Linux Today: Linux News On Internet Time.

More on LinuxToday

Advisories, July 26, 2006

Jul 27, 2006, 03:45 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

Debian GNU/Linux

Debian Security Advisory DSA 1111-2 Dann Frazier
July 26th, 2006

Package : kernel-source-2.6.8 et. al.
Vulnerability : race condition
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-3625

It was discovered that a race condition in the process filesystem can lead to privilege escalation.

The following matrix explains which kernel version for which architecture fixes the problem mentioned above:

  Debian 3.1 (sarge)
Source 2.6.8-16sarge4
Alpha architecture 2.6.8-16sarge4
AMD64 architecture 2.6.8-12sarge4
Intel IA-32 architecture 2.6.8-16sarge4
Intel IA-64 architecture 2.6.8-14sarge4
PowerPC architecture 2.6.8-12sarge4
Sun Sparc architecture 2.6.8-15sarge4
IBM S/390 2.6.8-5sarge4
Motorola 680x0 2.6.8-4sarge4
HP Precision 2.6.8-6sarge3
FAI 1.9.1sarge3

The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.

We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:
      Size/MD5 checksum: 812 ff4792fd28cadb6774ae4310ce38e301
      Size/MD5 checksum: 38839 e4d527c319269df165cc23fd6fb54a68
      Size/MD5 checksum: 1103 7dc33f6d9079af9d79b05d6ece3dfdc5
      Size/MD5 checksum: 75714 264ee72864b022045cc4b0820fe062db
      Size/MD5 checksum: 1191 0fb79cfacfc5581263710440357ed5ce
      Size/MD5 checksum: 64204 02b5b536eebb207995ef3a754de1c87e
      Size/MD5 checksum: 1047 62f42ea9f118d911a8f215af2f3e586d
      Size/MD5 checksum: 90861 885cb72bd69153dcd6512db147caa173
      Size/MD5 checksum: 1036 00d330ff015d713c4652ea05c5555f91
      Size/MD5 checksum: 24447 393b640388a78dd98c727a08f972214c
      Size/MD5 checksum: 1002 bca4e80e8a10ba3c0884e3fab032772b
      Size/MD5 checksum: 1044761 b6675f6ac09f5d31f780650798c5609c
      Size/MD5 checksum: 43929719 0393c05ffa4770c3c5178b74dc7a4282
      Size/MD5 checksum: 1071 4bb132bef3f8f2a220ad9e74ab76500e
      Size/MD5 checksum: 27031 59fb7f129abc85794829e1e777b540a0
      Size/MD5 checksum: 1008 6fa522a94872155497a0e057a05f8b61
      Size/MD5 checksum: 67361 863b56c6386182f58fda2054099e9e52
      Size/MD5 checksum: 854 02502b2a0a20b3c3277c4716b064493b
      Size/MD5 checksum: 13028 f2c4811558b8521b7e8f8182e563eae5
      Size/MD5 checksum: 1103 7dc33f6d9079af9d79b05d6ece3dfdc5
      Size/MD5 checksum: 75714 264ee72864b022045cc4b0820fe062db
      Size/MD5 checksum: 874 c77cba81264972f7218a0e437af63455
      Size/MD5 checksum: 15540 cc4d54680654c23f0e98d3f1b19ae123
      Size/MD5 checksum: 621 8d3a27d75726ae30d121464d790cfb5d
      Size/MD5 checksum: 26396 cb33c5aa317e8a64e93374a55a1d6a08

Architecture independent components:
      Size/MD5 checksum: 6183402 a4efe296e5fd14d33c6b1ae1f40265c3
      Size/MD5 checksum: 1081512 562d408fa5cd936f557eceb74621bff2
      Size/MD5 checksum: 34943124 7b65a57ca6a2376d8042143244b8f5ab
      Size/MD5 checksum: 35134 80f1a94b1542bf3f89bd77d0a69c67c4
      Size/MD5 checksum: 10998 c1ec5e030bf9c8f80ce8ddf68f36f74f

