Home Security

Advisories, April 24, 2006

By

April 25, 2006

Debian GNU/Linux

Debian Security Advisory DSA 1039-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 24th, 2006 http://www.debian.org/security/faq

Package : blender
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3302 CVE-2005-4470
BugTraq ID : 15981
Debian Bugs : 330895 344398

Several vulnerabilities have been discoverd in in blender, a
very fast and versatile 3D modeller/renderer. The Common
Vulnerability and Exposures Project identifies the following
problems:

CVE-2005-3302

Joxean Koret discovered that due to missing input validation a
provides script is vulnerable to arbitrary command execution.

CVE-2005-4470

Damian Put discovered a buffer overflow that allows remote
attackers to cause a denial of service and possibly execute
arbitrary code.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 2.36-1sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 2.40-1.

We recommend that you upgrade your blender package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.dsc

Size/MD5 checksum: 748
8d4a7880a3b1c0d1c2c2b7d67b1111c7
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.diff.gz

Size/MD5 checksum: 13747
1731a5fd58dfbf6eacb4f2760be9dd27
http://security.debian.org/pool/updates/main/b/blender/blender_2.36.orig.tar.gz

Size/MD5 checksum: 6912828
8e2237c86b12e6061935632495aec875

Alpha architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_alpha.deb

Size/MD5 checksum: 4827460
180eeefd1123722e7c4aa0a43cf47eeb

AMD64 architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_amd64.deb

Size/MD5 checksum: 4118980
be9328fd278159f218a25763553e92be

ARM architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_arm.deb

Size/MD5 checksum: 4089822
07513b5818e448697bfbc6b1bed51873

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_i386.deb

Size/MD5 checksum: 4142046
a263f52ac839648cee6e870b3d7e451e

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_ia64.deb

Size/MD5 checksum: 5684932
db0b5c13cd696115958e2efb528f1eed

HP Precision architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_hppa.deb

Size/MD5 checksum: 4600312
c2241dbd8f88fbbf7ccdc164193dab60

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_m68k.deb

Size/MD5 checksum: 3655228
8728fcd27b3fb0c9bc7c1a9eaf417bd0

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mips.deb

Size/MD5 checksum: 4310726
37dd5199543e5a9a20fae6abff093dc2

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mipsel.deb

Size/MD5 checksum: 4303728
21f55618f8ee45ed18c848ebb3707dab

PowerPC architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_powerpc.deb

Size/MD5 checksum: 4173870
1c2dc631d155be939696e67b1f8b2416

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_s390.deb

Size/MD5 checksum: 3977484
0b7f82038c3f61280c42c337188cfd47

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_sparc.deb

Size/MD5 checksum: 3940052
b64ac521aaa356b54f6a162f6c10bc4f

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1040-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 24th, 2006 http://www.debian.org/security/faq

Package : gdm
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-1057
BugTraq ID : 17635

A vulnerability has been identified in gdm, a display manager
for X, that could allow a local attacker to gain elevated
privileges by exploiting a race condition in the handling of the
.ICEauthority file.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 2.6.0.8-1sarge2.

For the unstable distribution (sid) this problem will be fixed
in version 2.14.1-1.

We recommend that you upgrade your gdm package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.dsc

Size/MD5 checksum: 732
5e615263c621f3166eab26233249934b
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.diff.gz

Size/MD5 checksum: 258548
323d831f75f4a784b754ee4d6902120f
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8.orig.tar.gz

Size/MD5 checksum: 5619049
1417d176925a4a24c465c043df7b6a39

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_alpha.deb

Size/MD5 checksum: 3243636
3641c4ee397d6f70fa15b439da1ca29d

AMD64 architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_amd64.deb

Size/MD5 checksum: 3178276
03057b54637e652dd37f98bf94e3b575

ARM architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_arm.deb

Size/MD5 checksum: 3124804
beb9189cf49420259a51210c1864cc08

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_i386.deb

Size/MD5 checksum: 3144008
36c7dfed8ab7ece8d5b75fa720c6120d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_ia64.deb

