dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Security Digest: January 5, 2005

Jan 06, 2005, 05:00 (0 Talkback[s])

Conectiva Linux


CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : mplayer
SUMMARY : Fixes for mplayer vulnerabilities
DATE : 2005-01-05 08:59:00
ID : CLA-2005:910
RELEVANT RELEASES : 9, 10


DESCRIPTION
MPlayer[1] is a multimedia player that supports several video and audio codecs.

iDEFENSE[2] found a buffer overflow vulnerability[3] due to an error in dynamically allocating memory and further investigation by mplayer team found more vulnerabilities. This announcement fixes these vulnerabilities.

SOLUTION
It is recommended that all mplayer users upgrade to the latest packages.

REFERENCES
1.http://mplayerhq.hu/
2.http://www.idefense.com/
3.http://www.idefense.com/application/poi/display?id=166

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/mplayer-1.0pre6-73507U10_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mplayer-1.0pre6-73507U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mplayer-doc-1.0pre6-73507U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mplayer-skins-1.0pre6-73507U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/mplayer-0.92-28594U90_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mplayer-0.92-28594U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mplayer-doc-0.92-28594U90_2cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200501-01

http://security.gentoo.org/


Severity: Normal
Title: LinPopUp: Buffer overflow in message reply
Date: January 04, 2005
Bugs: #74705
ID: 200501-01


Synopsis

LinPopUp contains a buffer overflow potentially allowing execution of arbitrary code.

Background

LinPopUp is a graphical application that acts as a frontend to Samba client messaging functions, allowing a Linux desktop to communicate with a Microsoft Windows computer that runs Winpopup.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  net-im/linpopup     < 2.0.4-r1                        >= 2.0.4-r1

Description

Stephen Dranger discovered that LinPopUp contains a buffer overflow in string.c, triggered when replying to a remote user message.

Impact

A remote attacker could craft a malicious message that, when replied using LinPopUp, would exploit the buffer overflow. This would result in the execution of arbitrary code with the privileges of the user running LinPopUp.

Workaround

There is no known workaround at this time.

Resolution

All LinPopUp users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/linpopup-2.0.4-r1"

References

[ 1 ] CAN-2004-1282

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1282

[ 2 ] Stephen Dranger Advisory

http://tigger.uic.edu/~jlongs2/holes/linpopup.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-02

http://security.gentoo.org/


Severity: Normal
Title: a2ps: Insecure temporary files handling
Date: January 04, 2005
Bugs: #75784
ID: 200501-02


Synopsis

The fixps and psmandup scripts in the a2ps package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

Background

a2ps is an Any to Postscript filter that can convert to Postscript from many filetypes. fixps is a script that fixes errors in Postscript files. psmandup produces a Postscript file for printing in manual duplex mode.

Affected packages


     Package        /  Vulnerable  /                        Unaffected

  1  app-text/a2ps     < 4.13c-r2                          >= 4.13c-r2

Description

Javier Fernandez-Sanguino Pena discovered that the a2ps package contains two scripts that create insecure temporary files (fixps and psmandup).

Impact

A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixps or psmandup is executed, this would result in the file being overwritten with the rights of the user running the utility.

Workaround

There is no known workaround at this time.

Resolution

All a2ps users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/a2ps-4.13c-r2"

References

[ 1 ] Secunia SA13641

http://secunia.com/advisories/13641/

[ 2 ] CAN-2004-1170

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-03

http://security.gentoo.org/


Severity: Normal
Title: Mozilla, Firefox, Thunderbird: Various vulnerabilities
Date: January 05, 2005
Bugs: #76112, #68976, #70749
ID: 200501-03


Synopsis

Various vulnerabilities were found and fixed in Mozilla-based products, ranging from a potential buffer overflow and temporary files disclosure to anti-spoofing issues.

Background

Mozilla is a popular web browser that includes a mail and newsreader. Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation browser and mail client from the Mozilla project.

Affected packages


     Package                  /  Vulnerable  /              Unaffected


1 mozilla < 1.7.5 >= 1.7.5 2 mozilla-bin < 1.7.5 >= 1.7.5 3 mozilla-firefox < 1.0 >= 1.0 4 mozilla-firefox-bin < 1.0 >= 1.0 5 mozilla-thunderbird < 0.9 >= 0.9 6 mozilla-thunderbird-bin < 0.9 >= 0.9 ------------------------------------------------------------------- 6 affected packages on all of their supported architectures.

Description

Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow in the handling of NNTP URLs. Furthermore, Martin (from ptraced.net) discovered that temporary files in recent versions of Mozilla-based products were sometimes stored world-readable with predictable names. The Mozilla Team also fixed a way of spoofing filenames in Firefox's "What should Firefox do with this file" dialog boxes and a potential information leak about the existence of local filenames.

Impact

A remote attacker could craft a malicious NNTP link and entice a user to click it, potentially resulting in the execution of arbitrary code with the rights of the user running the browser. A local attacker could leverage the temporary file vulnerability to read the contents of another user's attachments or downloads. A remote attacker could also design a malicious web page that would allow to spoof filenames if the user uses the "Open with..." function in Firefox, or retrieve information on the presence of specific files in the local filesystem.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-1.7.5"

All Mozilla binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-bin-1.7.5"

All Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0"

All Firefox binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0"

All Thunderbird users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-0.9"

All Thunderbird binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-0.9"

References

[ 1 ] isec.pl Advisory

http://isec.pl/vulnerabilities/isec-0020-mozilla.txt

[ 2 ] Martin (from ptraced.net) Advisory

http://broadcast.ptraced.net/advisories/008-firefox.thunderbird.txt

[ 3 ] Secunia Advisory SA13144

http://secunia.com/advisories/13144/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-04

http://security.gentoo.org/


Severity: Normal
Title: Shoutcast Server: Remote code execution
Date: January 05, 2005
Bugs: #75482
ID: 200501-04


Synopsis

Shoutcast Server contains a possible buffer overflow that could lead to the execution of arbitrary code.

