dcsimg
Linux Today: Linux News On Internet Time.





Advisories, June 13, 2006

Jun 14, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1096-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
June 13th, 2006 http://www.debian.org/security/faq


Package : webcalendar
Vulnerability : uninitialised variable
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2762

A vulnerability has been discovered in webcalendar, a PHP-based multi-user calendar, that allows a remote attacker to execute arbitrary PHP code when register_globals is turned on.

The old stable distribution (woody) does not contain a webcalendar package.

For the stable distribution (sarge) this problem has been fixed in version 0.9.45-4sarge5.

For the unstable distribution (sid) this problem has been fixed in version 1.0.4-1

We recommend that you upgrade your webcalendar package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5.dsc
      Size/MD5 checksum: 608 216c1f9f764169fa877f1717f37dd73a
    http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5.diff.gz
      Size/MD5 checksum: 12569 3a996902a10791fe764548728885d812
    http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
      Size/MD5 checksum: 612360 a6a66dc54cd293429b604fe6da7633a6

Architecture independent components:

    http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5_all.deb
      Size/MD5 checksum: 629442 f918fe96d26d5cbfa99efe2b2e938d2f

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200606-09

http://security.gentoo.org/


Severity: High
Title: SpamAssassin: Execution of arbitrary code
Date: June 11, 2006
Bugs: #135746
ID: 200606-09


Synopsis

SpamAssassin, when running with certain options, could allow local or even remote attackers to execute arbitrary commands, possibly as the root user.

Background

SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin.

Affected packages


     Package                   /  Vulnerable  /             Unaffected

  1  mail-filter/spamassassin       < 3.1.3                   >= 3.1.3

Description

When spamd is run with both the "--vpopmail" (-v) and "--paranoid" (-P) options, it is vulnerable to an unspecified issue.

Impact

With certain configuration options, a local or even remote attacker could execute arbitrary code with the rights of the user running spamd, which is root by default, by sending a crafted message to the spamd daemon. Furthermore, the attack can be remotely performed if the "--allowed-ips" (-A) option is present and specifies non-local adresses. Note that Gentoo Linux is not vulnerable in the default configuration.

Workaround

Don't use both the "--paranoid" (-P) and the "--vpopmail" (-v) options.

Resolution

All SpamAssassin users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3"

References

[ 1 ] CVE-2006-2447

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200606-10

http://security.gentoo.org/


Severity: Normal
Title: Cscope: Many buffer overflows
Date: June 11, 2006
Bugs: #133829
ID: 200606-10


Synopsis

Cscope is vulnerable to multiple buffer overflows that could lead to the execution of arbitrary code.

Background

Cscope is a developer's tool for browsing source code.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  dev-util/cscope      < 15.5-r6                         >= 15.5-r6

Description

Cscope does not verify the length of file names sourced in #include statements.

Impact

A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissions of the user running Cscope.

Workaround

There is no known workaround at this time.

Resolution

All Cscope users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5-r6"

References

[ 1 ] CVE-2004-2541

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2541

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200606-11

http://security.gentoo.org/


Severity: Normal
Title: JPEG library: Denial of Service
Date: June 11, 2006
Bugs: #130889
ID: 200606-11


Synopsis

The JPEG library is vulnerable to a Denial of Service.

Background

The JPEG library is able to load, handle and manipulate images in the JPEG format.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  media-libs/jpeg       < 6b-r7                            >= 6b-r7

Description

Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended.

Impact

By enticing a user to load a specially crafted JPEG image file an attacker could cause a Denial of Service, due to memory exhaustion.

Workaround

There is no known workaround at this time.

Resolution

JPEG users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/jpeg-6b-r7"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200606-12

http://security.gentoo.org/


Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: June 11, 2006
Bugs: #135254
ID: 200606-12


Synopsis

Vulnerabilities in Mozilla Firefox allow privilege escalations for JavaScript code, cross site scripting attacks, HTTP response smuggling and possibly the execution of arbitrary code.

Background

Mozilla Firefox is the next-generation web browser from the Mozilla project.

Affected packages


     Package                         /  Vulnerable  /       Unaffected


1 www-client/mozilla-firefox < 1.5.0.4 >= 1.5.0.4 2 www-client/mozilla-firefox-bin < 1.5.0.4 >= 1.5.0.4 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Description

A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below.