Alpha architecture:
      Size/MD5 checksum: 2759858 310b0ddfee56412d0fdf827fbb53ad04
      Size/MD5 checksum: 232256 264fb1d8c9107950918e02b3c8d1b2c5
      Size/MD5 checksum: 227366 3c43da6bd0a369e67be02af8e3498d60
      Size/MD5 checksum: 20220764 714e37e85c5387ef44ef8ca96608934a
      Size/MD5 checksum: 20073926 24005f33bb551a3dec6cdbbdae45efdf

Intel IA-32 architecture:
      Size/MD5 checksum: 2722664 c435fecd5d9cbda8f337c3cd86fc0dca
      Size/MD5 checksum: 226110 94d5814aed329864cad5d1584a5d44e2
      Size/MD5 checksum: 225244 d8128cc1a753402d41ce2b7ddcee875a
      Size/MD5 checksum: 221102 76161094b4af81690b489010912ad94d
      Size/MD5 checksum: 223202 89d8a6a610eccf151bdbd38f7467731c
      Size/MD5 checksum: 219462 9eb4bace25ae262ac51c45617661f3be
      Size/MD5 checksum: 12561704 c3ffffed8671d53630c176618d12fbc9
      Size/MD5 checksum: 13257210 a4d1fac79a380edbe4284659428f7623
      Size/MD5 checksum: 13219086 a578d5400499044678959c16e8839153
      Size/MD5 checksum: 13217374 1b4965fe7b97de4e24075ea3541a21fd
      Size/MD5 checksum: 13190288 417cafc0fc4dd74032fc9f184ecb8659
      Size/MD5 checksum: 2779472 3c3d561576b2bbcae74806518f2d526f
      Size/MD5 checksum: 258572 b6ef0ead4cbbd2f4700613fae13ecad6
      Size/MD5 checksum: 256372 3bcb4f79630757e495377f140c055c5a
      Size/MD5 checksum: 253422 fd1d4a2ff14ea852098b41435a8dd8f2
      Size/MD5 checksum: 256716 9369c6b0c81fe61fe0640fbbb5d295a3
      Size/MD5 checksum: 253512 027cb58c47a72a2fb0303d98988e5ec0
      Size/MD5 checksum: 14063498 847b68ff55485cd1cfdef9b951a27639
      Size/MD5 checksum: 15536232 d3974ee45e891069362eed6af842bcfd
      Size/MD5 checksum: 15346658 a52d56df265fe38bb822e3a09ce627e4
      Size/MD5 checksum: 15261024 8e67b0d239fc9ca47db18ed49b42a083
      Size/MD5 checksum: 15124402 16d13d0ef23a03258fdca8dffeae8cc6
      Size/MD5 checksum: 11992870 803f90720a5afa363bfb36c3c5388371

Intel IA-64 architecture:
      Size/MD5 checksum: 6678 75fdf84848419b73b504cf440bb89030
      Size/MD5 checksum: 6750 0583066225780439bc152d5067de73fd
      Size/MD5 checksum: 6706 b9daa129196ea166ccfdd1bfc5528aae
      Size/MD5 checksum: 6776 816a81ea2af11666807310e001413ca2
      Size/MD5 checksum: 3098892 53c416f0b21d13d97b9cafdaf53335fe
      Size/MD5 checksum: 200088 a13df28d82aea874f7f2f7624964a180
      Size/MD5 checksum: 199418 0c89142d3f9bd9dc9bc0945c2c5a5252
      Size/MD5 checksum: 199864 1627d34ecce889ab7feeb079e5e786a5
      Size/MD5 checksum: 199352 1f8fbb0f499928da9afad963240a2a5a
      Size/MD5 checksum: 6676 863e6dbb301810732ca5b967d1348b1d
      Size/MD5 checksum: 6750 a0be1dbee3890815491446c70292af6b
      Size/MD5 checksum: 6702 55fe56f2f3de36221c8c00826e6eca6c
      Size/MD5 checksum: 6774 b00877ca52331c964323b12056cd1f70
      Size/MD5 checksum: 21476370 c9a52f35220d0e3bc61b1f507b7dc716
      Size/MD5 checksum: 22136612 9d6f06b3203fec64ef280bb2147b60ae
      Size/MD5 checksum: 21409268 2a5e1b20baa1a668304e4c6c0ee96f77
      Size/MD5 checksum: 22154522 dd8e2bab100e8447434428d8c3d0cd33

