Linux Today: Linux News On Internet Time.

More on LinuxToday

Advisories, March 18, 2005

Apr 19, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 710-1 Martin Schulze
April 18th, 2005

Package : gtkhtml
Vulnerability : null pointer dereference Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2003-0541
Debian Bug : 279726

Alan Cox discovered a problem in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a cras due to a null pointer dereference.

For the stable distribution (woody) this problem has been fixed in version 1.0.2-1.woody1.

For the unstable distribution (sid) this problem has been fixed in version 1.0.4-6.2.

We recommend that you upgrade your gtkhtml package and restart Evolution.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:
Size/MD5 checksum: 1125 6988f7d4a99fb8d11718ffe378f43b3b
Size/MD5 checksum: 7774 1c2ba9567085f2f53be68f90c83ca1b0
Size/MD5 checksum: 1303882 5276fcca2007f2d1a9da912f167da942

Architecture independent components:
Size/MD5 checksum: 110140 201592f40c1af63858d3eeaa86199aff

Alpha architecture:
Size/MD5 checksum: 183820 5ee322b2a611a805024d111d4f09294b
Size/MD5 checksum: 471328 af1ab4aa1163476af6934311a17cc20a
Size/MD5 checksum: 265262 647cc727c44ea8f7b20deae2b92ecde9

ARM architecture:
Size/MD5 checksum: 161032 cb49c5d6f69fe2586cdb67635e2389de
Size/MD5 checksum: 369672 3f62dab704cbcbe4b42ca92f6ee9c8c2
Size/MD5 checksum: 228732 d7c6e04d352fa685923897c90390124b

Intel IA-32 architecture:
Size/MD5 checksum: 161342 764b98a643e95cd6c71c63321558f09b
Size/MD5 checksum: 327032 73c654db1df353ceba333cb360fd4371
Size/MD5 checksum: 211340 1121bd3c7c999475e29318d5b51d7893

Intel IA-64 architecture:
Size/MD5 checksum: 220844 a76275284742a70e1ef531f116031c41
Size/MD5 checksum: 521132 a2a818095e2b1269c76d51000e83a94d
Size/MD5 checksum: 365282 5b2435c82e113857df3f071b3523da9a

HP Precision architecture:
Size/MD5 checksum: 181092 840d582a8ccc53b53e8ae2a5386cb581
Size/MD5 checksum: 459262 0f1d29d73b8e3d4c4f0ac1cfaa9ca75f
Size/MD5 checksum: 301290 dda8c4920f558bc87db7d49516e1d0a8

Motorola 680x0 architecture:
Size/MD5 checksum: 156492 f1c02dc230f2015b44fa828d527d7284
Size/MD5 checksum: 321408 1d4eccc30bc5b16ec0226c26ff938491
Size/MD5 checksum: 218960 798d4773c9a416366aee3b8f8a20e96e

Big endian MIPS architecture:
Size/MD5 checksum: 158670 48616031e2b54586d474574a15569330
Size/MD5 checksum: 424980 0824af5b2aea3d06cbc26b74734deabc
Size/MD5 checksum: 228374 f5b41b3662fc916ca55c33ee73853bde

Little endian MIPS architecture:
Size/MD5 checksum: 157646 256efff4ab081d37dc693fc30384c30b
Size/MD5 checksum: 418884 7fcfe4003100d1d59c51577eb76cbfb9
Size/MD5 checksum: 226316 c8cd02352947788665d3a8ee341d5975

PowerPC architecture:
Size/MD5 checksum: 159592 db5e3e20547b5d8ef7be23424d4b846f
Size/MD5 checksum: 392412 a6c3956e372ce45f707e42c5fbe831de
Size/MD5 checksum: 240908 a48a52556fb17012df3d6921982597c5

IBM S/390 architecture:
Size/MD5 checksum: 160992 8c619e5d0bfb20ad019a332fd5057202
Size/MD5 checksum: 350854 7b8292d0fd63d0f6857859db343ddcd0
Size/MD5 checksum: 243026 8e27d879237c8c194bd3b4e74d80c63f

Sun Sparc architecture:
Size/MD5 checksum: 165438 4d2ce3c43769b52723137ad5bf72430a
Size/MD5 checksum: 369240 76a7721207df6f4b9b9478d2bea4389f
Size/MD5 checksum: 232952 ae95aec6f4e069ea36f7faf69ec888f7

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: Package info: `apt-cache show <pkg>' and<pkg>

Fedora Core

Fedora Update Notification

Product : Fedora Core 3
Name : php
Version : 4.3.11
Release : 2.4
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)

Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.