Size/MD5 checksum: 3328900
c6b11ef8670cb3f63d946e0779d65c3f

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_hppa.deb

Size/MD5 checksum: 3185510
486b1377061ad3655a34d17abc9ece23

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_m68k.deb

Size/MD5 checksum: 3115464
a002336849c45be8d7a70630a9dbe714

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mips.deb

Size/MD5 checksum: 3155474
dea4b0e6dbb2b1a4ac0b5a90e9a93035

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mipsel.deb

Size/MD5 checksum: 3147934
19dc1118fec157e9ae4f7e40418a7cbb

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_powerpc.deb

Size/MD5 checksum: 3172026
611508441a9bcd7df2bb3ac486a20da4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_s390.deb

Size/MD5 checksum: 3185506
f03786d134fda10cfb7ce9c6b4e13044

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_sparc.deb

Size/MD5 checksum: 3137658
ea03ac108174033db47559465da66184

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200604-12

http://security.gentoo.org/

Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: April 23, 2006
Bugs: #129924
ID: 200604-12

Synopsis

Several vulnerabilities in Mozilla Firefox allow attacks ranging
from execution of script code with elevated privileges to
information leaks.

Background

Mozilla Firefox is the next-generation web browser from the
Mozilla project.

Affected packages

     Package                         /  Vulnerable  /       Unaffected



  1  www-client/mozilla-firefox           < 1.0.8             >= 1.0.8
  2  www-client/mozilla-firefox-bin       < 1.0.8             >= 1.0.8
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

Several vulnerabilities were found in Mozilla Firefox. Versions
1.0.8 and 1.5.0.2 were released to fix them.

Impact

A remote attacker could craft malicious web pages that would
leverage these issues to inject and execute arbitrary script code
with elevated privileges, steal local files, cookies or other
information from web pages, and spoof content. Some of these
vulnerabilities might even be exploited to execute arbitrary code
with the rights of the browser user.

Workaround

There are no known workarounds for all the issues at this
time.

Resolution

All Mozilla Firefox users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.8"

All Mozilla Firefox binary users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.8"

References

[ 1 ] CVE-2005-4134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134

[ 2 ] CVE-2006-0292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292

[ 3 ] CVE-2006-0296

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

[ 4 ] CVE-2006-0748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748

[ 5 ] CVE-2006-0749

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749

[ 6 ] CVE-2006-1727

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727

[ 7 ] CVE-2006-1728

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728

[ 8 ] CVE-2006-1729

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729

[ 9 ] CVE-2006-1730

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730

[ 10 ] CVE-2006-1731

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731

[ 11 ] CVE-2006-1732

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732

[ 12 ] CVE-2006-1733

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733

[ 13 ] CVE-2006-1734

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734

[ 14 ] CVE-2006-1735

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735

[ 15 ] CVE-2006-1736

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736

[ 16 ] CVE-2006-1737

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737

[ 17 ] CVE-2006-1738

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738

[ 18 ] CVE-2006-1739

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739

[ 19 ] CVE-2006-1740

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740

[ 20 ] CVE-2006-1741

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741

[ 21 ] CVE-2006-1742

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742

[ 22 ] CVE-2006-1790

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790

[ 23 ] Mozilla Foundation Security Advisories

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200604-13

http://security.gentoo.org/

Severity: Normal
Title: fbida: Insecure temporary file creation
Date: April 23, 2006
Bugs: #129470
ID: 200604-13

Synopsis

fbida is vulnerable to linking attacks, potentially allowing a
local user to overwrite arbitrary files.

Background

fbida is a collection of image viewers and editors for the
framebuffer console and X11.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

  1  media-gfx/fbida      < 2.03-r3                         >= 2.03-r3

Description

Jan Braun has discovered that the “fbgs” script provided by
fbida insecurely creates temporary files in the “/var/tmp”
directory.

Impact

A local attacker could create links in the temporary file
directory, pointing to a valid file somewhere on the filesystem.
When an affected script is called, this could result in the file
being overwritten with the rights of the user running the
script.

Workaround

There is no known workaround at this time.