Impact

By enticing the user to visit a malicious website, a remote attacker can inject arbitrary HTML and JavaScript Code into the user's browser, execute JavaScript code with elevated privileges and possibly execute arbitrary code with the permissions of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.4"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.4"

Note: There is no stable fixed version for the Alpha architecture yet. Users of Mozilla Firefox on Alpha should consider unmerging it until such a version is available.

References

[ 1 ] CVE-2006-2775

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775

[ 2 ] CVE-2006-2776

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776

[ 3 ] CVE-2006-2777

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777

[ 4 ] CVE-2006-2778

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778

[ 5 ] CVE-2006-2779

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779

[ 6 ] CVE-2006-2780

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780

[ 7 ] CVE-2006-2782

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782

[ 8 ] CVE-2006-2783

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783

[ 9 ] CVE-2006-2784

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784

[ 10 ] CVE-2006-2785

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785

[ 11 ] CVE-2006-2786

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786

[ 12 ] CVE-2006-2787

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787

[ 13 ] Mozilla Foundation Security Advisories

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200606-13

http://security.gentoo.org/


Severity: Normal
Title: MySQL: SQL Injection
Date: June 11, 2006
Bugs: #135076
ID: 200606-13


Synopsis

MySQL is vulnerable to an SQL Injection flaw in the multi-byte encoding process.

Background

MySQL is a popular multi-threaded, multi-user SQL server.

Affected packages


     Package       /  Vulnerable  /                         Unaffected


1 dev-db/mysql < 4.1.20 *>= 4.1.20 >= 5.0.22 dev-db/mysql < 5.0.22 *>= 4.1.20 >= 5.0.22

Description

MySQL is vulnerable to an injection flaw in mysql_real_escape() when used with multi-byte characters.

Impact

Due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements into the MySQL server for execution.

Workaround

There are a few workarounds available: NO_BACKSLASH_ESCAPES mode as a workaround for a bug in mysql_real_escape_string(): SET sql_mode='NO_BACKSLASH_ESCAPES'; SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES'; and server command line options: --sql-mode=NO_BACKSLASH_ESCAPES.

Resolution

All MySQL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.1.20"

References

[ 1 ] CVE-2006-2753

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-13.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200606-14

http://security.gentoo.org/


Severity: High
Title: GDM: Privilege escalation
Date: June 12, 2006
Bugs: #135027
ID: 200606-14


Synopsis

An authentication error in GDM could allow users to gain elevated privileges.

Background

GDM is the GNOME display manager.

Affected packages


     Package         /  Vulnerable  /                       Unaffected

  1  gnome-base/gdm      < 2.8.0.8                          >= 2.8.0.8

Description

GDM allows a normal user to access the configuration manager.

Impact

When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain additional privileges.

Workaround

There is no known workaround at this time.

Resolution

All GDM users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=gnome-base/gdm-2.8.0.8"

References

[ 1 ] Gnome Bugzilla entry

http://bugzilla.gnome.org/show_bug.cgi?id=343476

[ 2 ] CVE-2006-2452

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2452

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:099
http://www.mandriva.com/security/


Package : freetype2
Date : June 12, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747)

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861)

Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. (CVE-2006-2661)

In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious bug in ttkern.c that caused some programs to go into an infinite loop when dealing with fonts that don't have a properly sorted kerning sub-table. This patch is not applicable to the earlier Mandriva releases.

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661


Updated Packages:

Mandriva Linux 10.2:
500d6a0363b912d3708164333618ea9a 10.2/RPMS/libfreetype6-2.1.9-6.1.102mdkmdk.i586.rpm
8dc7ea21f0c7485fb2e89722b61662e6 10.2/RPMS/libfreetype6-devel-2.1.9-6.1.102mdkmdk.i586.rpm
822d356b7df358d6fd33fdcba1ecce48 10.2/RPMS/libfreetype6-static-devel-2.1.9-6.1.102mdkmdk.i586.rpm
01fc46490cdad24a0ac7145ad1400fbe 10.2/SRPMS/freetype2-2.1.9-6.1.102mdkmdk.src.rpm

