dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories: September 19, 2005

Sep 20, 2005, 04:45 (0 Talkback[s])

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200509-11

http://security.gentoo.org/


Severity: Normal
Title: Mozilla Suite, Mozilla Firefox: Buffer overflow
Date: September 18, 2005
Bugs: #105396
ID: 200509-11


Synopsis

Mozilla Suite and Firefox are vulnerable to a buffer overflow that might be exploited to execute arbitrary code.

Background

The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. They both support Internationalized Domain Names (IDN), which are domain names represented by local language characters.

Affected packages


     Package                         /   Vulnerable   /     Unaffected


1 www-client/mozilla-firefox <= 1.0.6-r6 >= 1.0.6-r7 2 www-client/mozilla <= 1.7.11-r2 >= 1.7.11-r3 3 www-client/mozilla-firefox-bin <= 1.0.6-r2 Vulnerable! 4 www-client/mozilla-bin <= 1.7.11 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages on all of their supported architectures.

Description

The Mozilla Suite and Firefox are both vulnerable to a buffer overflow while processing hostnames containing multiple hyphens. Note that browsers that have disabled IDN support are immune to this flaw.

Impact

A remote attacker could setup a malicious site and entice a victim to visit it, triggering the buffer overflow and potentially resulting in the execution of arbitrary code with the victim's privileges.

Workaround

You can disable the IDN support by opening the "about:config" page in the browser and manually toggling the "network.IDN" property to "false". Alternatively, you can install a security patch by following the patching instructions given in References.

Resolution

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.6-r7"

All Mozilla Suite users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.11-r3"

There are no fixed Mozilla Firefox or Mozilla Suite binaries yet. Users of the mozilla-bin or mozilla-firefox-bin packages should either switch to the source-based versions or apply the workaround.

References

[ 1 ] CAN-2005-2871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871

[ 2 ] Mozilla Foundation patching instructions

https://addons.mozilla.org/messages/307259.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200509-12

http://security.gentoo.org/


Severity: Normal
Title: Apache, mod_ssl: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #103554, #104807
ID: 200509-12


Synopsis

mod_ssl and Apache are vulnerable to a restriction bypass and a potential local privilege escalation.

Background

The Apache HTTP server is one of the most popular web servers on the Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2.

Affected packages


     Package          /   Vulnerable   /                    Unaffected


1 net-www/mod_ssl < 2.8.24 >= 2.8.24 2 net-www/apache < 2.0.54-r15 >= 2.0.54-r15 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Description

mod_ssl contains a security issue when "SSLVerifyClient optional" is configured in the global virtual host configuration (CAN-2005-2700). Also, Apache's httpd includes a PCRE library, which makes it vulnerable to an integer overflow (CAN-2005-2491).

Impact

Under a specific configuration, mod_ssl does not properly enforce the client-based certificate authentication directive, "SSLVerifyClient require", in a per-location context, which could be potentially used by a remote attacker to bypass some restrictions. By creating a specially crafted ".htaccess" file, a local attacker could possibly exploit Apache's vulnerability, which would result in a local privilege escalation.

Workaround

There is no known workaround at this time.

Resolution

All mod_ssl users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mod_ssl-2.8.24"

All Apache 2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/apache-2.0.54-r15"

References

[ 1 ] CAN-2005-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

[ 2 ] CAN-2005-2700

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200509-13

http://security.gentoo.org/


Severity: High
Title: Clam AntiVirus: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #106279
ID: 200509-13


Synopsis

Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service to execution of arbitrary code when handling compressed executables.

Background

Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  app-antivirus/clamav       < 0.87                         >= 0.87

Description

Clam AntiVirus is vulnerable to a buffer overflow in "libclamav/upx.c" when processing malformed UPX-packed executables. It can also be sent into an infinite loop in "libclamav/fsg.c" when processing specially-crafted FSG-packed executables.

Impact

By sending a specially-crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus, or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Clam AntiVirus users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87"

References

[ 1 ] CAN-2005-2919

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919

[ 2 ] CAN-2005-2920

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920

[ 3 ] Clam AntiVirus: Release Notes

http://sourceforge.net/project/shownotes.php?release_id=356974

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-13.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: cups
Advisory ID: MDKSA-2005:138-1
Date: September 19th, 2005
Original Advisory Date: August 11th, 2005
Affected versions: 10.1


Problem Description:

A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields. As a result, this could cause the pdtops filter to crash.

