dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, December 14, 2006

Dec 15, 2006, 04:45 (0 Talkback[s])

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200612-15

http://security.gentoo.org/


Severity: High
Title: McAfee VirusScan: Insecure DT_RPATH
Date: December 14, 2006
Bugs: #156989
ID: 200612-15


Synopsis

McAfee VirusScan for Linux is distributed with an insecure DT_RPATH, potentially allowing a remote attacker to execute arbitrary code.

Background

McAfee VirusScan for Linux is a commercial antivirus solution for Linux.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  app-antivirus/vlnx      <= 4510e                      Vulnerable!

     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.

Description

Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DT_RPATH which included the current working directory, rather than $ORIGIN which was probably intended.

Impact

An attacker could entice a VirusScan user to scan an arbitrary file and execute arbitrary code with the privileges of the VirusScan user by tricking the dynamic loader into loading an untrusted ELF DSO. An automated system, such as a mail scanner, may be subverted to execute arbitrary code with the privileges of the process invoking VirusScan.

Workaround

Do not scan files or execute VirusScan from an untrusted working directory.

Resolution

As VirusScan verifies that it has not been modified before executing, it is not possible to correct the DT_RPATH. Furthermore, this would violate the license that VirusScan is distributed under. For this reason, the package has been masked in Portage pending the resolution of this issue.

    # emerge --ask --verbose --unmerge "app-antivirus/vlnx"

References

[ 1 ] CVE-2006-6474

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6474

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200612-16

http://security.gentoo.org/


Severity: Normal
Title: Links: Arbitrary Samba command execution
Date: December 14, 2006
Bugs: #157028
ID: 200612-16


Synopsis

Links does not properly validate "smb://" URLs, making it vulnerable to the execution of arbitrary Samba commands.

Background

Links is a web browser running in both graphics and text modes.

Affected packages


     Package           /   Vulnerable   /                   Unaffected

  1  www-client/links      < 2.1_pre26                    >= 2.1_pre26

Description

Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands.

Impact

A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execute arbitrary Samba commands, which would allow the overwriting of arbitrary local files or the upload or the download of arbitrary files. This vulnerability can be exploited only if "smbclient" is installed on the victim's computer, which is provided by the "samba" Gentoo package.

Workaround

There is no known workaround at this time.

Resolution

All Links users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/links-2.1_pre26"

References

[ 1 ] CVE-2006-5925

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-16.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200612-17

http://security.gentoo.org/


Severity: High
Title: GNU Radius: Format string vulnerability
Date: December 14, 2006
Bugs: #156376
ID: 200612-17


Synopsis

A format string vulnerabilty has been found in GNU Radius, which could lead to the remote execution of arbitrary code.

Background

GNU Radius is a GNU version of Radius, a server for remote user authentication and accounting.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  net-dialup/gnuradius        < 1.4                          >= 1.4

Description

A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the "postgresql", "mysql" or "odbc" USE flags are enabled, which is not the default, except for the "server" 2006.1 and 2007.0 profiles which enable the "mysql" USE flag.

Impact

An unauthenticated remote attacker could execute arbitrary code with the privileges of the user running radiusd, which may be the root user. It is important to note that there is no default GNU Radius user for Gentoo systems because no init script is provided with the package.

Workaround

There is no known workaround at this time.

Resolution

All GNU Radius users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dialup/gnuradius-1.4"

References

[ 1 ] CVE-2006-4181

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4181

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:164-2
http://www.mandriva.com/security/


Package : xorg-x11
Date : December 14, 2006
Affected: Corporate 4.0


Problem Description:

Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739).

Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3740).

Updated packages are patched to address this issue.

Update:

Updated packages for Corporate Server 4.0 have been patched


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740


Updated Packages:

Corporate 4.0:
3658ca4cd8a4c6e9821c418a5ce7b4b3 corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
c98057d36ee6db65dd49bb540f2dfdb5 corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm
296d32cb0bb9a4361e5288cd0c136410 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm
569c78c8b3842c72cfe361fb89d1989d corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
438e53654ce1c11d5e28cce7d8316c34 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
6cd2047a430d3e10f68062e9e2ed7bc3 corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
61d98fd62be172adc372ef7f10e8d0f0 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
c46a82d37cb2377f9d232ee10fb837b4 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm
e5be10030bae448b24998d65a2be9f6c corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
9122ac82818d37d54e096d128866c64f corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm
1bfaa8464fefa7515a9abc6a4ff1da01 corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm
4c274b747483a610e16677f019c150f6 corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm
6d1fe79343156bbd680b3d60941380b3 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
c7bdfd3abc0b711abe72e32ffa0b8e76 corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
a62d0994768a936bbdef00a42a40e114 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm
7e586568c538c87728f51cdee94ba050 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
a4a6aabeae772da093d771695d350dc0 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm
eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
95d2a9ad359eb51d2c8743a8f2d8cc21 corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
91629018178a74304f232c38b29ea831 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
93465357b9ff908de20c7448d501c1fa corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm
4fe4964642e28e972c34c759d1e726d1 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm
461967ff7add4e31702460db4ee6e602 corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
6f5fbabba03318860472c0ce5c0a65e4 corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
444fc50e3d9cccf09601026c7487d78e corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
20da8a1239bc532d7c45d32931360d7b corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm
40af6535454c3ea73dc4f6473b9f24c0 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm
2c7d093af7530397c8b935409080c25c corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm
51b4f1d2ef0118a2ed84b430bc89242e corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm
66721b5e94867256724faf443ae1e8a3 corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm
8e37a1b93e5ae3850d1259eea8aa3de3 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm
d705258a79d0cb500560de0f3babe596 corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm
325bfc125311d543b8808133345afb00 corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm
ae37ee6f2b895664bfddb06798180907 corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm
897a5a32aa8e71cd3b644bc75e33f98a corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm
eb0860600fe024f88c015f77976d61c4 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:229
http://www.mandriva.com/security/


Package : evince
Date : December 13, 2006
Affected: 2007.0


Problem Description:

Stack-based buffer overflow in ps.c for evince allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864


Updated Packages:

Mandriva Linux 2007.0:
9cac7456ee1b25c93bd73c430475baaf 2007.0/i586/evince-0.6.0-1.2mdv2007.0.i586.rpm
d8a6e0604fe5fff79909659bd2fa0136 2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5d231a5f65991fe2383cdfc907425b77 2007.0/x86_64/evince-0.6.0-1.2mdv2007.0.x86_64.rpm
d8a6e0604fe5fff79909659bd2fa0136 2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:230
http://www.mandriva.com/security/


Package : clamav
Date : December 13, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0


Problem Description:

The latest version of ClamAV, 0.88.7, fixes some bugs, including vulnerabilities with handling base64-encoded MIME attachment files that can lead to either a) a crash (CVE-2006-5874), or b) a bypass of virus detection (CVE-2006-6406).

As well, a vulnerability was discovered that allows remote attackers to cause a stack overflow and application crash by wrapping many layers of multipart/mixed content around a document (CVE-2006-6481).

The latest ClamAV is being provided to address these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481


Updated Packages:

Mandriva Linux 2006.0:
b62b980e893f31cb4a1868bf654111b1 2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm
45224507b6eb7548d77d350e49b779bf 2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm
2839e6db4e043c8c5f30242073fd463a 2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
1efab3d20fc9a3ee591bca6cd911f432 2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm
a02b321e3540dc8746568ceb89978d8a 2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm
a2a63b58aa4799427b10b2ef3df0312a 2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm
d0eec42b243ddf7adf64cf64d1220381 2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c82c856996f6916e538ad1d8108f32ff 2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm
c14d9d0ff168241afaed73f5835b1e76 2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
501ae197ee84e3a9b791bab78e27d744 2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
795e8d155a0b93f3854c2a454f265cbd 2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm
94d70db54cb3129082c5c30d294368d9 2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
d130298465adc84967cc4b2f00b7e3ba 2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm
d0eec42b243ddf7adf64cf64d1220381 2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
96ed9d67bba561245f73cc69596c4d47 2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm
3b0d3b89b0507b6a8c65b675a0fbb67b 2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
31a67792b8319f86c1a48d82c78c06a0 2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
3277aa7171b3e4d05d03d7ee7d1c0ed4 2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm
c25960475a4606bbd910a0200e4cf53f 2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
265ac03db8213dd9bfca2723b300a763 2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm
6a4400d492a1a960b8d92f00552d7d18 2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
88d6558eaedc651f5997a25a303079a5 2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
78e4cd526a8622b6e12f84fa4ae3d6d0 2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
61e1966f5630a939136957d82acbb4c6 2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
9d19aefac34f54e499c36733eca73111 2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
bdf0b48ad7b2afb5aa17b57f42482cf8 2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
2cd6d0d8d721cf027d0e2bcaebc34cbc 2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm
6a4400d492a1a960b8d92f00552d7d18 2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

Corporate 3.0:
feaa3bc3bf4a008ebe28be198d00fdf3 corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm
07d17cdbf4f6037211a6ccd8fa19dacb corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm
86d5d1ba6a021918dfec382d363f1b6c corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
cd6b3538836b38a4280bc87b8973622f corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm
9267bc8bfe596439de8886223bad26e9 corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm
4682ad4e008c5ce93429034abe40d5d6 corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm
98f8117362b50ca3e775894d45a5fcfb corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
cfa59847b3868d67dac9c61ce07a310d corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm
53d4c93840bb02b1092b2a8122e555e5 corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
893ef35e464ef5e9b1f7bad7ce1b1842 corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
dfa01a642a5b00c298a6bd85a82d7a5d corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm
0ee7a5c70a4f3d2e01e19a3abda229fb corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
7007fdd4b7c038c85947cda87c5262d3 corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm
98f8117362b50ca3e775894d45a5fcfb corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

Corporate 4.0:
1fc7dc3770ca0a6aa16c6213d5d19fcc corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm
aa5259c487956b9de144fe12710f3f1c corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
15fca428565d2dd9f2c169359826a95a corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
6a2ad1ede1e2d686c6d894e8c8b1e441 corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm
87a1ad35fa480c91a769351bb9571698 corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
1c3f598674665c6c399e7799103dc4b7 corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm
bbbd149e943f327577eba98d7c5dce0a corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5941452de407b4f4d0e5631d57cea1b8 corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
86dca13c238afc9ccb7683542ad12b44 corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
249703cc4d464ef85067b4659d0e6757 corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm
bf8037a275cf6e28a1a1227b5a9e5777 corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
7b507bda94614b3f4547415df052af0f corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm
2778dd446bbd8b0e7f8e756bd8d8634f corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm
bbbd149e943f327577eba98d7c5dce0a corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

rPath Linux

rPath Security Advisory: 2006-0232-1
Published: 2006-12-14
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Indirect User Deterministic Unauthorized Access
Updated Versions: libgsf=/conary.rpath.com@rpl:devel//1/1.12.0-4.2-1
References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4514
            https://issues.rpath.com/browse/RPL-857
Description: Previous versions of the libgsf package contain a flaw in parsing OLE documents that could allow an attacker to crash applications that use libgsf, and possibly to cause them to execute arbitrary code, by presenting a user with an intentionally malformed OLE document.

SUSE Linux


SUSE Security Announcement

Package: libgsf
Announcement ID: SUSE-SA:2006:076
Date: Thu, 14 Dec 2006 12:00:00 +0000
Affected Products: Novell Linux Desktop 9 Novell Linux POS 9 Open Enterprise Server SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SuSE Linux Desktop 1.0 SUSE SLED 10 SUSE SLES 10 SUSE SLES 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-4514

Content of This Advisory:

  1. Security Vulnerability Resolved: libgsf buffer overflow Problem Description
  2. Solution or Work-Around
  3. Special Instructions and Notes
  4. Package Location and Checksums
  5. Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report.
  6. Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

The libgsf library is used by various GNOME programs to handle for instance OLE2 data streams.

Specially crafted OLE documents enabled attackers to use a heap buffer overflow for potentially executing code.

This issue is tracked by the Mitre CVE ID CVE-2006-4514.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please close and restart applications using libgsf.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package.

x86 Platform:

SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libgsf-1.13.99-13.7.i586.rpm 91b1e160b88a4da68781ca4391a0aa7b

SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libgsf-1.12.1-3.2.i586.rpm 6b4e5b5ed0e564769a0bb3d0e288b8be

SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libgsf-1.11.1-4.2.i586.rpm 48555a9c645cae527bdc5315251d662f

Power PC Platform:

SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libgsf-1.13.99-13.7.ppc.rpm d8c05b0415c9e196c2d1a8cc42ac0402

SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libgsf-1.12.1-3.2.ppc.rpm 24e8d5c92f635db2ef3049339ba1754b

x86-64 Platform:

SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libgsf-1.13.99-13.7.x86_64.rpm 6f8ebb0842088a321a15192480a5388d
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libgsf-32bit-1.13.99-13.7.x86_64.rpm bab0e91a620413c92e403bcfdd6d7147

SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libgsf-1.12.1-3.2.x86_64.rpm f9992beea6a3fe27204ebee475ba8234
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libgsf-32bit-1.12.1-3.2.x86_64.rpm b1369a901898a1bfb9fd5ba643dd7291

SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/libgsf-1.11.1-4.2.x86_64.rpm 02e536160da1597a38153d1643de00b4
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/libgsf-32bit-9.3-7.1.x86_64.rpm abb66f3f4f3b3cd34382612805878466

Sources:

SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libgsf-1.13.99-13.7.src.rpm 0b386df6f643991c71d61dbf07d448fe

SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/libgsf-1.12.1-3.2.src.rpm 455b6c354c40ac3157a158b8902238c2

SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/libgsf-1.11.1-4.2.src.rpm 7b6bb054f79babd4893be99c331eab2f

Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:

Open Enterprise Server
http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

Novell Linux POS 9
http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SUSE SLES 10
http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SUSE SLED 10
http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SUSE SLES 9
http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html


5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.


6) Authenticity Verification and Additional Information

  • Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file and run the command

    gpg --verify <file>

    replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like:

    gpg: Signature made <DATE> using RSA key ID 3D25D3D9
    gpg: Good signature from "SuSE Security Team <security@suse.de>"

    where <DATE> is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command

    gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  • Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.

    There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package:

    1. Using the internal gpg signatures of the rpm package
    2. MD5 checksums as provided in this announcement
    1. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command

      rpm -v --checksig <file.rpm>

      to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.

    2. If you need an alternative means of verification, use the md5sum

      command to verify the authenticity of the packages. Execute the command

      md5sum <filename.rpm>

      after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified.


SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.

The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>


SUSE Security Announcement

Package: flash-player
Announcement ID: SUSE-SA:2006:077
Date: Thu, 14 Dec 2006 12:00:00 +0000
Affected Products: Novell Linux Desktop 9 openSUSE 10.2 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE SLED 10
Vulnerability Type: HTTP header splitting
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-5330

Content of This Advisory:

  1. Security Vulnerability Resolved: flash-player HTTP request CRLF injection problem Problem Description
  2. Solution or Work-Around
  3. Special Instructions and Notes
  4. Package Location and Checksums
  5. Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report.
  6. Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

This security update brings the Adobe Flash Player to version 7.0.69. The update fixes the following security problem:

CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType.

The flexibility of the attack varies depending on the type of web browser being used.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please close and restart all running instances of applications currently running flash applets after the update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package.

x86 Platform:

openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/flash-player-7.0.69.0-1.1.i586.rpm 582b9df68410047288fdd679be14cc43

SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/flash-player-7.0.69.0-1.2.i586.rpm 028b959cc57e8a158963722886961915

SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/flash-player-7.0.69.0-1.1.i586.rpm 8a9ad6700dc9509ee4554d01c45c39cb

SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/flash-player-7.0.69.0-1.1.i586.rpm 66b36fc7384c7bffdbe1a1e38d6b65b8

Sources:

openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/flash-player-7.0.69.0-1.1.src.rpm 550f2dc5b50cd2d66ddf6c66cc2cf35a

SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/flash-player-7.0.69.0-1.2.src.rpm c684b5c2e4c4ad3bdd51ee50f59f2e36

SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/flash-player-7.0.69.0-1.1.src.rpm eb5174d91333353daaf183e7a26b70d0

SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/flash-player-7.0.69.0-1.1.src.rpm 2f4ff5f9c0953790241512a76a13bdc8

Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:

Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/e0b1939107e149b2e2c750dae6331938.html

SUSE SLED 10
http://support.novell.com/techcenter/psdb/e0b1939107e149b2e2c750dae6331938.html


5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.


6) Authenticity Verification and Additional Information

  • Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file and run the command

    gpg --verify <file>

    replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like:

    gpg: Signature made <DATE> using RSA key ID 3D25D3D9
    gpg: Good signature from "SuSE Security Team <security@suse.de>"

    where <DATE> is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command

    gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  • Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.

    There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package:

    1. Using the internal gpg signatures of the rpm package
    2. MD5 checksums as provided in this announcement
    1. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command

      rpm -v --checksig <file.rpm>

      to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.

    2. If you need an alternative means of verification, use the md5sum

      command to verify the authenticity of the packages. Execute the command

      md5sum <filename.rpm>

      after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified.


SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.

The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Ubuntu


Ubuntu Security Notice USN-380-2 December 14, 2006
avahi regression
https://launchpad.net/bugs/72728

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
avahi-daemon 0.5.2-1ubuntu1.3

Ubuntu 6.06 LTS:
avahi-daemon 0.6.10-0ubuntu3.3

Ubuntu 6.10:
avahi-daemon 0.6.13-2ubuntu2.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-380-1 fixed a vulnerability in Avahi. However, if used with Network manager, that version occasionally failed to resolve .local DNS names until Avahi got restarted. This update fixes the problem.

We apologize for the inconvenience.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi_0.5.2-1ubuntu1.3.diff.gz
      Size/MD5: 5402 6988a88488201140d1941e18e9baf974
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi_0.5.2-1ubuntu1.3.dsc
      Size/MD5: 1151 c3edfa425968e2fd8053f37d8e06387a
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi_0.5.2.orig.tar.gz
      Size/MD5: 651504 dc7ce24ffaab251a2002bf1dfdbe256d

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-utils_0.5.2-1ubuntu1.3_all.deb
      Size/MD5: 15784 32a0566e13d26c2ac618aee8d6310f43
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-cil_0.5.2-1ubuntu1.3_all.deb
      Size/MD5: 20748 ce2a400aa9d37b33d234d35fbd0765f5
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/python2.4-avahi_0.5.2-1ubuntu1.3_all.deb
      Size/MD5: 8964 56044882a59dbea82e50eb889ddab030

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 49074 2d1bfbec40fb0990e9d9c3e7f9a7d5d2
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 15290 a43a4acb239c7da47baf1615c2d61b27
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-client-dev_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 27972 182b8adf040f20589b883bf427fb0656
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-client1_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 23102 c7e27c18c810ea439c8bb867ab5e8fda
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-common-dev_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 31536 e0db12eff12ed67e75ae46aeecf14253
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-common0_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 20540 e32a02c8e9c41ca46e86c24ae146afda
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-core-dev_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 104490 2633408fbbe5c64cab9d6c386580bf96
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-core1_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 75398 14e59e657b680cdb009106679d91977f
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-glib-dev_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 10038 b6a18e683e2c5aa1a187375a54b8e39a
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-glib0_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 8888 109ddf7229ecc9ee684d75006fd7d71d
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-qt3-0_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 11426 da757a2b37737aa22e5083d65d5fc14f
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-qt3-dev_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 11708 210e14ee05911ed7fd52945010a5297f
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-qt4-0_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 9284 75a6ac74a009a60d9413e0fe9669c163
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-qt4-dev_0.5.2-1ubuntu1.3_amd64.deb
      Size/MD5: 9678 73fd48ec0f9ece9943c649faaacf7829

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0.5.2-1ubuntu1.3_i386.deb
      Size/MD5: 45014 d48dae82e7556cf9af9307c7bce01941
    http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd_0.5.2-1ubuntu1.3_i386.deb
      Size/MD5: 14338 21402b49b74c7273191c57fc979de17e
    http://sec