:Advisories, December 11, 2006
Advisories, December 11, 2006 0 Talkback[s]
Gentoo Linux
http://security.gentoo.org/
Severity: Normal
The Resolution proposed in the original version of this Security
Advisory did not correctly address the issue for users who also have
GnuPG 1.9 installed.
The corrected sections appear below.
All GnuPG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose "=app-crypt/gnupg-1.4*"
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-03.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: Normal
ModPlug contains several boundary errors that could lead to buffer
overflows resulting in the possible execution of arbitrary code.
ModPlug is a library for playing MOD-like music.
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp.
A remote attacker can entice a user to read crafted modules or ITP
files, which may trigger a buffer overflow resulting in the execution
of arbitrary code with the privileges of the user running the
application.
There is no known workaround at this time.
All ModPlug users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8-r1"
[ 1 ] CVE-2006-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4192
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-04.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: High
Multiple vulnerabilities have been identified in Mozilla Thunderbird.
Mozilla Thunderbird is a popular open-source email client from the
Mozilla Project.
It has been identified that Mozilla Thunderbird improperly handles
Script objects while they are being executed, allowing them to be
modified during execution. JavaScript is disabled in Mozilla
Thunderbird by default. Mozilla Thunderbird has also been found to be
vulnerable to various potential buffer overflows. Lastly, the binary
release of Mozilla Thunderbird is vulnerable to a low exponent RSA
signature forgery issue because it is bundled with a vulnerable version
of NSS.
An attacker could entice a user to view a specially crafted email that
causes a buffer overflow and again executes arbitrary code or causes a
Denial of Service. An attacker could also entice a user to view an
email containing specially crafted JavaScript and execute arbitrary
code with the rights of the user running Mozilla Thunderbird. It is
important to note that JavaScript is off by default in Mozilla
Thunderbird, and enabling it is strongly discouraged. It is also
possible for an attacker to create SSL/TLS or email certificates that
would not be detected as invalid by the binary release of Mozilla
Thunderbird, raising the possibility for Man-in-the-Middle attacks.
There is no known workaround at this time.
Users upgrading to the following releases of Mozilla Thunderbird should
note that this version of Mozilla Thunderbird has been found to not
display certain messages in some cases.
</br>
</br> All Mozilla Thunderbird users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.8"
All Mozilla Thunderbird binary release users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.8"
[ 1 ] CVE-2006-5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462
[ 2 ] CVE-2006-5463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463
[ 3 ] CVE-2006-5464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464
[ 4 ] CVE-2006-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747
[ 5 ] CVE-2006-5748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748
[ 6 ] Mozilla Thunderbird Email Loss Bug
https://bugzilla.mozilla.org/show_bug.cgi?id=360409
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-06.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: High
Multiple vulnerabilities have been identified in the SeaMonkey project.
The SeaMonkey project is a community effort to deliver
production-quality releases of code derived from the application
formerly known as 'Mozilla Application Suite'.
The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode
execution and arbitrary code execution.
An attacker could entice a user to load malicious JavaScript or a
malicious web page with a SeaMonkey application and execute arbitrary
code with the rights of the user running those products. It is
important to note that in the SeaMonkey email client, JavaScript is
disabled by default.
There is no known workaround at this time.
All SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.6"
[ 1 ] CVE-2006-5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462
[ 2 ] CVE-2006-5463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463
[ 3 ] CVE-2006-5464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464
[ 4 ] CVE-2006-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747
[ 5 ] CVE-2006-5748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-08.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: High
MadWifi is vulnerable to a buffer overflow that could potentially lead
to the remote execution of arbitrary code with root privileges.
MadWifi (Multiband Atheros Driver for Wireless Fidelity) provides a
Linux kernel device driver for Atheros-based Wireless LAN devices.
Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer
overflow in the encode_ie() and the giwscan_cb() functions from
ieee80211_wireless.c.
A remote attacker could send specially crafted wireless WPA packets
containing malicious RSN Information Headers (IE) that could
potentially lead to the remote execution of arbitrary code as the root
user.
There is no known workaround at this time.
All MadWifi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/madwifi-ng-0.9.2.1"
[ 1 ] CVE-2006-6332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-09.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: Normal
Tar is vulnerable to directory traversal possibly allowing for the
overwriting of arbitrary files.
The Tar program provides the ability to create and manipulate tar
archives.
Tar does not properly extract archive elements using the GNUTYPE_NAMES
record name, allowing files to be created at arbitrary locations using
symlinks. Once a symlink is extracted, files after the symlink in the
archive will be extracted to the destination of the symlink.
An attacker could entice a user to extract a specially crafted tar
archive, possibly allowing for the overwriting of arbitrary files on
the system extracting the archive.
There is no known workaround at this time.
All Tar users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/tar-1.16-r2"
[ 1 ] CVE-2006-6097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-10.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:226http://www.mandriva.com/security/
Package : squirrelmail
Problem Description:
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail
1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web
script or HTML via the (1) mailto parameter in (a) webmail.php, the (2)
session and (3) delete_draft parameters in (b) compose.php, and (4)
unspecified vectors involving "a shortcoming in the magicHTML filter."
Updated packages are patched to address these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142
Updated Packages:
Corporate 3.0:
Corporate 3.0/X86_64:
Corporate 4.0:
Corporate 4.0/X86_64:
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
Mandriva Linux Security Advisory MDKSA-2006:227http://www.mandriva.com/security/
Package : kdegraphics
Problem Description:
Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics3,
as used by konqueror, digikam, and other KDE image browsers, allows
remote attackers to cause a denial of service (stack consumption) via a
crafted EXIF section in a JPEG file, which results in an infinite
recursion.
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6297
Updated Packages:
Mandriva Linux 2007.0:
Mandriva Linux 2007.0/X86_64:
Corporate 3.0:
Corporate 3.0/X86_64:
Corporate 4.0:
Corporate 4.0/X86_64:
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