Update Information:

This update includes the latest stable release of PHP 4.3, including a number of security fixes to the exif extension (CVE CAN-2005-1042 and CAN-2005-1043) and the getimagesize() function (CVE CAN-2005-0524), along with many bug fixes.

* Wed Apr 6 2005 Joe Orton <> 4.3.11-2.4
  • snmp: disable MSHUTDOWN function to prevent error_log noise
  • really restore Net_SMTP from PEAR
  • revert default php.ini changes since 4.3.10
  • restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP
  • remove bundled PEAR packages HTML_TemplateIT, NetUserAgent_Detect
  • update to 4.3.11 (CAN-2005-0524, #153141)
  • revert Zend double->long conversion change (#143514)
  • don't configure with --enable-safe-mode (#148969)
  • install gd headers (#145891)
  • bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball)

This update can be downloaded from:

37ba9891122583c69a5086c9d2fd2102 SRPMS/php-4.3.11-2.4.src.rpm
5f55d6dba7e02348783348b6759242f9 x86_64/php-4.3.11-2.4.x86_64.rpm
6a78adae0f8f9bba54387847b100fd96 x86_64/php-devel-4.3.11-2.4.x86_64.rpm
c078f4c78928558bac77a8b182cbabb2 x86_64/php-pear-4.3.11-2.4.x86_64.rpm
e437dcd4b70e0df01febae880a5bc70f x86_64/php-imap-4.3.11-2.4.x86_64.rpm
1dbef89de378f779061e49e8cb2d0e94 x86_64/php-ldap-4.3.11-2.4.x86_64.rpm
d5ae259075870e63d316229604957da8 x86_64/php-mysql-4.3.11-2.4.x86_64.rpm
a451afd4a2349c35c423db1905a768c9 x86_64/php-pgsql-4.3.11-2.4.x86_64.rpm
2e66b7cf8d2e933a069cec155c183f31 x86_64/php-odbc-4.3.11-2.4.x86_64.rpm
cfe08c4c4f8d43a7818aa8b48325ecd1 x86_64/php-snmp-4.3.11-2.4.x86_64.rpm
a51bfe897fae0a405ed2b6903cddcd50 x86_64/php-domxml-4.3.11-2.4.x86_64.rpm
0716c2c04d3bba58731b32d3d65e6770 x86_64/php-xmlrpc-4.3.11-2.4.x86_64.rpm
0eedc210d61bb40387b14061ead7d417 x86_64/php-mbstring-4.3.11-2.4.x86_64.rpm
ef1b4ca7890d51e8d75a890b4fd7fe60 x86_64/php-ncurses-4.3.11-2.4.x86_64.rpm
4dc74e7d7fd46e2ec241c12d25451c21 x86_64/php-gd-4.3.11-2.4.x86_64.rpm
b5156d2cadc5fcd4bee9a86e7610b211 x86_64/debug/php-debuginfo-4.3.11-2.4.x86_64.rpm
bd225ddda74ef2431da1ee38eb85871b i386/php-4.3.11-2.4.i386.rpm
40a45386cd76b9386efd22e09be8467a i386/php-devel-4.3.11-2.4.i386.rpm
421d85b05c9aab1d1eba602f39f50c6a i386/php-pear-4.3.11-2.4.i386.rpm
3553b774daa0a991be9eaae9815c0ddb i386/php-imap-4.3.11-2.4.i386.rpm
d102699b4264c735af2cfa0a305c9cca i386/php-ldap-4.3.11-2.4.i386.rpm
326bb7af88a83aeff7937601fbe35835 i386/php-mysql-4.3.11-2.4.i386.rpm
d917f68f2c53192eec915854c11432b8 i386/php-pgsql-4.3.11-2.4.i386.rpm
9721e9f984e8e56cdad453f5ab03182e i386/php-odbc-4.3.11-2.4.i386.rpm
8853467943485b20226e82cffb1dd321 i386/php-snmp-4.3.11-2.4.i386.rpm
c414f1735ae0fa589f20db0a8dfa88e0 i386/php-domxml-4.3.11-2.4.i386.rpm
ecfbcbb670aa6e764bd3d4c4d1a51a3c i386/php-xmlrpc-4.3.11-2.4.i386.rpm
a5d78f1be3481e3f08e634bee8141f0f i386/php-mbstring-4.3.11-2.4.i386.rpm
8a89a49c4e7e9b94067885eaa0953bb8 i386/php-ncurses-4.3.11-2.4.i386.rpm
ce51c0cda3d383b2feb27082fbfe06be i386/php-gd-4.3.11-2.4.i386.rpm
54b1730c9ce4b17df7a8f3531f27cc83 i386/debug/php-debuginfo-4.3.11-2.4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200504-15

