dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories: March 1, 2005

Mar 02, 2005, 04:45 (0 Talkback[s])

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200502-33

http://security.gentoo.org/


Severity: Low
Title: MediaWiki: Multiple vulnerabilities
Date: February 28, 2005
Bugs: #80729, #82954
ID: 200502-33


Synopsis

MediaWiki is vulnerable to cross-site scripting, data manipulation and security bypass attacks.

Background

MediaWiki is a collaborative editing software, used by big projects like Wikipedia.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  www-apps/mediawiki      < 1.3.11                        >= 1.3.11

Description

A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code does not sufficiently sanitize input parameters.

Impact

By tricking a user to load a carefully crafted URL, a remote attacker could hijack sessions and authentication cookies to inject malicious script code that will be executed in a user's browser session in context of the vulnerable site, or use JavaScript submitted forms to perform restricted actions. Using the image deletion flaw, it is also possible for authenticated administrators to delete arbitrary files via directory traversal.

Workaround

There is no known workaround at this time.

Resolution

All MediaWiki users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.3.11"

References

[ 1 ] Secunia Advisory SA14125

http://secunia.com/advisories/14125/

[ 2 ] CAN-2005-0534

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0534

[ 3 ] CAN-2005-0535

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0535

[ 4 ] CAN-2005-0536

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0536

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200502-33.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-01

http://security.gentoo.org/


Severity: Normal
Title: Qt: Untrusted library search path
Date: March 01, 2005
Bugs: #75181
ID: 200503-01


Synopsis

Qt may load shared libraries from an untrusted, world-writable directory, resulting in the execution of arbitrary code.

Background

Qt is a cross-platform GUI toolkit used by KDE.

Affected packages


     Package      /  Vulnerable  /                          Unaffected

  1  x11-libs/qt     < 3.3.4-r2                            >= 3.3.4-r2

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that Qt searches for shared libraries in an untrusted, world-writable directory.

Impact

A local attacker could create a malicious shared object that would be loaded by Qt, resulting in the execution of arbitrary code with the privileges of the Qt application.

Workaround

There is no known workaround at this time.

Resolution

All Qt users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r2"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-02

http://security.gentoo.org/


Severity: Normal
Title: phpBB: Multiple vulnerabilities
Date: March 01, 2005
Bugs: #82955
ID: 200503-02


Synopsis

Several vulnerabilities allow remote attackers to gain phpBB administrator rights or expose and manipulate sensitive data.

Background

phpBB is an Open Source bulletin board package.

Affected packages


     Package         /  Vulnerable  /                       Unaffected

  1  www-apps/phpBB      < 2.0.13                            >= 2.0.13

Description

It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the "Enable remote avatars" and "Enable avatar uploading" options are set (CAN-2005-0259). He also found out that incorrect input validation in "usercp_avatar.php" and "usercp_register.php" makes phpBB vulnerable to directory traversal attacks, if the "Gallery avatars" setting is enabled (CAN-2005-0258).

Impact

Remote attackers can exploit the session handling flaw to gain phpBB administrator rights. By providing a local and a remote location for an avatar and setting the "Upload Avatar from a URL:" field to point to the target file, a malicious local user can read arbitrary local files. By inserting "/../" sequences into the "avatarselect" parameter, a remote attacker can exploit the directory traversal vulnerability to delete arbitrary files. A flaw in the "viewtopic.php" script can be exploited to expose the full path of PHP scripts.

Workaround

There is no known workaround at this time.

Resolution

All phpBB users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpBB-2.0.13"

References

[ 1 ] CAN-2005-0258

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0258

[ 2 ] CAN-2005-0259

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0259

[ 3 ] phpBB announcement

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-03

http://security.gentoo.org/


Severity: Normal
Title: Gaim: Multiple Denial of Service issues
Date: March 01, 2005
Bugs: #83253
ID: 200503-03


Synopsis

Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application.

Background

Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols.

Affected packages


     Package      /  Vulnerable  /                          Unaffected

  1  net-im/gaim       < 1.1.4                                >= 1.1.4

Description

Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML code could lead to invalid memory accesses (CAN-2005-0208 and CAN-2005-0473).

Impact

Remote attackers could exploit these issues, resulting in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Gaim users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/gaim-1.1.4"

References

[ 1 ] CAN-2005-0208

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208

[ 2 ] CAN-2005-0472

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472

[ 3 ] CAN-2005-0473

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-04

http://security.gentoo.org/


Severity: High
Title: phpWebSite: Arbitrary PHP execution and path disclosure
Date: March 01, 2005
Bugs: #83297
ID: 200503-04


Synopsis

Remote attackers can upload and execute arbitrary PHP scripts, another flaw reveals the full path of scripts.