Update:

The patch to correct this problem was not properly applied to the Mandriva 10.1 packages. This update properly patches the packages.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097


Updated Packages:

Mandrakelinux 10.1:
29de9c1bdc9c9f3a3b410f4ca28b1fb2 10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.i586.rpm
9a6d74c99272dbf90868c1053499c0da 10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.i586.rpm
cef4a3e8fc30d6b7656c1edf71c7b40e 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.i586.rpm
e6dd9484b3656447f6e89906081a88d2 10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm
91e2fbf59ba9902d02fc2ca1ab834b5e 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.7.101mdk.i586.rpm
4bddcc3a18cbbd4d373d4e812c84e8a5 10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
680cba4f70d11a3c3d9bba59991ae11f x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
023b15027bf8e4bad718812e5cf582cf x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
faeeea5056c23e7f9689affe703f47c0 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
91cb33683bfe1e13d590a6a4c9834b5e x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
c8d6a05f2fa39aff581224d5f53417ae x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
e6dd9484b3656447f6e89906081a88d2 x86_64/10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm
4bddcc3a18cbbd4d373d4e812c84e8a5 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu Linux


Ubuntu Security Notice USN-184-1 September 19, 2005
util-linux vulnerability
CAN-2005-2876

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mount

The problem can be corrected by upgrading the affected package to version 2.12-7ubuntu6.1 (for Ubuntu 4.10), or 2.12p-2ubuntu2.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

David Watson discovered that "umount -r" removed some restrictive mount options like the "nosuid" flag. If /etc/fstab contains user-mountable removable devices which specify the "nosuid" flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling "umount -r" on a removable device.

This does not affect the default Ubuntu configuration. Since Ubuntu mounts removable devices automatically, there is normally no need to configure them manually in /etc/fstab.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.diff.gz
      Size/MD5: 109678 0f53c5d6208be9e3cff6aeddc8c425a0
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.dsc
      Size/MD5: 684 9eeee328200d97c7061c26f6282a8546
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12.orig.tar.gz
      Size/MD5: 1857871 997adf78b98d9d1c5db4f37ea982acff

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12-7ubuntu6.1_all.deb
      Size/MD5: 1003200 ed3311f9aa0a7e56c23577d047c319fd

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_amd64.deb
      Size/MD5: 64334 6882395e415054b701c2e70bdb67ee0e
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_amd64.udeb
      Size/MD5: 482704 f9a48c8a7375e9f8074c065aabdd6838
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_amd64.deb
      Size/MD5: 141548 9eb9d95d01f993f448ad7ca939c111f4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_amd64.deb
      Size/MD5: 397282 ff8ef6b3bbd984d6dede6354541aaff7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_i386.deb
      Size/MD5: 62742 f704e179423d77e77af3d00870fe8167
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_i386.udeb
      Size/MD5: 474138 a8ca30bfa696161380b877670c4d9419
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_i386.deb
      Size/MD5: 135724 00e352bc778a4dda0f03501c96f747ab
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_i386.deb
      Size/MD5: 373882 a66f10929e0ccd92428499e2406e6b50

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_powerpc.deb
      Size/MD5: 63050 197f4dcd622e12c1e603a189dcb411d3
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_powerpc.udeb
      Size/MD5: 487592 196015505a5781c9000686b0e3692d1f
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_powerpc.deb
      Size/MD5: 137564 6844adb2e3b7e2688579d08db55a3bb0
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_powerpc.deb
      Size/MD5: 399388 35f96a97db999cced0307bd0acb6897f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.1.dsc
      Size/MD5: 718 87d4453343f20f472d6c22f57f8f0024
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.diff.gz
      Size/MD5: 74592 09a577be3acfe5951136f6bcb969106b
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.dsc
      Size/MD5: 718 d3964d818741de394f6758e9b344d176
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p.orig.tar.gz
      Size/MD5: 2001658 d47e820f6880c21c8b4c0c7e8a7376cc

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12p-2ubuntu2.2_all.deb
      Size/MD5: 1071916 dc0eceabc84f3d65ce6360fbeb557d2c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_amd64.deb
      Size/MD5: 67510 587db10c31483770140574c96b088bb4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_amd64.udeb
      Size/MD5: 550626 9ae6cb429953fc0540c854abaf2e6651
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_amd64.deb
      Size/MD5: 146380 a46a1901f8c9ec9bf9aa677f27bbc79c
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_amd64.deb
      Size/MD5: 401386 5ba3eb993cb8ea376d9570405c57730d

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_i386.deb
      Size/MD5: 65744 e377676d6d4a1d7442b7eb4c79356dd4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_i386.udeb
      Size/MD5: 541066 7045bd2f3ebdec339c4f4fc8d68bc9be
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_i386.deb
      Size/MD5: 140696 c5156a184a4d9fc45a80a3688ef10d89
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_i386.deb
      Size/MD5: 377960 ed0dd2a6803e2163aad3d13b15ca46e4

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_powerpc.deb
      Size/MD5: 66254 75c8f28f2d50a2f27bcaf2808d7ae4f7
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_powerpc.udeb
      Size/MD5: 556402 e4a18ea0ff5552fa8c341e077cf87bdc
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_powerpc.deb
      Size/MD5: 147474 d03bf255994b756f8a80485ee28a3460
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_powerpc.deb
      Size/MD5: 406646 92f63f8884ae854e9f6f7c2f0d9df731