|
| Current Newswire:
Advisories, December 18, 2005Dec 19, 2005, 04:45 (0 Talkback[s])Gentoo LinuxGentoo Linux Security Advisory GLSA 200512-07 Severity: Low SynopsisOpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges. BackgroundOpenLDAP is a suite of LDAP-related application and development tools. Gauche is an R5RS Scheme interpreter. Affected packagesPackage / Vulnerable / Unaffected
DescriptionGentoo packaging for OpenLDAP and Gauche may introduce insecure paths into the list of directories that are searched for libraries at runtime. ImpactA local attacker, who is a member of the "portage" group, could create a malicious shared object in the Portage temporary build directory that would be loaded at runtime by a dependent binary, potentially resulting in privilege escalation. WorkaroundOnly grant "portage" group rights to trusted users. ResolutionAll OpenLDAP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose net-nds/openldap All Gauche users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/gauche-0.8.6-r1" AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200512-07.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200512-08 Severity: Normal SynopsisMultiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and Poppler potentially resulting in the execution of arbitrary code. BackgroundXpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Affected packagesPackage / Vulnerable / Unaffected
Descriptioninfamous41md discovered that several Xpdf functions lack sufficient boundary checking, resulting in multiple exploitable buffer overflows. ImpactAn attacker could entice a user to open a specially-crafted PDF file which would trigger an overflow, potentially resulting in execution of arbitrary code with the rights of the user running Xpdf, CUPS, GPdf or Poppler. WorkaroundThere is no known workaround at this time. ResolutionAll Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r2" All GPdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r2" All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.2-r1" All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r3" References[ 1 ] CVE-2005-3191 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 [ 2 ] CVE-2005-3192 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 [ 3 ] CVE-2005-3193 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200512-08.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200512-09 Severity: Low SynopsiscURL is vulnerable to local arbitrary code execution via buffer overflow due to the insecure parsing of URLs. BackgroundcURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Affected packagesPackage / Vulnerable / Unaffected 1 net-misc/curl < 7.15.1 >= 7.15.1 DescriptionStefan Esser from the Hardened-PHP Project has reported a vulnerability in cURL that allows for a local buffer overflow when cURL attempts to parse specially crafted URLs. The URL can be specially crafted in one of two ways: the URL could be malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer; or the URL could contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. ImpactAn attacker capable of getting cURL to parse a maliciously crafted URL could cause a denial of service or execute arbitrary code with the privileges of the user making the call to cURL. An attacker could also escape open_basedir or safe_mode pseudo-restrictions when exploiting this problem from within a PHP program when PHP is compiled with libcurl. WorkaroundThere is no known workaround at this time. ResolutionAll cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.15.1" References[ 1 ] CVE-2005-4077 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 [ 2 ] Hardened-PHP Advisory http://www.hardened-php.net/advisory_242005.109.html AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200512-09.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Ubuntu LinuxUbuntu Security Notice USN-230-2 December 16, 2005 xine-lib vulnerability CVE-2005-4048 A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libxine1 The problem can be corrected by upgrading the affected package to version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu 5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine library contains a copy of the ffmpeg code, thus it is vulnerable to the same flaw. For reference, this is the original advisory: Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user's privileges. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.dsc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_powerpc.deb amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_amd64.deb Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.diff.gz amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_amd64.deb i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_powerpc.deb Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.diff.gz amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_amd64.deb i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_powerpc.deb 0 Talkback[s]
(click to add your comment)
|