Background

phpWebSite provides a complete web site content management system.

Affected packages


     Package              /   Vulnerable   /                Unaffected

  1  www-apps/phpwebsite      < 0.10.0-r2                 >= 0.10.0-r2

Description

NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure.

Impact

A remote attacker can exploit this issue to upload files to a directory within the web root. By calling the uploaded script the attacker could then execute arbitrary PHP code with the rights of the web server. By passing specially crafted requests to the search module, remote attackers can also find out the full path of PHP scripts.

Workaround

There is no known workaround at this time.

Resolution

All phpWebSite users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.0-r2"

References

[ 1 ] Secunia Advisory SA14399

http://secunia.com/advisories/14399/

[ 2 ] phpWebSite announcement

http://phpwebsite.appstate.edu/index.php?module=announce&ANN_id=922&ANN_user_op=view

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-04.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Ubuntu Linux


Ubuntu Security Notice USN-86-1 February 28, 2005
curl vulnerability
CAN-2005-0940

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libcurl2
libcurl2-gssapi

The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

infamous41md discovered a buffer overflow in cURL's NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1.diff.gz
Size/MD5: 160391 4f1c042b0f375a8d06e0403e5baa3b7e
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1.dsc
Size/MD5: 707 5ec7fa4228218f3186ad7f41ef1b56eb
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2.orig.tar.gz
Size/MD5: 1435629 25e6617ea7dec34d072426942b77801f

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb
Size/MD5: 108602 17f9e77e1a091f5e22024396ab19be5f
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb
Size/MD5: 1043660 1163357a2e57d670326df84ccbe01108
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb
Size/MD5: 568022 b91d5f9a6b39b84962840f8f0a552f91
http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb
Size/MD5: 111892 283edaf68d6a725710ed966a09729fb1
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.1_amd64.deb
Size/MD5: 224598 d5549b89c19484e8b4488a46e4b5b727

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb
Size/MD5: 107762 dbb0f3404f4955d89e39134c309ba68d
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb
Size/MD5: 1028978 6fb4edd748b6b2e92db5cc935fb063cb
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb
Size/MD5: 556594 31b0848d7a44250a2f3536ead3462a0f
http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb
Size/MD5: 109912 0b5b91da5ca5fc37b1d1e5f04c51962e
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.1_i386.deb
Size/MD5: 222848 77aa777db65b32788cea78fdd1d9ef4d

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb
Size/MD5: 110090 ae4f871f3f6126b1ecf787affe26640c
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb
Size/MD5: 1052794 4bf356eeaaf1f6af0723cc0c63a4ed57
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb
Size/MD5: 573412 501500cf49764c55476e339e9347cd9a
http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb
Size/MD5: 116296 9f6d567b715c1ee08afecc02c8909783
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.1_powerpc.deb
Size/MD5: 229450 1c45a89cb1c4852d1260aa21bcc1f6c0


Ubuntu Security Notice USN-87-1 February 28, 2005
cyrus21-imapd vulnerability
CAN-2005-0546

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

cyrus21-imapd

The problem can be corrected by upgrading the affected package to version 2.1.16-6ubuntu0.3. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Sean Larsson discovered a buffer overflow in the IMAP "annotate" extension. This possibly allowed an authenticated IMAP client to execute arbitrary code with the privileges of the Cyrus IMAP server.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3.diff.gz
Size/MD5: 236064 389812cf102f362acbdd8427d42a3fcc
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3.dsc
Size/MD5: 1040 7b56583400526281be8452c3c9ce24df
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16.orig.tar.gz
Size/MD5: 1687454 8f4ff803a910d0f4e4cfab3b13a6080d

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-admin_2.1.16-6ubuntu0.3_all.deb
Size/MD5: 87974 ea896023fb72b192e5b84d97e1c9f612
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-doc_2.1.16-6ubuntu0.3_all.deb
Size/MD5: 206610 6c655f7135379dc53f7a12f648717af3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_amd64.deb
Size/MD5: 107060 35173577eee7aa4e58d081ae17423949
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_amd64.deb
Size/MD5: 2071564 a6704031b0a84ab7f7561a2133f91cb4
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_amd64.deb
Size/MD5: 267960 c406a6936d0442da7ac366601a5bd396
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_amd64.deb
Size/MD5: 591192 182d1004c78315bf4487021723151a28
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_amd64.deb
Size/MD5: 526746 3c68af3b07ec57a0ae52b87064c8df63
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_amd64.deb
Size/MD5: 93078 970dc32aeb86f6cdf9f0d385269122ae
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_amd64.deb
Size/MD5: 137768 2642bf39e391884bcde4712eb9191b94

