dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories: Feburary 28, 2005

Mar 01, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 690-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 25th, 2005 http://www.debian.org/security/faq


Package : bsmtpd
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0107

Bastian Blank a vulnerability in bsmtpd, a batched SMTP mailer for sendmail and postfix. Unsanitised addresses can cause the execution of arbitrary commands during alleged mail delivery.

For the stable distribution (woody) this problem has been fixed in version 2.3pl8b-12woody1.

For the unstable distribution (sid) this problem has been fixed in version 2.3pl8b-16.

We recommend that you upgrade your bsmtpd package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1.dsc
Size/MD5 checksum: 580 a52f31e37ed84f6c77334d42b285d327
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1.diff.gz
Size/MD5 checksum: 16757 25feec8311fd898c59a187c048876331
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b.orig.tar.gz
Size/MD5 checksum: 21212 d474faf9252f6ba381a57bb2f1aaf48d

Alpha architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_alpha.deb
Size/MD5 checksum: 34626 7e8281efce33079aa51426283369e1fd

ARM architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_arm.deb
Size/MD5 checksum: 32010 4d74ca73f494c8d6babf2c58b100b06b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_i386.deb
Size/MD5 checksum: 30210 22fa9205cfd747abf64a1974efc25900

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_ia64.deb
Size/MD5 checksum: 39420 ebe934e628a84dd653b7f3f5c8d3db50

HP Precision architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_hppa.deb
Size/MD5 checksum: 33990 9b9252f3347b7e26e6057b655f6dfe1f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_m68k.deb
Size/MD5 checksum: 29404 1cd6143691b6f8c30d899e9a05db1be4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_mips.deb
Size/MD5 checksum: 32212 902f889f98881692e24c5cac80ac2046

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_mipsel.deb
Size/MD5 checksum: 32270 8df7c0f9206a297352fe27ec2ed7aa10

PowerPC architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_powerpc.deb
Size/MD5 checksum: 32036 05b57cae1bd29bae629836608ba6c6e1

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_s390.deb
Size/MD5 checksum: 31982 25e56d69999ad2023e97952dd64a6471

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_sparc.deb
Size/MD5 checksum: 34962 f29ca8fd647fe459e173f1ed68b80d49

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-171
2005-02-25

Product : Fedora Core 2
Name : gaim
Version : 1.1.4
Release : 0.FC2
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers.


Update Information:

This update resolves another DoS issue in parsing malformed HTML, and a MSN related crash that folks were hitting often.


  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com> 1:1.1.4-0.FC2
    • FC2
  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com> 1:1.1.4-1
    • 1.1.4 with MSN crash fix, g_stat() crash workaround

      CAN-2005-0208 Gaim HTML parsing DoS (another one)

  • Tue Feb 22 2005 Warren Togami <wtogami@redhat.com> 1:1.1.3-4
    • Test fixes for #149190 and #149304

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

6214fefe3f0d1963fe8a18d4bb0d1728 SRPMS/gaim-1.1.4-0.FC2.src.rpm
6d46e456110af368feb2671666be4576 x86_64/gaim-1.1.4-0.FC2.x86_64.rpm
d7fbdffb081e6bf463d8e09e027d8f02 x86_64/debug/gaim-debuginfo-1.1.4-0.FC2.x86_64.rpm
5440e0ef5ff96f16fa13a0580c1842aa i386/gaim-1.1.4-0.FC2.i386.rpm
6fccc876878f0566bffdc16d4ec2c1e5 i386/debug/gaim-debuginfo-1.1.4-0.FC2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-172
2005-02-25

Product : Fedora Core 3
Name : gaim
Version : 1.1.4
Release : 0.FC3
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers.


Update Information:

This update resolves another DoS issue in parsing malformed HTML, and a MSN related crash that folks were hitting often.


  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com> 1:1.1.4-0.FC3
    • FC3
  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com> 1:1.1.4-1
    • 1.1.4 with MSN crash fix, g_stat() crash workaround

      CAN-2005-0208 Gaim HTML parsing DoS (another one)

  • Tue Feb 22 2005 Warren Togami <wtogami@redhat.com> 1:1.1.3-4
    • Test fixes for #149190 and #149304

