dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, December 18, 2005

Dec 19, 2005, 04:45 (0 Talkback[s])

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200512-07

http://security.gentoo.org/


Severity: Low
Title: OpenLDAP, Gauche: RUNPATH issues
Date: December 15, 2005
Bugs: #105380, #112577
ID: 200512-07


Synopsis

OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges.

Background

OpenLDAP is a suite of LDAP-related application and development tools. Gauche is an R5RS Scheme interpreter.

Affected packages


     Package           /   Vulnerable   /                   Unaffected


1 net-nds/openldap < 2.2.28-r3 >= 2.2.28-r3 *>= 2.1.30-r6 2 dev-lang/gauche < 0.8.6-r1 >= 0.8.6-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Description

Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths into the list of directories that are searched for libraries at runtime.

Impact

A local attacker, who is a member of the "portage" group, could create a malicious shared object in the Portage temporary build directory that would be loaded at runtime by a dependent binary, potentially resulting in privilege escalation.

Workaround

Only grant "portage" group rights to trusted users.

Resolution

All OpenLDAP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose net-nds/openldap

All Gauche users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/gauche-0.8.6-r1"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200512-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200512-08

http://security.gentoo.org/


Severity: Normal
Title: Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
Date: December 16, 2005
Bugs: #114428, #115286
ID: 200512-08


Synopsis

Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and Poppler potentially resulting in the execution of arbitrary code.

Background

Xpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files.

Affected packages


     Package           /   Vulnerable   /                   Unaffected


1 app-text/xpdf < 3.01-r2 >= 3.01-r2 2 app-text/gpdf < 2.10.0-r2 >= 2.10.0-r2 3 app-text/poppler < 0.4.2-r1 >= 0.4.2-r1 4 net-print/cups < 1.1.23-r3 >= 1.1.23-r3 ------------------------------------------------------------------- 4 affected packages on all of their supported architectures.

Description

infamous41md discovered that several Xpdf functions lack sufficient boundary checking, resulting in multiple exploitable buffer overflows.

Impact

An attacker could entice a user to open a specially-crafted PDF file which would trigger an overflow, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or Poppler.

Workaround

There is no known workaround at this time.

Resolution

All Xpdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r2"

All GPdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r2"

All Poppler users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.2-r1"

All CUPS users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r3"

References

[ 1 ] CVE-2005-3191

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191

[ 2 ] CVE-2005-3192

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192

[ 3 ] CVE-2005-3193

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200512-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200512-09

http://security.gentoo.org/


Severity: Low
Title: cURL: Off-by-one errors in URL handling
Date: December 16, 2005
Bugs: #114710
ID: 200512-09


Synopsis

cURL is vulnerable to local arbitrary code execution via buffer overflow due to the insecure parsing of URLs.

Background

cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols.

Affected packages


     Package        /  Vulnerable  /                        Unaffected

  1  net-misc/curl      < 7.15.1                             >= 7.15.1

Description

Stefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The URL can be specially crafted in one of two ways: the URL could be malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer; or the URL could contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

Impact

An attacker capable of getting cURL to parse a maliciously crafted URL could cause a denial of service or execute arbitrary code with the privileges of the user making the call to cURL. An attacker could also escape open_basedir or safe_mode pseudo-restrictions when exploiting this problem from within a PHP program when PHP is compiled with libcurl.

Workaround

There is no known workaround at this time.

Resolution

All cURL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.1"

References

[ 1 ] CVE-2005-4077

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077

[ 2 ] Hardened-PHP Advisory

http://www.hardened-php.net/advisory_242005.109.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200512-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Ubuntu Linux


Ubuntu Security Notice USN-230-2 December 16, 2005 xine-lib vulnerability
CVE-2005-4048

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libxine1
libxine1c2

The problem can be corrected by upgrading the affected package to version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu 5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine library contains a copy of the ffmpeg code, thus it is vulnerable to the same flaw.

For reference, this is the original advisory:

Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 4.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.dsc
      Size/MD5: 950 0b0865913672df5c80783279f471bf66
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.diff.gz
      Size/MD5: 222131 bf99e51c425cfdbac9b6c76e17504ed6

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_i386.deb
      Size/MD5: 101724 195cb67c660bc24a63991c3e69ec381e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_i386.deb
      Size/MD5: 3729248 596d1f0437b94625ab38770f1086a03e

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_powerpc.deb
      Size/MD5: 3886766 1635110e5c74867f1657aacf8ff0e09a
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_powerpc.deb
      Size/MD5: 101728 e2960b0070421b8ef2be3f9ee40f6528

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_amd64.deb
      Size/MD5: 3543532 82f8b13cd4cf2fc51f6d90a64ad214b4
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_amd64.deb
      Size/MD5: 101722 0bb5d4a49d5f04f680dd1a38c5790191

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.diff.gz
      Size/MD5: 4401 f6a606d82d9379f6bb6fdf4c0f9e4cb3
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.dsc
      Size/MD5: 1070 1fae1b7df974523161bcc5e90bb47912
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
      Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_amd64.deb
      Size/MD5: 106758 9ce395434edc4bbc07151e13cc018b93
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_amd64.deb
      Size/MD5: 3567328 45842025ea2de6efdcb07276a78f03ed

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_i386.deb
      Size/MD5: 106756 e3ed2f29ec5d37f37b238c5d43140bd9
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_i386.deb
      Size/MD5: 3750250 8df1800276d5e9ba8710c726d511e331

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_powerpc.deb
      Size/MD5: 106780 f3310108f59d253cc7c97a2ccdafce95
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_powerpc.deb
      Size/MD5: 3925408 4801437ecc43845c7096d03c0e8a110d

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.diff.gz
      Size/MD5: 9220 fa3727a5c30b96fa30214b74901f9b37
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.dsc
      Size/MD5: 1186 b12c0731582c9ac6016af90a6758b222
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_amd64.deb
      Size/MD5: 108796 fe4af1d1d64655076434bac4bd4e6121
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_amd64.deb
      Size/MD5: 3610978 7fccf1da401ca96a9552b9ba54818919

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_i386.deb
      Size/MD5: 108800 c2ee1c0f1f316bc2aea565fcdf085088
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_i386.deb
      Size/MD5: 4003584 927c4619ca803b02b344d2b0f2fa7c80

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_powerpc.deb
      Size/MD5: 108814 8fc0d0ff3d7465e88158509aea0c6a89
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_powerpc.deb
      Size/MD5: 3849320 edbcca0353f5da1a2e76e6d2fba85d92