Background

Shoutcast Server is Nullsoft's streaming audio server. It runs on a variety of platforms, including Linux, and is extremely popular with Internet broadcasters.

Affected packages


     Package                           /   Vulnerable   /   Unaffected

  1  media-sound/shoutcast-server-bin      <= 1.9.4-r1        >= 1.9.5

Description

Part of the Shoutcast Server Linux binary has been found to improperly handle sprintf() parsing.

Impact

A malicious attacker could send a formatted URL request to the Shoutcast Server. This formatted URL would cause either the server process to crash, or the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Shoutcast Server users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-sound/shoutcast-server-bin-1.9.5"

References

[ 1 ] BugTraq Announcement

http://www.securityfocus.com/archive/1/385350

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-04.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Debian GNU/Linux


Debian Security Advisory DSA 625-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 5th, 2004 http://www.debian.org/security/faq


Package : pcal
Vulnerability : buffer overflows
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-1289
Debian Bug : 287039

Danny Lungstrom discovered two buffer overflows in pcal, a program to generate Postscript calendars, that could lead to the execution of arbitrary code when compiling a calendar.

For the stable distribution (woody) these problems have been fixed in version 4.7-8woody1.

For the unstable distribution (sid) these problems have been fixed in version 4.8.0-1.

We recommend that you upgrade your pcal package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1.dsc
Size/MD5 checksum: 567 084db6ff500acb07787520fbe64fe55c
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1.diff.gz
Size/MD5 checksum: 9241 dfead422c9e896806a1f3d6bf27906cd
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7.orig.tar.gz
Size/MD5 checksum: 244559 1c3a5694c465e702795ba53dbbb1f412

Alpha architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_alpha.deb
Size/MD5 checksum: 124958 4bd681850f08a22ff4e2b409c74d34fc

ARM architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_arm.deb
Size/MD5 checksum: 110892 01e26a1ae460e156debbc26f2657048a

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_i386.deb
Size/MD5 checksum: 107250 a487a36516ae170cab2c60370352b4ad

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_ia64.deb
Size/MD5 checksum: 139992 66232d332593c1b9a1b1bdbe839f3327

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_hppa.deb
Size/MD5 checksum: 121282 ee138b5220ff6caf4f6ecd30f4539037

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_m68k.deb
Size/MD5 checksum: 104702 e9930289c67b6d611e51ef954724f5b4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_mips.deb
Size/MD5 checksum: 119802 1ea25df3c512c07249fff7b6e2d08ad9

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_mipsel.deb
Size/MD5 checksum: 119766 d3c55f4e572337088ebe5cc2753e2a20

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_powerpc.deb
Size/MD5 checksum: 116472 034b734141ee6804d4b2f54fbba70724

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_s390.deb
Size/MD5 checksum: 109908 76455e1b97a3ba92aafcdee086916f98

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_sparc.deb
Size/MD5 checksum: 112900 a705775dedf8d2918f1016d884db48ad

These files will probably be moved into the stable distribution on its next update.


Debian Security Advisory DSA 624-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 5th, 2004 http://www.debian.org/security/faq


Package : zip
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1010

A buffer overflow has been discovered in zip, the archiver for .zip files. When doing recursive folder compression the program did not check the resulting path length, which would lead to memory being overwritten. A malicious person could convince a user to create an archive containing a specially crafted path name, which could lead to the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in version 2.30-5woody2.

For the unstable distribution (sid) this problem has been fixed in version 2.30-8.

We recommend that you upgrade your zip package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2.dsc
Size/MD5 checksum: 563 6591a439c2d018f0ac27956eb798a235
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2.diff.gz
Size/MD5 checksum: 17849 800ce2d42e7b980b3678e07af5370c18
http://security.debian.org/pool/updates/main/z/zip/zip_2.30.orig.tar.gz
Size/MD5 checksum: 728636 9426b2042139de1f112f271ebdcb0ff0

Alpha architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_alpha.deb
Size/MD5 checksum: 126748 7cf6bdf363740b74f1870045974a56e5

ARM architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_arm.deb
Size/MD5 checksum: 92916 16cd350936aa0af3ea96f281d51a7593

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_i386.deb
Size/MD5 checksum: 88770 e5418be39ba5b40385cf410305c244ec

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_ia64.deb
Size/MD5 checksum: 147144 12c28325afdf27f027c949f035b73423

HP Precision architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_hppa.deb
Size/MD5 checksum: 100354 9e40bc0998846233c5a659be5203eba1

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_m68k.deb
Size/MD5 checksum: 85306 e7ad986d4c81a64bf9ad1779af36cb35

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mips.deb
Size/MD5 checksum: 110088 32a6fd4fad18a252793398230d0681d7

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mipsel.deb
Size/MD5 checksum: 109978 b380dd0331e6e04bd6293d2914f4f5de

PowerPC architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_powerpc.deb
Size/MD5 checksum: 93960 c958e82d88be4f29d69918359a6d26b7

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_s390.deb
Size/MD5 checksum: 90742 62f27d6e6860a6790c76ebf270e4b349

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_sparc.deb
Size/MD5 checksum: 107756 588c6c0288dbdb2272fc3a6a6e3e9855

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates mainbr> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/mainbr> Mailing list: debian-security-announce@lists.debian.orgbr> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>