Sun Sparc architecture:
      Size/MD5 checksum: 5270 d9d8a08c7d95af660ddb27b2bdf3edb2
      Size/MD5 checksum: 2890614 25a5f93a494d583f533d8a8b6afc5811
      Size/MD5 checksum: 110050 ef8055368116c6de685e2e5fb3eb7bc9
      Size/MD5 checksum: 144772 3c49e410afa9020cfb0ed6e7daa1197a
      Size/MD5 checksum: 145386 b5f7c0add8b7f5709235a9a3108b0752
      Size/MD5 checksum: 4551130 87c9d50a7693e0f049ee47e32e1b07ff
      Size/MD5 checksum: 7430922 eceb79d6f7dd483ce5188e7934d1c506
      Size/MD5 checksum: 7628714 3a3dddddba19f112f7b3b93ba5d44642

PowerPC architecture:
      Size/MD5 checksum: 407398 e05e6f4cc9db78fb380752ffbdeb5da8
      Size/MD5 checksum: 407328 e8a001c81e071b8e20ae1c231a4c6995
      Size/MD5 checksum: 406710 77a65238ea24808cffd01963a1fc1f63
      Size/MD5 checksum: 406636 bbc4a48430c0b9b8e65adb9acb8d7898
      Size/MD5 checksum: 407600 1369ada43ac7d75f21463e4d2f1c2f24
      Size/MD5 checksum: 406756 958b261e91d96f980704c0f3f82b8e6a
      Size/MD5 checksum: 5147646 bf6d33036a5a150d791b09e021154206
      Size/MD5 checksum: 13576992 151c64d944a5ba0f812596ec3c0d87c2
      Size/MD5 checksum: 13929732 a53f72b2554445b5753b905b5306bb90
      Size/MD5 checksum: 13560758 ba215f514c5707a0eade2cc11f2bb0ff
      Size/MD5 checksum: 13921224 0fab2af9083ebfc6d70d09c1d35affc2
      Size/MD5 checksum: 13595362 6dc1b4542ce1738258d3529900c16b5d
      Size/MD5 checksum: 13847816 9f0c9b62f6ef32fc3c16263db5a6c988

HP Precision architecture:
      Size/MD5 checksum: 2802244 f82eaa9411813bbdee2e0c268a067c81
      Size/MD5 checksum: 211350 c221830c715cfebb1acb383d8f7c6a8a
      Size/MD5 checksum: 210570 96c096a16a6291f4b40716ac939bd063
      Size/MD5 checksum: 210220 fc6c20856e898e4bd881711e6392d4e9
      Size/MD5 checksum: 209468 6a00248dcf25809f02f7ab585429f27b
      Size/MD5 checksum: 16029232 665d462c1fae45714ff948289c8a3457
      Size/MD5 checksum: 16927312 a69c9e976ab6810bf7043a15daa1dd29
      Size/MD5 checksum: 17480298 66e35e40e7e2d82370f7ccba7544a59a
      Size/MD5 checksum: 18306822 88ade3c07fc414c82bf589def0bda600

IBM S/390 architecture:
      Size/MD5 checksum: 5086492 86f40387b635bb06a1b8fddef2533d7b
      Size/MD5 checksum: 2977982 d3a4e0bf0b13cbaa5dfe13bcd423e66a
      Size/MD5 checksum: 1142392 9d00d5a3260cbb78ed2660426c64bb87
      Size/MD5 checksum: 3186958 d9db19c0b59de9298db549aae01fbd2d

AMD64 architecture:
      Size/MD5 checksum: 2722720 86cfc5515201938d0af2b4d4ca2934a9
      Size/MD5 checksum: 226146 472ae19b4f01446e591fffb99d303a03
      Size/MD5 checksum: 225172 2606feea8b1b53c3f462f4bde29ca50f
      Size/MD5 checksum: 221340 21083c991ca038e65e621597cd89e283
      Size/MD5 checksum: 223036 f92fab1e3cac4af84282e9022d1f4083
      Size/MD5 checksum: 219492 07b11cfbe292e455a0330759d80e4031
      Size/MD5 checksum: 12561876 3ad41a31435a0902c141c0dacefb7bb4
      Size/MD5 checksum: 13257410 d4deb7152e3ca561e72547902d924c29
      Size/MD5 checksum: 13219310 4b1556331313be26e139aafc301dc012
      Size/MD5 checksum: 13064412 fe60134197725132c910a9295ea5be5e
      Size/MD5 checksum: 13045818 506e85208e4491d55815aa47879f30aa

