dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories: March 3, 2005

Mar 04, 2005, 04:45 (0 Talkback[s])

Conectiva Linux


CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : clamav
SUMMARY : Fix for denial of service in clamav
DATE : 2005-03-03 14:40:00
ID : CLA-2005:928
RELEVANT RELEASES : 10


DESCRIPTION
Clamav[1] is an anti-virus utility for Unix/Linux.

This announcement updates clamav so it is able to update its database from the server without any problems related to its format and also because it fixes a security issue which could lead to a denial of service[2] situation.

SOLUTION
It is recommended that all clamav users upgrade their packages. This update will automatically restart the service if it is already running.

REFERENCES
1.http://www.clamav.net/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0133

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/clamav-0.83-70136U10_7cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-0.83-70136U10_7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/clamav-database-0.83.20041125-70136U10_7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-0.83-70136U10_7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav-devel-static-0.83-70136U10_7cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libclamav1-0.83-70136U10_7cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Fedora Core


Fedora Update Notification
FEDORA-2005-188
2005-03-03

Product : Fedora Core 3
Name : HelixPlayer
Version : 1.0.3
Release : 3.fc3
Summary : Open source media player based on the Helix framework

Description :
The Helix Player 1.0 is an open-source media player built in the Helix Community for consumers. Built using GTK, it plays open source formats, like Ogg Vorbis and Theora using the powerful Helix DNA Client Media Engine.


Update Information:

Updated HelixPlayer packages that fixes two buffer overflow issues are now
available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

A stack based buffer overflow bug was found in HelixPlayer's Synchronized Multimedia Integration Language (SMIL) file processor. An attacker could create a specially crafted SMIL file which would execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0455 to this issue.

A buffer overflow bug was found in the way HelixPlayer decodes WAV files. An attacker could create a specially crafted WAV file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-0611 to this issue.

All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer 1.0.3 which is not vulnerable to these issues.


  • Thu Mar 3 2005 Ray Strode <rstrode@redhat.com> 1:1.0.3-3.fc3
    • Actually update to 1.0.3
  • Thu Mar 3 2005 Ray Strode <rstrode@redhat.com> 1:1.0.3-2.fc3
    • Update to 1.0.3 to fix 150098 and 150103.
    • Add some execshield foo to stop some execstack regressions
    • Add libogg-devel build req to tame compiler

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

6b65dacea8b1502caa8c98d0076f1d6e SRPMS/HelixPlayer-1.0.3-3.fc3.src.rpm
c385ef4c8ef6ee53ac7c784bb8fd7b58 x86_64/HelixPlayer-1.0.3-3.fc3.i386.rpm
c385ef4c8ef6ee53ac7c784bb8fd7b58 i386/HelixPlayer-1.0.3-3.fc3.i386.rpm
f8d4f9ae8b90ba0e506b83b1e8c0636f i386/debug/HelixPlayer-debuginfo-1.0.3-3.fc3.i 386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200503-05

http://security.gentoo.org/


Severity: Normal
Title: xli, xloadimage: Multiple vulnerabilities
Date: March 02, 2005
Bugs: #79762
ID: 200503-05


Synopsis

xli and xloadimage are vulnerable to multiple issues, potentially leading to the execution of arbitrary code.

Background

xli and xloadimage are X11 utilities for displaying and manipulating a wide range of image formats.

Affected packages


     Package               /   Vulnerable   /               Unaffected


1 media-gfx/xloadimage < 4.1-r2 >= 4.1-r2 2 media-gfx/xli < 1.17.0-r1 >= 1.17.0-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team has reported that xli and xloadimage contain a flaw in the handling of compressed images, where shell meta-characters are not adequately escaped. Rob Holland of the Gentoo Linux Security Audit Team has reported that an xloadimage vulnerability in the handling of Faces Project images discovered by zen-parse in 2001 remained unpatched in xli. Additionally, it has been reported that insufficient validation of image properties in xli could potentially result in buffer management errors.

Impact

Successful exploitation would permit a remote attacker to execute arbitrary shell commands, or arbitrary code with the privileges of the xloadimage or xli user.

Workaround

There is no known workaround at this time.

Resolution

All xli users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r1"

All xloadimage users should also upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r2"

References

[ 1 ] CAN-2001-0775

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0775

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-06

http://security.gentoo.org/


Severity: Normal
Title: BidWatcher: Format string vulnerability
Date: March 03, 2005
Bugs: #82460
ID: 200503-06


Synopsis

BidWatcher is vulnerable to a format string vulnerability, potentially allowing arbitrary code execution.

Background

BidWatcher is a free auction tool for eBay users to keep track of their auctions.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  net-misc/bidwatcher      < 1.3.17                       >= 1.3.17

Description

Ulf Harnhammar discovered a format string vulnerability in "netstuff.cpp".

Impact

Remote attackers can potentially exploit this vulnerability by sending specially crafted responses via an eBay HTTP server or a man-in-the-middle attack to execute arbitrary malicious code.

Workaround

There is no known workaround at this time.

