dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


SuSE Security Announcement: sgmltool

May 04, 2001, 15:00 (0 Talkback[s])
From:     Sebastian Krahmer <krahmer@suse.de>
Subject:  [suse-security-announce] SuSE Security Announcement: sgmltool
Date:     04 May 2001 14:54:28 +0200



___________________________________________________________________________

                        SuSE Security Announcement

        Package:                sgmltool-1.0.9-266
        Announcement-ID:        SuSE-SA:2001:16
        Date:                   Friday, May  4th, 14:55:35 CEST 2001
        Affected SuSE versions: 6.3, 6.4, 7.0, 7.1
        Vulnerability Type:     local fileaccess problem
        Severity (1-10):        2
        SuSE default package:   yes
        Other affected systems: All UN*X systems using this package

    Content of this advisory:
        1) security vulnerability resolved: sgmltool
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

____________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information


    The sgmltool programs ("sgml2html" and others) are used to convert
    SGML-files into various other formats.

    During operation, the underlying SGML perlmodule creates temporary files
    in an insecure way. This allows attackers to destroy arbitrary files owned
    by the user who invoked the sgmltool program. The problem has been fixed
    by creating temporary files with the exclusive (O_EXCL) option upon
    opening them.


    Download the update package from locations desribed below and install
    the package with the command `rpm -Uhv file.rpm'. The md5sum for each
    file is in the line below. You can verify the integrity of the rpm
    files using the command
        `rpm --checksig --nogpg file.rpm',
    independently from the md5 signatures below.


    i386 Intel Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/sgm1/sgmltool-1.0.9-302.i386.rpm
      bdedaefb82dc2bb8ff0a522607b80ac3
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/sgmltool-1.0.9-302.src.rpm
      dc5612aa475c5d6dcaaeee86e6bf985f

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/sgm1/sgmltool-1.0.9-301.i386.rpm
      916953307d466d3bd8d26fb0655ce55a
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/sgmltool-1.0.9-301.src.rpm
      5e11b85a494e1033ee2a83839cb296fe

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/sgm1/sgmltool-1.0.9-300.i386.rpm
      a489acc5c3dce4c44915e47b3ee64790
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/sgmltool-1.0.9-300.src.rpm
      efdb6b08988b689127600a954ebe2e2f

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/sgm1/sgmltool-1.0.9-300.i386.rpm
      9c1e5da161b67248935cbc7f485dfd40
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/sgmltool-1.0.9-300.src.rpm
      a2deae294821e73ed24429636b20ed2a



    Sparc Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/sgm1/sgmltool-1.0.9-283.sparc.rpm
      b3e0ec269392fb3d77c37cc698f77d16
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/sgmltool-1.0.9-283.src.rpm
      eb80b6efe08f40139ec181fed7ccc832

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/sgm1/sgmltool-1.0.9-284.sparc.rpm
      8312ac046de5df7a47008dba32f1a7e8
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/sgmltool-1.0.9-284.src.rpm
      a7e48214ae01f4f720240c1204120927



    AXP Alpha Platform:

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/sgm1/sgmltool-1.0.9-283.alpha.rpm
      06348dc4b669098d80bc16a8cc836123
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/sgmltool-1.0.9-283.src.rpm
      c7c7ff5507f7a510d615235323f9f636

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/sgm1/sgmltool-1.0.9-281.alpha.rpm
      ee6bb4dd45c90ba716f0d825fba7bbca
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/sgmltool-1.0.9-281.src.rpm
      44366d7edcace3448a606aff0c73026f

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/sgm1/sgmltool-1.0.9-281.alpha.rpm
      2c2450e3dfdde9066269add9cfb0757b
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/sgmltool-1.0.9-281.src.rpm
      66a9d60866a5ebbb2e0682a2056f2528



    PPC Power PC Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sgm1/sgmltool-1.0.9-216.ppc.rpm
      01bda0ee0edfa1e1036d27b2bb3de352
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/sgmltool-1.0.9-216.src.rpm
      1c6668d3ccc1b27bb3d5a4f84b308323

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/sgm1/sgmltool-1.0.9-216.ppc.rpm
      e9b7161fe3a10624790ce65d9909165d
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/sgmltool-1.0.9-216.src.rpm
      15b8204b9378f8e833e6bac263bbacdd

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/sgm1/sgmltool-1.0.9-216.ppc.rpm
      6af30c53d022866df5dd69ae053eeeea
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/sgmltool-1.0.9-216.src.rpm
      35aa3ab2a86498c5e6ad145c0c7e378a



____________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - Marcus Meissner (Caldera) found a bug in KDE 2.1.*'s kdesu program
      which allows attackers to gather private information. This is due to
      insecure local filehandling by the kdesu program. Please update to
      the newest packages.

    - minicom
      format string vulnerabilities have been found in the minicom package.
      If /usr/bin/minicom is installed suid, the vulnerability may be
      exploited to gain elevated privileges. Please note that this is not
      the case in SuSE distributions. If you decided to make /usr/bin/minicom
      suid uucp or even suid root, please make sure that you grant access to
      the execution of minicom to trusted users only.


    - cfingerd
      The package has been found vulnerable to a remotely exploitable
      weakness. SuSE Linux distributions do not ship this version of
      fingerd.


    - webmin
      Insecure handling of temporary files has been found in webmin, a
      comprehensive administration webinterface. SuSE distributions do not
      contain the webmin package and therefore are not vulnerable to the
      found vulnerabilities by default. We urge administrators who use
      webmin to upgrade to the latest version of webmin available.


    - gnupg/gpg, openssl
      Several weaknesses have been found in gnupg/gpg that can reduce the
      strength of encrypted data. We will provide updates for the gnupg/gpg
      package. The updates are currently being tested.

____________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                .

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                .

    For general information or the frequently asked questions (faq)
    send mail to:
         or
         respectively.

    ===============================================
    SuSE's security contact is .
    ===============================================

Regards,
Sebastian Krahmer

____________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.