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_i386.deb
Size/MD5: 104238 c9a63b935d093726a3f2a816c3982d1f
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_i386.deb
Size/MD5: 1949418 6fcee0507a1bfa3291fbf617da7ac626
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_i386.deb
Size/MD5: 261406 70d285879999adaf211ccaa36dbb7ab2
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_i386.deb
Size/MD5: 561746 aec4f8aebecd6ce20f84456926a2dbe6
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_i386.deb
Size/MD5: 493322 35ad3b8ad6f3a8d010187758a72aab54
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_i386.deb
Size/MD5: 85204 8bb2c9dc9ab196ccd42a67ee5049ae60
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_i386.deb
Size/MD5: 133844 15277d0438a3966ff1f091cc2f89f6f2

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-clients_2.1.16-6ubuntu0.3_powerpc.deb
Size/MD5: 106852 d464f8d95c19f2b6e2ab799756ce7253
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-common_2.1.16-6ubuntu0.3_powerpc.deb
Size/MD5: 2083580 9605c7608e077530ceb7ad39e3aa6e1b
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-dev_2.1.16-6ubuntu0.3_powerpc.deb
Size/MD5: 265422 0b3be1bfb756b3f6a81ce253c5564ffa
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-imapd_2.1.16-6ubuntu0.3_powerpc.deb
Size/MD5: 593502 82b7ea2f28f9aec84334a13c9fdfd742
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-murder_2.1.16-6ubuntu0.3_powerpc.deb
Size/MD5: 527656 cf5477019633341b42047261b18f01f2
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/cyrus21-pop3d_2.1.16-6ubuntu0.3_powerpc.deb
Size/MD5: 93268 3589f4386b12fc4c6cec1676713a556a
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus21-imapd/libcyrus-imap-perl21_2.1.16-6ubuntu0.3_powerpc.deb
Size/MD5: 135818 5a148e9feaa9c0d45cb16e333e32c8aa


Ubuntu Security Notice USN-88-1 February 28, 2005
reportbug information disclosure
https://bugzilla.ubuntulinux.org/6600
https://bugzilla.ubuntulinux.org/6717

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

reportbug

The problem can be corrected by upgrading the affected package to version 2.62ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. However, if your users already have ~/.reportbugrc files with SMTP passwords, you need to manually change their permissions with

chmod 600 .reportbugrc

Details follow:

Rolf Leggewie discovered two information disclosure bugs in reportbug.

The per-user configuration file ~/.reportbugrc was created world-readable. If it contained email smarthost passwords, these were readable by any other user on the computer storing the home directory.

reportbug usually includes the settings from ~/.reportbugrc in generated bug reports. This included the "smtppasswd" setting (the password for an SMTP email smarthost) as well. The password is now hidden from reports.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1.dsc
Size/MD5: 540 19dab43ca7c942311e87ad5e48e32a39
http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1.tar.gz
Size/MD5: 115256 9b3fbec6a6974274068afb08835f0fdc

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1_all.deb
Size/MD5: 104630 f051c98020dffd1e8ae3253ab72e88ce


Ubuntu Security Notice USN-89-1 February 28, 2005
libxml vulnerabilities
CAN-2004-0989

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libxml1

The problem can be corrected by upgrading the affected package to version 1:1.8.17-8ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Several buffer overflows have been discovered in libxml's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml.

This does not affect the core XML parsing code, which is what the majority of programs use this library for.

Note: The same vulnerability was already fixed for libxml2 in USN-10-1.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17-8ubuntu0.1.diff.gz
Size/MD5: 361144 49c17811be2abc30c48984e0f46454fb
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17-8ubuntu0.1.dsc
Size/MD5: 756 5d9e3b59a2d624d52af231926a84fb1d
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml_1.8.17.orig.tar.gz
Size/MD5: 1016403 b8f01e43e1e03dec37dfd6b4507a9568

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_amd64.deb
Size/MD5: 385860 672acd61cde9389539ea2e8d68a1d2db
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_amd64.deb
Size/MD5: 225922 e1f0cdc93c32b6bd256070dc45d5e2a7

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_i386.deb
Size/MD5: 361434 41037748a8cb40a6bd26b0d0d5ee3387
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_i386.deb
Size/MD5: 212158 7f149fcc590aa2162810fdae5a47cd29

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml-dev_1.8.17-8ubuntu0.1_powerpc.deb
Size/MD5: 392636 b445671f31603b7e12b8c47fd7ea6697
http://security.ubuntu.com/ubuntu/pool/main/libx/libxml/libxml1_1.8.17-8ubuntu0.1_powerpc.deb
Size/MD5: 220004 e3cd12326fae6972a44ac59a8af97697