Severity: High
Title: PHP: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #87517
ID: 200504-15


Several vulnerabilities were found and fixed in PHP image handling functions, potentially resulting in Denial of Service conditions or the remote execution of arbitrary code.


PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version of PHP, or can run stand-alone in a CLI.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

1 dev-php/php < 4.3.11 >= 4.3.11 2 dev-php/mod_php < 4.3.11 >= 4.3.11 3 dev-php/php-cgi < 4.3.11 >= 4.3.11 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures.


An integer overflow and an unbound recursion were discovered in the processing of Image File Directory tags in PHP's EXIF module (CAN-2005-1042, CAN-2005-1043). Furthermore, two infinite loops have been discovered in the getimagesize() function when processing IFF or JPEG images (CAN-2005-0524, CAN-2005-0525).


A remote attacker could craft an image file with a malicious EXIF IFD tag, a large IFD nesting level or invalid size parameters and send it to a web application that would process this user-provided image using one of the affected functions. This could result in denying service on the attacked server and potentially executing arbitrary code with the rights of the web server.


There is no known workaround at this time.


All PHP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11"

All mod_php users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11"

All php-cgi users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11"


[ 1 ] PHP 4.3.11 Release Announcement

[ 2 ] CAN-2005-0524

[ 3 ] CAN-2005-0525

[ 4 ] CAN-2005-1042

[ 5 ] CAN-2005-1043


This GLSA and any updates to it are available for viewing at the Gentoo Security Website:


Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to or alternatively, you may file a bug at


Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Gentoo Linux Security Advisory GLSA 200504-16

Severity: High
Title: CVS: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #86476
ID: 200504-16


Several serious vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server or cause a DoS.


CVS (Concurrent Versions System) is an open-source network-transparent version control system. It contains both a client utility and a server.

Affected packages

     Package       /   Vulnerable   /                       Unaffected

  1  dev-util/cvs     < 1.11.18-r1                       >= 1.11.18-r1


Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow (CAN-2005-0753), memory leaks and a NULL pointer dereferencing error.


An attacker could exploit these vulnerabilities to cause a Denial of Service or execute arbitrary code with the permissions of the CVS pserver or the authenticated user (depending on the connection method used).


There is no known workaround at this time.


All CVS users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.18-r1"


[ 1 ] CAN-2005-0753


This GLSA and any updates to it are available for viewing at the Gentoo Security Website:


Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to or alternatively, you may file a bug at


Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

SUSE Linux

SUSE Security Announcement

Package: cvs
Announcement-ID: SUSE-SA:2005:024
Date: Monday, Apr 18st 2005 13:30 MEST
Affected products: 8.2, 9.0, 9.1, 9.2, 9.3 SUSE CORE 9 for x86 SuSE Linux Enterprise Server 8, 9 UnitedLinux 1.0 School-Server 1 Open-Enterprise-Server 9
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE default package: No
Cross References: CAN-2005-0753

Content of this advisory:

  1. security vulnerability resolved: buffer overflow and memory access problem in cvs problem description
  2. solution/workaround
  3. special instructions and notes
  4. package location and checksums
  5. pending vulnerabilities, solutions, workarounds:
    • IDN (Internationalized Domain Name) cloaking
    • PostgreSQL
    • Mozilla
    • OpenOffice_org
  6. standard appendix (further information)

1) problem description, brief discussion

The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. The current maintainer of CVS reported various problems within CVS such as a buffer overflow and memory access problems which have been fixed within the available updates. The CVE project has assigned the CAN number CAN-2005-0753.