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

69048a51ec8001285f5be7ec48635ca1 SRPMS/gaim-1.1.4-0.FC3.src.rpm
865a0dd9e293e68fa16cee836e59fcb9 x86_64/gaim-1.1.4-0.FC3.x86_64.rpm
92ad90314af9b036dca2cf18365daf60 x86_64/debug/gaim-debuginfo-1.1.4-0.FC3.x86_64.rpm
255f546347b43c21d9d5d8f5d81b7c16 i386/gaim-1.1.4-0.FC3.i386.rpm
11256b0dd8026e9d9f639d039d271331 i386/debug/gaim-debuginfo-1.1.4-0.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:2336
Issue date: 2005-02-24
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2336
CVE Names: CAN-2004-0177 CAN-2004-0685 CAN-2004-0814 CAN-2004-0883 CAN-2004-0949 CAN-2004-1016 CAN-2004-1017 CAN-2004-1056 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073 CAN-2004-1074 CAN-2004-1137 CAN-2004-1234 CAN-2004-1235 CAN-2005-0001



1. Topic:

Updated kernel packages that fix several security issues are now available.

The Linux kernel handles the basic functions of the operating system.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

This update includes fixes for several security issues:

The ext3 code in kernels before 2.4.26 did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0177 to this issue.

Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685)

Multiple race conditions in the terminal layer could allow local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread. This could also allow remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. (CAN-2004-0814)

Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949)

ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). (CAN-2004-1016)

Multiple overflows were discovered and corrected in the io_edgeport driver. (CAN-2004-1017)

The Direct Rendering Manager (DRM) driver does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. (CAN-2004-1056)

A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. (CAN-2004-1068)

Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use these flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073, CAN-2004-1074)

ISEC security research discovered multiple vulnerabilities in the IGMP functionality of the kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. (CAN-2004-1137)

Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). (CAN-2004-1234)

iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. (CAN-2004-1235)

iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. (CAN-2005-0001)

All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To install kernel packages manually, use "rpm -ivh <package>" and modify system settings to boot the kernel you have installed. To do this, edit /boot/grub/grub.conf and change the default entry to "default=0" (or, if you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and run lilo)

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

Note that this may not automatically pull the new kernel in if you have configured apt/yum to ignore kernels. If so, follow the manual instructions above.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2336 - Kernel bugs

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm

i586:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm

i586:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm

i586:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm

i686:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm

athlon:
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm

7. Verification:

SHA1 sum Package Name


7900b4d4608f6f23f1b19f8545a67bd733493c65 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm
dad7ced597c96a258e11d0de8437356ac82e40f3 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm
caea6cb5c96897341c71e023e71d90b1b01bdde9 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm
ffe552201b6bfdc5359596ae901bc249a365cec6 redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm
4be06cfe9783c4d045fbfff4774e50f308fa6934 redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm
7d4b1b49e292ade40eb1f14e89338ae8df014981 redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm
6a17058770d6e6c2b8706232d1ceb60866b36ab0 redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm
b8e1b78b834e48ec35906b3924eb2bd12a33e4d6 redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm
55e2477c5ddd3934c2bfbc770ff0df7cce44a6a0 redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm
c923851d4e460a672891db11bbc98089189a5a93 redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm
dfcf9626635256e898e9696b7c8e58d826069be4 redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm
f4620b08ec8e2ae3973d5b3e555893ab3a7ce340 redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm
2d6d73763d1d7631b61c40b8093757466dd24cd7 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm
7b1f8f93eb586ae3fbe834670801d45b999700c2 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm
8d472f8c69a624b310758472c7f387c258f73c02 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm
618c079b5c9336a0bf0c4e7342616c001eea5f15 redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm
dcc66fd50b44cdb55c543d2d0496de595e627d7a redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm
d092d4efcc10b605fdf9724c5bd65560811063c4 redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm
d99388a8d0f9b0b7e19aa61d25399dc4e5489427 redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm
ccfaec93e1a5145ec9d91f0d3e7eeab19a3a81a4 redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm
75e49f1b57037546407f3631a3c5f75fb2d671ee redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm
c7b63e8f26ccb8a237a5918d50e04b112e13f700 redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm
f1e82fb01bcf318ee1e6d48ac3119ee8caa6be11 redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm
d11209f3d111ed3e633662c5f651772f11282f8e redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm
91df569f7f98a976f2686628c9a45160c8f730c6 fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm
1ef2868a7a990521a080925ca81981cafa676258 fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm
5b093d72e5f7398f3b829c6ce557eb9817042732 fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm
b66170a9431426138e454ddec7f3b98ec45a10fb fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm
4c5895f14271a8b5bc6e5489c053fba1f96e71f8 fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm
a358e368bea67f2cbbf32a6a1c9242e1cd7dffeb fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm
c16b6217ac2ade811576e303a7eb1ddc0214d692 fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm
d307317b04336c289cddde005e11c30b188119cb fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm
3b0301c812ad4379c6eb7bbd7970ab4f9602b37c fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm
d14e7971299e22a38cdeee145028d797ea477a1c fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200502-30

http://security.gentoo.org/


Severity: Low
Title: cmd5checkpw: Local password leak vulnerability
Date: February 25, 2005
Bugs: #78256
ID: 200502-30


Synopsis

cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.

