Package : xview
Vulnerability : buffer overflows
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0076
Erik Sjölund discovered that programs linked against xview
are vulnerable to a number of buffer overflows in the XView
library. When the overflow is triggered in a program which is
installed setuid root a malicious user could perhaps execute
arbitrary code as privileged user.
For the stable distribution (woody) these problems have been
fixed in version 3.2p1.4-16woody2.
For the unstable distribution (sid) these problems have been
fixed in version 3.2p1.4-19.
We recommend that you upgrade your xview packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : evolution
Vulnerability : integer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0102
BugTraq ID : 12354
Max Vozeler discovered an integer overflow in a helper
application inside of Evolution, a free grouware suite. A local
attacker could cause the setuid root helper to execute arbitrary
code with elevated privileges.
For the stable distribution (woody) this problem has been fixed
in version 1.0.5-1woody2.
For the unstable distribution (sid) this problem has been fixed
in version 2.0.3-1.2.
We recommend that you upgrade your evolution package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : mailman
Vulnerability : cross-site scripting, directory traversal
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1177 CAN-2005-0202
Two security related problems have been discovered in mailman,
web-based GNU mailing list manager. The Common Vulnerabilities and
Exposures project identifies the following problems:
CAN-2004-1177
Florian Weimer discovered a cross-site scripting vulnerability
in mailman's automatically generated error messages. An attacker
could craft an URL containing JavaScript (or other content embedded
into HTML) which triggered a mailman error page that would include
the malicious code verbatim.
CAN-2005-0202
Several listmasters have noticed unauthorised access to archives
of private lists and the list configuration itself, including the
users passwords. Administrators are advised to check the webserver
logfiles for requests that contain "/...../" and the path to the
archives or cofiguration. This does only seem to affect
installations running on web servers that do not strip slashes,
such as Apache 1.3.
For the stable distribution (woody) these problems have been
fixed in version 2.0.11-1woody9.
For the unstable distribution (sid) these problems have been
fixed in version 2.1.5-6.
We recommend that you upgrade your mailman package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Package : hztty
Vulnerability : privilege escalation
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0019
Erik Sjölund discovered that hztty, a converter for GB,
Big5 and zW/HZ Chinese encodings in a tty session, can be triggered
to execute arbitrary commands with group utmp privileges.
For the stable distribution (woody) this problem has been fixed
in version 2.0-5.2woody2.
For the unstable distribution (sid) this problem has been fixed
in version 2.0-6.1.
We recommend that you upgrade your hztty package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Product : Fedora Core 2
Name : mailman
Version : 2.1.5
Release : 8.fc2
Summary : Mailing list manager with built in Web access.
Description :
Mailman is software to help manage email discussion lists, much
like Majordomo and Smartmail. Unlike most similar products, Mailman
gives each mailing list a webpage, and allows users to subscribe,
unsubscribe, etc. over the Web. Even the list manager can
administer his or her list entirely from the Web. Mailman also
integrates most things people want to do with mailing lists,
including archiving, mail <-> news gateways, and so on.
Documentation can be found in: /usr/share/doc/mailman-2.1.5
Update Information:
There is a critical security flaw in Mailman 2.1.5 which will
allow attackers to read arbitrary files.
The extent of the vulnerability depends on what version of
Apache (httpd) you are running, and (possibly) how you have
configured your web server. It is believed the vulnerability is not
available when Mailman is paired with a version of Apache >=
2.0, however earlier versions of Apache, e.g. version 1.3, will
allow the exploit when executing a Mailman CGI script. All versions
of Fedora have shipped with the later 2.0 version of Apache and
thus if you are running a Fedora release you are not likely to be
vulnerable to the exploit unless you have explicitly downgraded the
version of your web server. However, installing this version of
mailman with a security patch represents a prudent safeguard.
This issue has been assigned CVE number CAN-2005-0202.
For additional piece of mind, it is recommended that you
regenerate your list member passwords. Instructions on how to do
this, and more information about this vulnerability are available
here:
Product : Fedora Core 3
Name : mailman
Version : 2.1.5
Release : 30.fc3
Summary : Mailing list manager with built in Web access.