Mandriva Linux 10.2/X86_64:
8bafa7103832649910ff29e46d3414da x86_64/10.2/RPMS/lib64freetype6-2.1.9-6.1.102mdkmdk.x86_64.rpm
116215379bbfe0cdf14cccce370fd74c x86_64/10.2/RPMS/lib64freetype6-devel-2.1.9-6.1.102mdkmdk.x86_64.rpm
01ce8b9853b9e509a7d8f034ff21cfb6 x86_64/10.2/RPMS/lib64freetype6-static-devel-2.1.9-6.1.102mdkmdk.x86_64.rpm
500d6a0363b912d3708164333618ea9a x86_64/10.2/RPMS/libfreetype6-2.1.9-6.1.102mdkmdk.i586.rpm
8dc7ea21f0c7485fb2e89722b61662e6 x86_64/10.2/RPMS/libfreetype6-devel-2.1.9-6.1.102mdkmdk.i586.rpm
822d356b7df358d6fd33fdcba1ecce48 x86_64/10.2/RPMS/libfreetype6-static-devel-2.1.9-6.1.102mdkmdk.i586.rpm
01fc46490cdad24a0ac7145ad1400fbe x86_64/10.2/SRPMS/freetype2-2.1.9-6.1.102mdkmdk.src.rpm

Mandriva Linux 2006.0:
6068722811b9404d5aa08ee477987fb2 2006.0/RPMS/libfreetype6-2.1.10-9.2.20060mdk.i586.rpm
817917e69abb5674f646544308536419 2006.0/RPMS/libfreetype6-devel-2.1.10-9.2.20060mdk.i586.rpm
dc4748e47335cc44243e39711c04def5 2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.2.20060mdk.i586.rpm
6fbbc5e83a43e7c0b4c09593892ca554 2006.0/SRPMS/freetype2-2.1.10-9.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
985900ddba982582ecb7d7eb51c20200 x86_64/2006.0/RPMS/lib64freetype6-2.1.10-9.2.20060mdk.x86_64.rpm
afe093ac0ef65d5f5505f0c907d9c8dc x86_64/2006.0/RPMS/lib64freetype6-devel-2.1.10-9.2.20060mdk.x86_64.rpm
6f924308e4c1fe2da976a8d7905b9c45 x86_64/2006.0/RPMS/lib64freetype6-static-devel-2.1.10-9.2.20060mdk.x86_64.rpm
6068722811b9404d5aa08ee477987fb2 x86_64/2006.0/RPMS/libfreetype6-2.1.10-9.2.20060mdk.i586.rpm
817917e69abb5674f646544308536419 x86_64/2006.0/RPMS/libfreetype6-devel-2.1.10-9.2.20060mdk.i586.rpm
dc4748e47335cc44243e39711c04def5 x86_64/2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.2.20060mdk.i586.rpm
6fbbc5e83a43e7c0b4c09593892ca554 x86_64/2006.0/SRPMS/freetype2-2.1.10-9.2.20060mdk.src.rpm

Corporate 3.0:
ffb8fe54281b48ae7c8c0df2cdff4226 corporate/3.0/RPMS/libfreetype6-2.1.7-4.1.C30mdkmdk.i586.rpm
8160069b2aedc139d573d06786362b38 corporate/3.0/RPMS/libfreetype6-devel-2.1.7-4.1.C30mdkmdk.i586.rpm
3dc8f49900b644bdbed9c1ff87eab2e8 corporate/3.0/RPMS/libfreetype6-static-devel-2.1.7-4.1.C30mdkmdk.i586.rpm
f3435422496277db7390cfc62ca58b3a corporate/3.0/SRPMS/freetype2-2.1.7-4.1.C30mdkmdk.src.rpm

Corporate 3.0/X86_64:
86b12f1232fd54bcd76c59f9598a190d x86_64/corporate/3.0/RPMS/lib64freetype6-2.1.7-4.1.C30mdkmdk.x86_64.rpm
db3ab38c85b3a39b848a499e4f2688c3 x86_64/corporate/3.0/RPMS/lib64freetype6-devel-2.1.7-4.1.C30mdkmdk.x86_64.rpm
e689dbcd16c9541b6704c50a4c6e39c1 x86_64/corporate/3.0/RPMS/lib64freetype6-static-devel-2.1.7-4.1.C30mdkmdk.x86_64.rpm
ffb8fe54281b48ae7c8c0df2cdff4226 x86_64/corporate/3.0/RPMS/libfreetype6-2.1.7-4.1.C30mdkmdk.i586.rpm
f3435422496277db7390cfc62ca58b3a x86_64/corporate/3.0/SRPMS/freetype2-2.1.7-4.1.C30mdkmdk.src.rpm

Multi Network Firewall 2.0:
cd2ba6684b905ded5e1c41ea052d78d7 mnf/2.0/RPMS/libfreetype6-2.1.7-4.1.M20mdkmdk.i586.rpm
0b4bbd4fa79099031c2186f51a5defaa mnf/2.0/SRPMS/freetype2-2.1.7-4.1.M20mdkmdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>