Background

cmd5checkpw is a checkpassword compatible authentication program that uses CRAM-MD5 authentication mode.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  net-mail/cmd5checkpw     <= 0.22-r1                    >= 0.22-r2

Description

Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp(), so the invoked program retains the cmd5checkpw euid.

Impact

Local users that know at least one valid /etc/poppasswd user/password combination can read the /etc/poppasswd file.

Workaround

There is no known workaround at this time.

Resolution

All cmd5checkpw users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200502-30.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

LBA-Linux


LBA-Linux Security Advisory

Subject: Updated emacs package for LBA-Linux R2
Advisory ID: LBASA-2005:4
Date: Sunday, February 27, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-21.3-10.lba.5.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-common-21.3-10.lba.5.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-el-21.3-10.lba.5.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-leim-21.3-10.lba.5.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-nox-21.3-10.lba.5.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named emacs to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated xemacs package for LBA-Linux R2
Advisory ID: LBASA-2005:5
Date: Sunday, February 27, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/xemacs-21.4.15-1.lba.3.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/xemacs-el-21.4.15-1.lba.3.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/xemacs-info-21.4.15-1.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named xemacs to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated postgresql package for LBA-Linux R2
Advisory ID: LBASA-2005:6
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0227
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

CAN-2005-0244
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

CAN-2005-0245
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CAN-2005-0247.

CAN-2005-0246
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.

CAN-2005-0247
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CAN-2005-0245.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-contrib-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-devel-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-docs-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-jdbc-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-libs-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-pl-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-python-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-server-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-tcl-7.4.1-1.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-test-7.4.1-1.lba.4.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named postgresql to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated mailman package for LBA-Linux R2
Advisory ID: LBASA-2005:7
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0202
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mailman-2.1.4-2.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named mailman to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated mysql package for LBA-Linux R2
Advisory ID: LBASA-2005:8
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0004
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-3.23.58-7.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-bench-3.23.58-7.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-devel-3.23.58-7.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-server-3.23.58-7.lba.4.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named mysql to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated enscript package for LBA-Linux R2
Advisory ID: LBASA-2005:9
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

CAN-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

CAN-2004-1186
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/enscript-1.6.1-25.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named enscript to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1186

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated unarj package for LBA-Linux R2
Advisory ID: LBASA-2005:10
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-0947
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

CAN-2004-1027
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/unarj-2.63a-5.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named unarj to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1027

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated zip package for LBA-Linux R2
Advisory ID: LBASA-2005:11
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-1010
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/zip-2.3-20.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named zip to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated iptables package for LBA-Linux R2
Advisory ID: LBASA-2005:12
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-0986
iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/iptables-1.2.9-2.3.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/iptables-devel-1.2.9-2.3.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/iptables-ipv6-1.2.9-2.3.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named iptables to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated imap package for LBA-Linux R2
Advisory ID: LBASA-2005:13
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0198
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Updated packages:

LBA-Linux R2:

i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/imap-2002d-3.lba.2.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/imap-devel-2002d-3.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named imap to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater's main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0198

Copyright(c) 2001-2005 SOT

Ubuntu Linux


Ubuntu Security Notice USN-85-1 February 25, 2005
gaim vulnerabilities
CAN-2005-0208, CAN-2005-0472, CAN-2005-0473

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. (CAN-2005-0208, CAN-2005-0473)

Another lack of sufficient input validation was found in the "Oscar" protocol handler which is used for ICQ and AIM. By sending specially crafted packets, remote users could trigger an infinite loop in Gaim which caused Gaim to become unresponsive and hang. (CAN-2005-0472)

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2.diff.gz
Size/MD5: 42432 088aa80f79950d5efa7f6afc29d2915e
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2.dsc
Size/MD5: 853 66848ad2c5b6ef2c136e8419d9c84e72
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2_amd64.deb
Size/MD5: 3444018 f829005df6031fa36622e04bcb30968e

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2_i386.deb
Size/MD5: 3354146 f85b4b98fc5bc04fe494a5303f225967

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2_powerpc.deb
Size/MD5: 3417968 614a7816b433efb292944822479661b1