Resolution

All BidWatcher users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/bidwatcher-1.13.17"

References

[ 1 ] CAN-2005-0158

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0158

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200503-07

http://security.gentoo.org/


Severity: Normal
Title: phpMyAdmin: Multiple vulnerabilities
Date: March 03, 2005
Bugs: #83190, #83792
ID: 200503-07


Synopsis

phpMyAdmin contains multiple vulnerabilities that could lead to command execution, XSS issues and bypass of security restrictions.

Background

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser.

Affected packages


     Package            /    Vulnerable    /                Unaffected

  1  dev-db/phpmyadmin      < 2.6.1_p2-r1               >=3D 2.6.1_p2-r1

Description

phpMyAdmin contains several security issues:

  • Maksymilian Arciemowicz has discovered multiple variable injection vulnerabilities that can be exploited through "$cfg" and "GLOBALS" variables and localized strings
  • It is possible to force phpMyAdmin to disclose information in error messages
  • Failure to correctly escape special characters

Impact

By sending a specially-crafted request, an attacker can include and execute arbitrary PHP code or cause path information disclosure. furthermore the XSS issue allows an attacker to inject malicious script code, potentially compromising the victim's browser. Lastly the improper escaping of special characters results in unintended privilege settings for MySQL.

Workaround

There is no known workaround at this time.

Resolution

All phpMyAdmin users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=3Ddev-db/phpmyadmin-2.6.1_p2-r1"

References

[ 1 ] PMASA-2005-1

http://www.phpmyadmin.net/home_page/security.php?issue=3DPMASA-20051

[ 2 ] PMASA-2005-2

http://www.phpmyadmin.net/home_page/security.php?issue=3DPMASA-20052

[ 3 ] phpMyAdmin bug 1113788

http://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D1113788&group_id=3D23067&atid=3D377408

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Ubuntu Linux


Ubuntu Security Notice USN-90-1 March 03, 2005
imagemagick vulnerability
CAN-2005-0397

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

imagemagick
libmagick6

The problem can be corrected by upgrading the affected package to version 5:6.0.2.5-1ubuntu1.4. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Tavis Ormandy discovered a format string vulnerability in ImageMagick's file name handling. Specially crafted file names could cause a program using ImageMagick to crash, or possibly even cause execution of arbitrary code.

Since ImageMagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the printer spooler's privileges). However, Ubuntu's standard printing system does not use ImageMagick, thus there is no risk of privilege escalation in a standard installation.

ImageMagick is also commonly used by web frontends; if these accept image uploads with arbitrary file names, this could also lead to remote privilege escalation.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4.diff.gz
Size/MD5: 129865 b6158cb1e8ac827114bbd483465e8f90
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4.dsc
Size/MD5: 874 6d01d5029e385ef25ffcc4b7c1b8f9bc
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5.orig.tar.gz
Size/MD5: 6700454 207fdb75b6c106007cc483cf15e619ad

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4_amd64.deb
Size/MD5: 1366250 9bd394c1da6ea7f94619af3f9afd8796
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.4_amd64.deb
Size/MD5: 226626 a8fb07c1e1c893d64fd1450518da0c71
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.4_amd64.deb
Size/MD5: 161238 538c672bbbfe4e1c7ff23bd0e531a4d2
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.4_amd64.deb
Size/MD5: 1520098 8bcdd9116e7fd42772b3bd3b3eb97695
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.4_amd64.deb
Size/MD5: 1167436 817bc00875893b331e673b6199516bf0
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.4_amd64.deb
Size/MD5: 138790 df954c96f52dad5f38302c04f387de54

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4_i386.deb
Size/MD5: 1366210 92438f9dc9e47084c225f6b16390f645
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.4_i386.deb
Size/MD5: 206716 7d8f89d2f933e03ba957a4dab3bd3b05
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.4_i386.deb
Size/MD5: 162920 cdb938585e251bd9304f3203efe4541a
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.4_i386.deb
Size/MD5: 1425872 439f600c0fd309caf5e69df2e7e98a88
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.4_i386.deb
Size/MD5: 1115876 d487f8b1259d468c5c0309c2937388a4
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.4_i386.deb
Size/MD5: 137370 a5a62a05568a9687681c30c4cdd7e749

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/imagemagick_6.0.2.5-1ubuntu1.4_powerpc.deb
Size/MD5: 1371458 4c9cf675b5e4d68b903bfc92f657137d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6-dev_6.0.2.5-1ubuntu1.4_powerpc.deb
Size/MD5: 225366 5772b0ce2aa584a9030bbbe4388b3f95
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick++6_6.0.2.5-1ubuntu1.4_powerpc.deb
Size/MD5: 154678 01f57a326e5fd9785fd1c9e7aecacc8d
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6-dev_6.0.2.5-1ubuntu1.4_powerpc.deb
Size/MD5: 1660840 ee31f265a2129e7a9da5b9c26dd35910
http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/libmagick6_6.0.2.5-1ubuntu1.4_powerpc.deb
Size/MD5: 1151880 9612131ca3b44c2c6f22b3a751143297
http://security.ubuntu.com/ubuntu/pool/universe/i/imagemagick/perlmagick_6.0.2.5-1ubuntu1.4_powerpc.deb
Size/MD5: 136294 eb63a44b42367710ec5fd91fedb369e2