indirect User Deterministic Unauthorized Access
Updated Versions: info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
install-info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
texinfo=/conary.rpath.com@rpl:devel//1/4.8-6.2-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
    https://issues.rpath.com/browse/RPL-810

Description:

Previous versions of the texinfo package can be caused to execute arbitrary code contained in an intentionally malformed texinfo file. These texinfo commands are often run automatically when building software packages.