dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories: April 6, 2005

Apr 07, 2005, 04:45 (0 Talkback[s])

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200504-04

http://security.gentoo.org/


Severity: Normal
Title: mit-krb5: Multiple buffer overflows in telnet client
Date: April 06, 2005
Bugs: #87145
ID: 200504-04


Synopsis

The mit-krb5 telnet client is vulnerable to two buffer overflows, which could allow a malicious telnet server operator to execute arbitrary code.

Background

The MIT Kerberos 5 implementation provides a command line telnet client which is used for remote login via the telnet protocol.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  app-crypt/mit-krb5     < 1.3.6-r2                     >= 1.3.6-r2

Description

A buffer overflow has been identified in the env_opt_add() function, where a response requiring excessive escaping can cause a heap-based buffer overflow. Another issue has been identified in the slc_add_reply() function, where a large number of SLC commands can overflow a fixed size buffer.

Impact

Successful exploitation would require a vulnerable user to connect to an attacker-controlled telnet host, potentially executing arbitrary code with the permissions of the telnet user on the client.

Workaround

There is no known workaround at this time.

Resolution

All mit-krb5 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6-r2"

References

[ 1 ] CAN-2005-0468

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468

[ 2 ] CAN-2005-0469

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469

[ 3 ] MITKRB5-SA-2005-001

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-04.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200504-05

http://security.gentoo.org/


Severity: Low
Title: Gaim: Denial of Service issues
Date: April 06, 2005
Updated: April 06, 2005
Bugs: #87903
ID: 200504-05:02


Synopsis

Gaim contains multiple vulnerabilities that can lead to a Denial of Service.

Background

Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols.

Affected packages


     Package      /  Vulnerable  /                          Unaffected

  1  net-im/gaim       < 1.2.1                                >= 1.2.1

Description

Multiple vulnerabilities have been addressed in the latest release of Gaim:

  • A buffer overread in the gaim_markup_strip_html() function, which is used when logging conversations (CAN-2005-0965).
  • Markup tags are improperly escaped using Gaim's IRC plugin (CAN-2005-0966).
  • Sending a specially crafted file transfer request to a Gaim Jabber user can trigger a crash (CAN-2005-0967).

Impact

An attacker could possibly cause a Denial of Service by exploiting any of these vulnerabilities.

Workaround

There is no known workaround at this time.

Resolution

All Gaim users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1"

References

[ 1 ] CAN-2005-0967

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967

[ 2 ] CAN-2005-0966

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966

[ 3 ] CAN-2005-0965

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965

[ 4 ] Gaim Vulnerability Index

http://gaim.sourceforge.net/security/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Slackware Linux

[slackware-security] PHP (SSA:2005-095-01)

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues.

More details about the issues may be found in the PHP ChangeLogs on the PHP web site: http://php.net

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/php-4.3.11-i486-1.tgz: Upgraded to php-4.3.11.
"This is a maintenance release that in addition to over 70 non-critical bug fixes addresses several security issues inside the exif and fbsql extensions as well as the unserialize(), swf_definepoly() and getimagesize() functions."
(* Security fix *)
testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz: Upgraded to php-5.0.4. Fixes various bugs (and security issues.)
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.11-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.11-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.11-i486-1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/php-4.3.11-i486-1.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/php-4.3.11-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.11-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
fdc05e23a4132fc5a27e53fe056e8349 php-4.3.11-i386-1.tgz

Slackware 9.0 package:
c39802066035ae18b087059db9e48d33 php-4.3.11-i386-1.tgz

Slackware 9.1 package:
644da7c59b6b707a4e9afd389c595d33 php-4.3.11-i486-1.tgz

Slackware 10.0 package:
0361b80a4b69d35f3cd7b45f6ae801c3 php-4.3.11-i486-1.tgz

Slackware 10.1 packages:
8a62d6953f5a5a08f59daba2b6bb1085 php-4.3.11-i486-1.tgz
843fe926a820cfbaf2360dd65499ccb0 php-5.0.4-i486-1.tgz

Slackware -current packages:
a03e8b481895e80578b93fe57c0510fc php-4.3.11-i486-1.tgz
843fe926a820cfbaf2360dd65499ccb0 php-5.0.4-i486-1.tgz

Installation instructions:

First, stop apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-4.3.11-i486-1.tgz

Finally, restart apache:
# apachectl start (or: apachectl startssl)

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Ubuntu Linux


Ubuntu Security Notice USN-108-1 April 05, 2005
gtk+2.0, gdk-pixbuf vulnerabilities
CAN-2005-0891

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libgdk-pixbuf2
libgtk2.0-0

The problem can be corrected by upgrading the affected package to version 0.22.0-7ubuntu1.1 (libgdk-pixbuf2) and 2.4.10-1ubuntu1.1 (libgtk2.0-0). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Matthias Clasen discovered a Denial of Service vulnerability in the BMP image module of gdk. Processing a specially crafted BMP image with an application using gdk-pixbuf caused an allocated memory block to be free()'ed twice, leading to a crash of the application. However, it is believed that this cannot be exploited to execute arbitrary attacker provided code.

Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.diff.gz
Size/MD5: 371559 6eda65660063879e8fcb9c13f32acc8a
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-7ubuntu1.1.dsc
Size/MD5: 723 1733720ee9e346a1564ae45c4e5ab2b2
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz
Size/MD5: 519266 4db0503b5a62533db68b03908b981751
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.diff.gz
Size/MD5: 46203 8a6ebac91a341bfec1a4e40e22c6e4e2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10-1ubuntu1.1.dsc
Size/MD5: 1936 45ca99b8b54fb1a34716380edcdc22d2
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/gtk+2.0_2.4.10.orig.tar.gz
Size/MD5: 14140860 b1876ebde3b85bceb576ee5e2ecfd60b

Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-common_2.4.10-1ubuntu1.1_all.deb
Size/MD5: 2778688 7817b2b2187db31d21ee3c3d72ef6c64
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-doc_2.4.10-1ubuntu1.1_all.deb
Size/MD5: 1877562 392cfa514cdfac3307a5c051a1d83be9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 261990 acd7487241d60424bf0901a36ea49c20
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 155396 824fb12f5f2c808d1fe9be57d18cc24b
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 8524 1e22ab97a0f2ea92f13f61f1dd8e7901
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 7944 83ccb50f72b4adf65e8dd83cc3112d28
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_amd64.deb
Size/MD5: 183296 412c10985e923bb6f965bba344b1b584
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 2183922 2f95da8893c36ef012daacb33b64a68b
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 13934 3f15e4e19464edee9bec3e03bceb6a5a
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 10299776 69bee0e979b89a26fc2bdfb0d0936da0
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_amd64.deb
Size/MD5: 2841746 da7656c49d7a53144fdcc0cc30e10300

i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 258614 b4143d9c3f9508a4d02b321a83587a13
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 147238 b753bfcecffb4694572a1fd23f365f25
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 7636 69e339f1559495af69bd1e2729a969ae
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 7188 fd233fc7c62a0ccb3353d802aa3e347e
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_i386.deb
Size/MD5: 167464 85d56ca9adbbf4b12d90665f14cbab9d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 2000760 a48d7ccb98352bdec84cb066fb6cad14
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 13288 812f0d4bd1e6fbc7c1b0d85caa11c228
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 10067810 6d984fa1f6b3abaf4a1861aaa955820f
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_i386.deb
Size/MD5: 2484426 b283dce0ceebe5cfdff2ac86960445b5

powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gtk+2.0/gtk2.0-examples_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 260412 de11296455cd7b06eea78e6f49a7bcd2
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 163118 fbde558bcf35a4334b431e362ab854ac
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 9162 6dd4f1856a9ccd034bb09a4aa691ca0e
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 9494 af0e66ba1520dedf6f4edd1bddc62a17
http://security.ubuntu.com/ubuntu/pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-7ubuntu1.1_powerpc.deb
Size/MD5: 192186 88f579eeff03b81ce45ff03dfb260df5
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-0_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 2118578 3be811e254b9f042267f937a3b9f8171
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-bin_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 16056 8f00fc4931970ff94ef915194d81031f
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dbg_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 10329060 9dfecd1aab94c16f2c8cf90d5e94c91d
http://security.ubuntu.com/ubuntu/pool/main/g/gtk+2.0/libgtk2.0-dev_2.4.10-1ubuntu1.1_powerpc.deb
Size/MD5: 3084834 2e84877a938df6886104119ba59c8e2a


Ubuntu Security Notice USN-109-1 April 06, 2005
mysql-dfsg vulnerability
CAN-2004-0957

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

mysql-server

The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.5. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-32-1 fixed a database privilege escalation vulnerability; original advisory text:

"If a user was granted privileges to a database with a name containing an underscore ("_"), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)"

Recently a corner case was discovered where this vulnerability can still be exploited, so another update is necessary.=20

Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.5.diff.gz

Size/MD5: 176049 5327f1a5d1a3827fba4f33d7292e1b41
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.5.dsc
Size/MD5: 892 a5317ab608e8c23ad3363b4d7fe96ba9
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b

Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.5_all.deb
Size/MD5: 24778 2a297ce189a18851dd5a7423f25d905e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 2810714 7869e26ba1893de1feb7633f409a90da
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 304846 86393fa9f4ecae507b17707f5e3a8eaf
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 422898 67670eeeddad130ecca1045a2f9e67fd
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 3577760 8357127a732b5592d3642fc9314b7154

i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.5_i386.deb

Size/MD5: 2774158 dabd78b39cf3a747206b3e8dd09d18d0
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 287792 3b4dc6eacf77df5cbe9cfba2b1c75627
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 396908 9320dccff0733303d388deb406695ff4
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 3486994 7e68be99e0161424dd2f42193824b613

powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.5_powerpc.deb

Size/MD5: 3110200 ec39921634e29dad12e91752936b7b04
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 308470 961a07fe56d137daebb7b1c13959efc1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 452296 8dedc6992b4f66fcd33f34bf84494490
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 3770438 782e8cfddf512c4ca31d4949fab25da4