Description :
Mailman is software to help manage email discussion lists, much
like Majordomo and Smartmail. Unlike most similar products, Mailman
gives each mailing list a webpage, and allows users to subscribe,
unsubscribe, etc. over the Web. Even the list manager can
administer his or her list entirely from the Web. Mailman also
integrates most things people want to do with mailing lists,
including archiving, mail <-> news gateways, and so on.
Documentation can be found in: /usr/share/doc/mailman-2.1.5
Update Information:
There is a critical security flaw in Mailman 2.1.5 which will
allow attackers to read arbitrary files.
The extent of the vulnerability depends on what version of
Apache (httpd) you are running, and (possibly) how you have
configured your web server. It is believed the vulnerability is not
available when Mailman is paired with a version of Apache >=
2.0, however earlier versions of Apache, e.g. version 1.3, will
allow the exploit when executing a Mailman CGI script. All versions
of Fedora have shipped with the later 2.0 version of Apache and
thus if you are running a Fedora release you are not likely to be
vulnerable to the exploit unless you have explicitly downgraded the
version of your web server. However, installing this version of
mailman with a security patch represents a prudent safeguard.
This issue has been assigned CVE number CAN-2005-0202.
For additional piece of mind, it is recommended that you
regenerate your list member passwords. Instructions on how to do
this, and more information about this vulnerability are available
here:
Product : Fedora Core 2
Name : mod_python
Version : 3.1.3
Release : 1.fc2.2
Summary : An embedded Python interpreter for the Apache Web
server.
Description :
Mod_python is a module that embeds the Python language interpreter
within the server, allowing Apache handlers to be written in
Python.
Mod_python brings together the versatility of Python and the
power of the Apache Web server for a considerable boost in
flexibility and performance over the traditional CGI approach.
Update Information:
Graham Dumpleton discovered a flaw affecting the publisher
handler of mod_python, used to make objects inside modules callable
via URL. A remote user could visit a carefully crafted URL that
would gain access to objects that should not be visible, leading to
an information leak. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the name CAN-2005-0088 to this issue.
This update includes a patch which fixes this issue.
* Mon Jan 31 2005 Joe Orton <<A
HREF="mailto:jorton@redhat.com">jorton@redhat.com>
3.1.3-1.fc2.2
Product : Fedora Core 3
Name : mod_python
Version : 3.1.3
Release : 5.2
Summary : An embedded Python interpreter for the Apache Web
server.
Description :
Mod_python is a module that embeds the Python language interpreter
within the server, allowing Apache handlers to be written in
Python.
Mod_python brings together the versatility of Python and the
power of the Apache Web server for a considerable boost in
flexibility and performance over the traditional CGI approach.
Update Information:
Graham Dumpleton discovered a flaw affecting the publisher
handler of mod_python, used to make objects inside modules callable
via URL. A remote user could visit a carefully crafted URL that
would gain access to objects that should not be visible, leading to
an information leak. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the name CAN-2005-0088 to this issue.
This update includes a patch which fixes this issue.
* Mon Jan 31 2005 Joe Orton <<A
HREF="mailto:jorton@redhat.com">jorton@redhat.com> 3.1.3-5.2
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
Fedora Legacy
Fedora Legacy Update Advisory
Synopsis: Updated abiword resolves security vulnerabilities
Advisory ID: FLSA:1906
Issue date: 2005-02-08
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=3D1906
CVE Names: CAN-2004-0645
1. Topic:
Updated abiword packages that fix a security vulnerability are
now available.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
3. Problem description:
AbiWord is a cross-platform, open-source word processor.
A buffer overflow in the wv library included in abiword allows
remote attackers to execute arbitrary code via a document with a
long DateTime field.
All users are advised to upgrade to these updated packages,
which contain a= =20
backported fix and are not vulnerable to this issue.
Fedora Legacy would like to thank Marc Deslauriers for reporting
this issue, and Dave Botsch and Marc Deslauriers and preparing
updated RPMs.
4. Solution:
Before applying this update, make sure all previously released
errata=20 relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