Motorola 680x0 architecture:
      Size/MD5 checksum: 3305596 22eec174b095bf0035fbf0c3bb30a117
      Size/MD5 checksum: 3101840 db050e19cc44523c672f99db6a78e589
      Size/MD5 checksum: 3014484 32d5da3bf37508dc15bee231f4e7cf13
      Size/MD5 checksum: 2986870 b9d45ccbcc4c89a5e920eb8f85ebe2ca
      Size/MD5 checksum: 3173474 ca08a4603d7187d9980596fa329f0047
      Size/MD5 checksum: 2978626 a328056e30ac4616ed97a650d73b3f2b
      Size/MD5 checksum: 3047726 03daf7306616f9eb1d3a92795280772a
      Size/MD5 checksum: 3108506 2ff9d63a6c4172e2eb7acc4b7a159859
      Size/MD5 checksum: 2992168 014bc94320e7af5d18a90422c74d141d

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Ubuntu Linux

Ubuntu Security Notice USN-297-3 July 26, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2784, CVE-2006-2787

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
mozilla-thunderbird 1.0.8-0ubuntu05.04.1

Ubuntu 5.10:
mozilla-thunderbird 1.0.8-0ubuntu05.10.2

After a standard system upgrade you need to restart Thunderbird to effect the necessary changes.

Details follow:

USN-297-1 fixed several vulnerabilities in Thunderbird for the Ubuntu 6.06 LTS release. This update provides the corresponding fixes for Ubuntu 5.04 and Ubuntu 5.10.

For reference, these are the details of the original USN:

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious web site could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775)

Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776).

Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By sending an email with malicious JavaScript to an user, and that user enabled JavaScript in Thunderbird (which is not the default and not recommended), this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778)

The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious web sites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780)

Masatoshi Kimura discovered a memory corruption (double-free) when processing a large VCard with invalid base64 characters in it. By sending a maliciously crafted set of VCards to a user, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-40, CVE-2006-2781)

Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. '<scr[BOM]ipt>'), these filters might not recognize the tags anymore; however, Thunderbird would still execute them since BOM markers are filtered out before processing a mail containing JavaScript. (MFSA 2006-42, CVE-2006-2783)

Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Thunderbird and the proxy server, a malicious HTML email can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened web site. (MFSA 2006-33, CVE-2006-2786)

It was discovered that JavaScript run via EvalInSandbox() can escape the sandbox. Malicious scripts received in emails containing JavaScript could use these privileges to execute arbitrary code with the user's privileges. (MFSA 2006-31, CVE-2006-2787)

Updated packages for Ubuntu 5.04:

Source archives:
      Size/MD5: 98300 a4dffa1705bd280224188e7bbc7781dd
      Size/MD5: 946 7eebd4d62af685dd0ce74d5ff741c92c
      Size/MD5: 32849510 ae345f1b722d8f3a977af4fd358d27b0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5: 3347854 519c296b742dc6e6d5c308b0b6c5a433
      Size/MD5: 145244 9a8d5c4ade62afdb187022df1b188099
      Size/MD5: 27718 aa28f71d2133d0810bbf166d86c68dc7
      Size/MD5: 82728 55ede40f0e71d287cfabe73492b3a71a
      Size/MD5: 11959242 c6acc1fa0785193f037fb35a14f7505e

i386 architecture (x86 compatible Intel/AMD)
      Size/MD5: 3341642 18916c1156df514eb6b538ec63737a8d
      Size/MD5: 140326 b2f8c499a4b160e6131d2fb2278e54b5
      Size/MD5: 27724 6bab59d8db842eee01a411c256b64cd8
      Size/MD5: 80468 114885d918a10761414adafc506be2e5
      Size/MD5: 10911294 67ab1c44fe9a3d164e0c79755365e2bf

powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5: 3337162 85e96f1fe254dc69170d3fc814110cd2