2) solution/workaround

There is no easy workaround except shutting down the CVS server.

3) special instructions and notes

No special actions need to be taken after installing this update.

4) package location and checksums

Download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update.
Our maintenance customers are being notified individually. The packages are being offered for installation from the maintenance web.

x86 Platform:

SUSE Linux 9.3: 8e27dd3b7a9867940830aa9dd8fd95bc
patch rpm(s): acd6904641df500ca50da8147ee54019
source rpm(s): 6a075a97c2bd30ade965e90e0f9671c4

SUSE Linux 9.2: 7192dce3bb42cd51c98a3510e9e5e73a
patch rpm(s): ae4b8f9096b50e7f1c3a15e715e4c8e7
source rpm(s): cebc4e07ac34f6a6f76789d6ce0eba37

SUSE Linux 9.1: 07778aea3050bcf05c96ae680b9d01e4
patch rpm(s): 60591530555521e34d798a0d0365686a
source rpm(s): bd4b0324b51cee45f247e41f2f6139d4

SUSE Linux 9.0: 795f6e5a6849706bb439366129833841
patch rpm(s): ec2bb29f912831f9d5e7dd15ec950d9b
source rpm(s): a3695ffd8f741a9f376e5e3244d412c8

SUSE Linux 8.2: 6fc24ea4712d10855e60d26b9262f48c
patch rpm(s): 7b4e1cae79c33c4965b53159bd888a70
source rpm(s): 401896062510804b79ba75a5e800d9e2

x86-64 Platform:

SUSE Linux 9.3: db2665d2e95762aa2c376fed929c44f1
patch rpm(s): 8b3070a29bd15c430980937b53928640
source rpm(s): 6a075a97c2bd30ade965e90e0f9671c4

SUSE Linux 9.2: 21518326918a0a7e42176b60544e214e
patch rpm(s): 8bbb9b4bda742cb62836b6a6453aef2c
source rpm(s): cebc4e07ac34f6a6f76789d6ce0eba37

SUSE Linux 9.1: 7543263ca5374da3a9926cde6c8bd58c
patch rpm(s): 1b245e5669be7b6e082c67d5e094466a
source rpm(s): 8c399e20f6046faa3de70ae0fc133060

SUSE Linux 9.0: 708318fbf0d27efd212c16ac26f63003
patch rpm(s): 7d5f303351ae584f07998847cc476f7c
source rpm(s): ff6eddc0257dfd8dfa1b97653117d2c7

5) Pending vulnerabilities in SUSE Distributions and Workarounds:

  • IDN (Internationalized Domain Name) cloaking / homograph attacks

    Problems with the IDN / punycode handling that allows non-ASCII domain names were reported for every browser.

    • The KDE approach is currently filtering on the top level domain.
    • The Mozilla approach is currently to display punycode.

      We have released Mozilla Firefox and KDE / konqueror updates for this problem, the others (mozilla suite and opera) are still pending.

  • PostgreSQL problems

    Additional PostgreSQL problems were reported:

    • A local user could bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. CAN-2005-0244
    • Other earlier listed problems are already fixed.

      We are still working on updates for this problem.

  • new Mozilla security problems

    Several new Mozilla browser security problems have been reported.

    We are currently addressing these issues.

  • OpenOffice_org heap overflow
    A heap overflow was found in the MS Word document handing of OpenOffice_org, allowing a remote attacker to execute code via a handcrafted .doc file.

    We are preparing updates for this issue.

6) standard appendix: authenticity verification, additional information

  • Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package:

    1. md5sums as provided in the (cryptographically signed) announcement.
    2. using the internal gpg signatures of the rpm package.
    3. execute the command md5sum <name-of-the-file.rpm> after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key, the checksums show proof of the authenticity of the package. We recommend against subscribing to security lists that cause the e-mail message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless.
    4. rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, where <file.rpm> is the file name of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites:
      1. gpg is installed
      2. The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at .
  • SUSE runs two security mailing lists to which any interested party may subscribe:

  • general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to


  • SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to


For general information or the frequently asked questions (faq) send mail to:

<> or <> respectively.

SUSE's security contact is <> or <>. The <> public key is listed below.

The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <>