dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, February 20, 2007

Feb 21, 2007, 05:00 (0 Talkback[s])

Red Hat Linux


Red Hat Security Advisory

Synopsis: Moderate: koffice security update
Advisory ID: RHSA-2007:0010-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0010.html
Issue date: 2007-02-20
Updated on: 2007-02-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-6120


1. Summary:

Updated KOffice packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

KOffice is a collection of productivity applications for the K Desktop Environment (KDE) GUI desktop.

An integer overflow bug was found in KOffice's PPT file processor. An attacker could create a malicious PPT file that could cause KOffice to execute arbitrary code if the file was opened by a victim. (CVE-2006-6120)

All users of KOffice are advised to upgrade to these updated packages, which contains a backported patch to correct this issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

217738 - CVE-2006-6120 koffice integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/koffice-1.1.1-2.3.src.rpm
52c3cfb9b5eb38f1c99b53dc5d8d56df koffice-1.1.1-2.3.src.rpm

i386:
843f35a9ef08270d9dec5d5c071756d8 koffice-1.1.1-2.3.i386.rpm
af4bdfbdb50dd1da6527f0d3f54762f8 koffice-devel-1.1.1-2.3.i386.rpm

ia64:
522af4bed9d2feee80f67bb75b22e918 koffice-1.1.1-2.3.ia64.rpm
0fe4d6181a1b302bb8e7417a381f3b3b koffice-devel-1.1.1-2.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/koffice-1.1.1-2.3.src.rpm
52c3cfb9b5eb38f1c99b53dc5d8d56df koffice-1.1.1-2.3.src.rpm

ia64:
522af4bed9d2feee80f67bb75b22e918 koffice-1.1.1-2.3.ia64.rpm
0fe4d6181a1b302bb8e7417a381f3b3b koffice-devel-1.1.1-2.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/koffice-1.1.1-2.3.src.rpm
52c3cfb9b5eb38f1c99b53dc5d8d56df koffice-1.1.1-2.3.src.rpm

i386:
843f35a9ef08270d9dec5d5c071756d8 koffice-1.1.1-2.3.i386.rpm
af4bdfbdb50dd1da6527f0d3f54762f8 koffice-devel-1.1.1-2.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/koffice-1.1.1-2.3.src.rpm
52c3cfb9b5eb38f1c99b53dc5d8d56df koffice-1.1.1-2.3.src.rpm

i386:
843f35a9ef08270d9dec5d5c071756d8 koffice-1.1.1-2.3.i386.rpm
af4bdfbdb50dd1da6527f0d3f54762f8 koffice-devel-1.1.1-2.3.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6120
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Critical: gnomemeeting security update
Advisory ID: RHSA-2007:0086-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0086.html
Issue date: 2007-02-20
Updated on: 2007-02-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1007


1. Summary:

Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

GnomeMeeting is a tool to communicate with video and audio over the Internet.

A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007)

Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

229266 - CVE-2007-1007 gnomemeeting format string flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnomemeeting-0.96.0-5.src.rpm
ac32e799e8e154d52bb5532eed45d697 gnomemeeting-0.96.0-5.src.rpm

i386:
8f380a83328b56bf78dd2095b2b95f9c gnomemeeting-0.96.0-5.i386.rpm
6acf855179510df1f313386e27a761df
gnomemeeting-debuginfo-0.96.0-5.i386.rpm

ia64:
94f7310761b1ffc4f8da7521a96f9d83 gnomemeeting-0.96.0-5.ia64.rpm
fe98f0ea61a5c5730ba92030e57a55e0
gnomemeeting-debuginfo-0.96.0-5.ia64.rpm

ppc:
34490a6130e9dc80c4d1eab849875166 gnomemeeting-0.96.0-5.ppc.rpm
3c27497c19592215b57e3fdb0a53d8bd
gnomemeeting-debuginfo-0.96.0-5.ppc.rpm

s390:
9ccdab64159ff104f6630616c704bb79 gnomemeeting-0.96.0-5.s390.rpm
5d077c3ba4e920b49091aaa4be2690a7
gnomemeeting-debuginfo-0.96.0-5.s390.rpm

s390x:
3e20cffb3cef7ed4c4dfc51014c41251 gnomemeeting-0.96.0-5.s390x.rpm
059882b89d3f88e00c5671d016ca9fe1
gnomemeeting-debuginfo-0.96.0-5.s390x.rpm

x86_64:
dcca06f0edc48687a74cae33519e9d2a gnomemeeting-0.96.0-5.x86_64.rpm
7a6bce086b31f3c3773dc9bbd739392a
gnomemeeting-debuginfo-0.96.0-5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnomemeeting-0.96.0-5.src.rpm
ac32e799e8e154d52bb5532eed45d697 gnomemeeting-0.96.0-5.src.rpm

i386:
8f380a83328b56bf78dd2095b2b95f9c gnomemeeting-0.96.0-5.i386.rpm
6acf855179510df1f313386e27a761df
gnomemeeting-debuginfo-0.96.0-5.i386.rpm

x86_64:
dcca06f0edc48687a74cae33519e9d2a gnomemeeting-0.96.0-5.x86_64.rpm
7a6bce086b31f3c3773dc9bbd739392a
gnomemeeting-debuginfo-0.96.0-5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnomemeeting-0.96.0-5.src.rpm
ac32e799e8e154d52bb5532eed45d697 gnomemeeting-0.96.0-5.src.rpm

i386:
8f380a83328b56bf78dd2095b2b95f9c gnomemeeting-0.96.0-5.i386.rpm
6acf855179510df1f313386e27a761df
gnomemeeting-debuginfo-0.96.0-5.i386.rpm

ia64:
94f7310761b1ffc4f8da7521a96f9d83 gnomemeeting-0.96.0-5.ia64.rpm
fe98f0ea61a5c5730ba92030e57a55e0
gnomemeeting-debuginfo-0.96.0-5.ia64.rpm

x86_64:
dcca06f0edc48687a74cae33519e9d2a gnomemeeting-0.96.0-5.x86_64.rpm
7a6bce086b31f3c3773dc9bbd739392a
gnomemeeting-debuginfo-0.96.0-5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnomemeeting-0.96.0-5.src.rpm
ac32e799e8e154d52bb5532eed45d697 gnomemeeting-0.96.0-5.src.rpm

i386:
8f380a83328b56bf78dd2095b2b95f9c gnomemeeting-0.96.0-5.i386.rpm
6acf855179510df1f313386e27a761df
gnomemeeting-debuginfo-0.96.0-5.i386.rpm

ia64:
94f7310761b1ffc4f8da7521a96f9d83 gnomemeeting-0.96.0-5.ia64.rpm
fe98f0ea61a5c5730ba92030e57a55e0
gnomemeeting-debuginfo-0.96.0-5.ia64.rpm

x86_64:
dcca06f0edc48687a74cae33519e9d2a gnomemeeting-0.96.0-5.x86_64.rpm
7a6bce086b31f3c3773dc9bbd739392a
gnomemeeting-debuginfo-0.96.0-5.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnomemeeting-1.0.2-9.src.rpm
9f1d929179537ac609955111fc9f5208 gnomemeeting-1.0.2-9.src.rpm

i386:
2d23f5e0bfa1edbf4fb441640236c417 gnomemeeting-1.0.2-9.i386.rpm
84f14bbf85b86fa15226db946561cb0d
gnomemeeting-debuginfo-1.0.2-9.i386.rpm

ia64:
a87c964ab2d41d4f600b90db543432b2 gnomemeeting-1.0.2-9.ia64.rpm
9922ba7389d8e237f3f9589b1cbfd5e5
gnomemeeting-debuginfo-1.0.2-9.ia64.rpm

ppc:
e316b1cef291ff616ef20db452cc1b52 gnomemeeting-1.0.2-9.ppc.rpm
082e4afa5ffec7dda08e20604e9f578c
gnomemeeting-debuginfo-1.0.2-9.ppc.rpm

s390:
511e0a08386dae55dec50c55ae2fb2e7 gnomemeeting-1.0.2-9.s390.rpm
20326cfc92c85ad03df39e35a2cb2584
gnomemeeting-debuginfo-1.0.2-9.s390.rpm

s390x:
c6896eab5949424468f835d4e692d008 gnomemeeting-1.0.2-9.s390x.rpm
d4da67acffdbe86c29de33bc7ac14f5b
gnomemeeting-debuginfo-1.0.2-9.s390x.rpm

x86_64:
e6ab1cfeaa3137de1bf610fdda011e24 gnomemeeting-1.0.2-9.x86_64.rpm
ccb0867a4c112b387724cc9fd19300e8
gnomemeeting-debuginfo-1.0.2-9.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnomemeeting-1.0.2-9.src.rpm
9f1d929179537ac609955111fc9f5208 gnomemeeting-1.0.2-9.src.rpm

i386:
2d23f5e0bfa1edbf4fb441640236c417 gnomemeeting-1.0.2-9.i386.rpm
84f14bbf85b86fa15226db946561cb0d
gnomemeeting-debuginfo-1.0.2-9.i386.rpm

x86_64:
e6ab1cfeaa3137de1bf610fdda011e24 gnomemeeting-1.0.2-9.x86_64.rpm
ccb0867a4c112b387724cc9fd19300e8
gnomemeeting-debuginfo-1.0.2-9.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnomemeeting-1.0.2-9.src.rpm
9f1d929179537ac609955111fc9f5208 gnomemeeting-1.0.2-9.src.rpm

i386:
2d23f5e0bfa1edbf4fb441640236c417 gnomemeeting-1.0.2-9.i386.rpm
84f14bbf85b86fa15226db946561cb0d
gnomemeeting-debuginfo-1.0.2-9.i386.rpm

ia64:
a87c964ab2d41d4f600b90db543432b2 gnomemeeting-1.0.2-9.ia64.rpm
9922ba7389d8e237f3f9589b1cbfd5e5
gnomemeeting-debuginfo-1.0.2-9.ia64.rpm

x86_64:
e6ab1cfeaa3137de1bf610fdda011e24 gnomemeeting-1.0.2-9.x86_64.rpm
ccb0867a4c112b387724cc9fd19300e8
gnomemeeting-debuginfo-1.0.2-9.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnomemeeting-1.0.2-9.src.rpm
9f1d929179537ac609955111fc9f5208 gnomemeeting-1.0.2-9.src.rpm

i386:
2d23f5e0bfa1edbf4fb441640236c417 gnomemeeting-1.0.2-9.i386.rpm
84f14bbf85b86fa15226db946561cb0d
gnomemeeting-debuginfo-1.0.2-9.i386.rpm

ia64:
a87c964ab2d41d4f600b90db543432b2 gnomemeeting-1.0.2-9.ia64.rpm
9922ba7389d8e237f3f9589b1cbfd5e5
gnomemeeting-debuginfo-1.0.2-9.ia64.rpm

x86_64:
e6ab1cfeaa3137de1bf610fdda011e24 gnomemeeting-1.0.2-9.x86_64.rpm
ccb0867a4c112b387724cc9fd19300e8
gnomemeeting-debuginfo-1.0.2-9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1007
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

Ubuntu


Ubuntu Security Notice USN-423-1 February 20, 2007
moin, moin1.3 vulnerabilities
CVE-2007-0901, CVE-2007-0902

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:

moin 1.2.4-1ubuntu2.2
python-moinmoin 1.3.4-6ubuntu1.5.10

Ubuntu 6.06 LTS:
python-moinmoin 1.5.2-1ubuntu2.2

Ubuntu 6.10:
python-moinmoin 1.5.3-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A flaw was discovered in MoinMoin's debug reporting sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. Only Ubuntu Breezy was vulnerable. (CVE-2007-0901)

An information leak was discovered in MoinMoin's debug reporting, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "show_traceback=0" to their site configurations to disable debug tracebacks. (CVE-2007-0902)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ubuntu1.5.10.diff.gz
      Size/MD5: 45055 cf953c316085948e8dc9611835921bdc
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ubuntu1.5.10.dsc
      Size/MD5: 793 72c93be58cada2d2ea43a6e8904a56ac
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4.orig.tar.gz
      Size/MD5: 3085225 aff667e7c60c5af2525cd1381f417608
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.2.diff.gz
      Size/MD5: 39039 5b3de304bb89b4ae0ca9a0a2a9c4703d
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.2.dsc
      Size/MD5: 646 49eadc7ac308498b2c53cde03ab8bc72
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4.orig.tar.gz
      Size/MD5: 1142734 4fea82b27079d1db50a38cf06317cfaa

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.2_all.deb
      Size/MD5: 875492 439ce6791bfc4634de3c20f2aedbe025
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moinmoin-common_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5: 726416 f91ba8e0a07d25811754b6d4c62a1696
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python-moinmoin_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5: 50240 579771bff2ed9e979a477d7b5c47c229
    http://security.ubuntu.com/ubuntu/pool/universe/m/moin1.3/python2.3-moinmoin_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5: 584382 ed7269eefdbb71e2d060c325492cff1d
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python2.4-moinmoin_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5: 584386 c914fa345dfdd89dc5896b04f1b02acc

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.2.diff.gz
      Size/MD5: 37929 15194fb653e00c43092afcd7cf7efdcd
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.2.dsc
      Size/MD5: 702 050a5cfec5708d8da0a1a6cc69621696
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
      Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.2_all.deb
      Size/MD5: 1507826 a10aea39090b803979f40169b09d9eee
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.2_all.deb
      Size/MD5: 69418 c0c6ccb72d6086ca701806cc7375ab82
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.2_all.deb
      Size/MD5: 834508 a0b20e90fd41c46caaf09229e32585e8

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.2.diff.gz
      Size/MD5: 38642 4f9dbe80cf2f2fd62f962fbed248f65a
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.2.dsc
      Size/MD5: 726 379049d45f6684d2bc38f7ea5f722afe
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.gz
      Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.3-1ubuntu1.2_all.deb
      Size/MD5: 1574742 9e686f13fbda8d19c7e10db62b7b522b
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.3-1ubuntu1.2_all.deb
      Size/MD5: 73506 8fcda2db454c1492332cb764b081d902
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.3-1ubuntu1.2_all.deb
      Size/MD5: 908884 abae777420f930a54430c6438316a20f