Resolution

All fbida users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r3"

References

[ 1 ] CVE-2006-1695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1695

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-13.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200604-14

http://security.gentoo.org/

Severity: Normal
Title: Dia: Arbitrary code execution through XFig import
Date: April 23, 2006
Bugs: #128107
ID: 200604-14

Synopsis

Buffer overflows in Dia’s XFig import could allow remote
attackers to execute arbitrary code.

Background

Dia is a GTK+ based diagram creation program.

Affected packages

     Package         /  Vulnerable  /                       Unaffected

  1  app-office/dia      < 0.94-r5                          >= 0.94-r5

Description

infamous41md discovered multiple buffer overflows in Dia’s XFig
file import plugin.

Impact

By enticing a user to import a specially crafted XFig file into
Dia, an attacker could exploit this issue to execute arbitrary code
with the rights of the user running Dia.

Workaround

There is no known workaround at this time.

Resolution

All Dia users should upgrade to the latest available
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r5"

References

[ 1 ] CVE-2006-1550

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/

Package : cyrus-sasl
Date : April 24, 2006
Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

A vulnerability in the CMU Cyrus Simple Authentication and
Security Layer (SASL) library < 2.1.21, has an unknown impact
and remote unauthenticated attack vectors, related to DIGEST-MD5
negotiation. In practice, Marcus Meissner found it is possible to
crash the cyrus-imapd daemon with a carefully crafted communication
that leaves out “realm=…” in the reply or the initial server
response.

Updated packages have been patched to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721

Updated Packages:

Mandriva Linux 10.2:
0f6e423a1ef3803f9b6777e827977b3d
10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
2e37644e8b213c87f36182e4af6eb433
10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm
2b2c4cf9ea3fd956e9de41e91e4c4fbf
10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
2173a85249e7db834a966b7cd6e8d5b4
10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
7d9f04136abdfd24487209226c6ab5d7
10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
a0e0468a37eeb1af3e3a9a8635900d1b
10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
8b752a8a31d0948f9a1b0564fbcb724e
10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
3fbc57415040abca570130360a25224d
10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
8907de7fa38e47c4bfece4001b137aa2
10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
545880d896754e11d17cb372c418e778
10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
0a5882eb7e2c92c7d1fed113a7f18bd5
10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
667f46d4b52290df98b9af19ee21dee6
10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
df6c6c9920af062ed2cbf3ee4c1f9594
10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
cc933c21e9066d307bb30e4272dab7bb
10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
4551b0897bf06e66ac70d9f139b8765f
10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
39fd1454e83c134507ca8808da363687
x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
57afeeebed5b3fa7ff3e2b2839ccce57
x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
d12ce309789ddc682e1950001ec19389
x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
a83ae6920b1f8e4b7bf8461cbf6c5189
x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm

d30a0b7d795925f2ea85b5d7f3f438b0
x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm

fe36af2939a515c0cfcdb060659e5205
x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm

0addc7200f5c435eb831245bda7e2f10
x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm

00b84e5dc048bdbd201fb92578510a7d
x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm

fc4ab1994c1152c227d07b8ef2002bfc
x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm

d4fd5b860b88e9da40ffbb19f7f1774d
x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm

72aeb079de7722039b218cd3c2a20466
x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm

5d0a5312b270d4d3f7cef16f913904a2
x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm

f22d9bb0f6271ce0df23c43465e0ada9
x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm

035d220ffceae7ed7cebb283109e4b61
x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm

4551b0897bf06e66ac70d9f139b8765f
x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

Corporate 3.0:
930ea7b485d2a0602825e46ec4834270
corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
e9667c09be3be825f9d67e9c608ebee9
corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm
26681a8fd727e325a4ab41fdf0f76d5b
corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
531e71aabe2ba6a33db9e25b16d600b3
corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm

4f2ddc1b1af415ed62216df4fa7a1990
corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm

41e834325c30d3df778be78ee20936ac
corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm

6fb04d4b4ff321f1743afebcc4bc04af
corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm

2ecbbc9319c881130eee4f32c2ecd13d
corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm

7dd9267c007aa2d4e7477564b1d0053f
corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm

5022c174c4fc977a89200df7639061b3
corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm

dd5332fbaca9ed53148c514833c85662
corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm

721fddfeb6929f20c0b0a036cd94af85
corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm

91fad35e0d021b48e0724f1028fdb95f
corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm

a47121c61c1d764dd174fb87ba15e11e
corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
1d28b4d2b3011e989ab92bdd2567e743
x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm

d722baf79d0b9db27279db46107d7703
x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm

d2e284770fc354b547e20e92795cdf00
x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm

d59de45402ce7290a7d4c8e305057ba5
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm

2972d5ea5d139ebf54971a3e4b983631
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm

201aed549c8efc3bfdd23e15d4e0c95d
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm

373cac68a6d6fe16adf4f10d27cd9b44
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm

1382da3f31460f7596c5ce3099194c78
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm

ac1fc40eb0c6b613321032325c91564c
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm

a6b6433706ef5316e9b38c36b5490941
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm

6f845c26b0df123330a8e7dc9e41a3da
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm

130905710e927b237b8f3b4a09c56823
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm

1560672b155b37e4432e58065662ef25
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm

a47121c61c1d764dd174fb87ba15e11e
x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
8b6d21b255eb0423935e4755b8d5e14a
mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm
fdb7603310a32f2e44bcf5138fa97a93
mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm
4212f51dc7713dcc2551271a4e193ae7
mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm
34115f9f7d4da76ec1aae5e97d30e649
mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm

4c3a147915c049be92c4706ee25ecf62
mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm
cbdf0553d8b352920c19ec71fa657c1f
mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm

c9c5c214b8a08441b343b5b8f4f1f4ee
mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm
275828de1aa4acb4e9f425004114ddc2
mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm
788c1a1134884135899e734b8071602e
mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm
a920489cdfd9072f9189d5bebda99c03
mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm
f184c2d1696670d5a332577535f2b6e5
mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm
4b8e4add36ce7bfb1a3b13360ee4a8c5
mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm
52d4ee53157468483f15c3f58888db3b
mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm
07885e682d6eb07d7316fda28f31bda5
mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:074
http://www.mandriva.com/security/

Package : php
Date : April 24, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall
2.0

Problem Description:

A cross-site scripting (XSS) vulnerability in phpinfo (info.c)
in PHP <= 5.1.2 allows remote attackers to inject arbitrary web
script or HTML via long array variables, including (1) a large
number of dimensions or (2) long values, which prevents HTML tags
from being removed. (CVE-2006-0996)

Directory traversal vulnerability in file.c in PHP <= 5.1.2
allows local users to bypass open_basedir restrictions and allows
remote attackers to create files in arbitrary directories via the
tempnam function. (CVE-2006-1494)

The copy function in file.c in PHP <= 5.1.2 allows local
users to bypass safe mode and read arbitrary files via a source
argument containing a compress.zlib:// URI. (CVE-2006-1608)

Updated packages have been patched to address these issues.
After upgrading these packages, please run “service httpd
restart”.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1608

Updated Packages:

Mandriva Linux 10.2:
6cb691aa48c2296c57f3d65d2724f7d3
10.2/RPMS/libphp_common432-4.3.10-7.11.102mdk.i586.rpm
6c72033c47da9a215e7d9d5818bd8a4c
10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.i586.rpm
2d3b41503d65dbb63afd816b82dcc4c0
10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.i586.rpm
23dff1292b45e3019cfcff624988c1bf
10.2/RPMS/php-cli-4.3.10-7.11.102mdk.i586.rpm
80ea8ca3381b02fe700184e2f4996a01
10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b0aa527c34e84bd561028bc7be2f15f3
x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.11.102mdk.x86_64.rpm

99908ebcd99ad6fd6743dfcc7bc8f0bb
x86_64/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.x86_64.rpm
1bd9fe999525590c0349daf67f091120
x86_64/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.x86_64.rpm
96c4cc779c0b95b9d657c7a22ce25a6c
x86_64/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.x86_64.rpm
80ea8ca3381b02fe700184e2f4996a01
x86_64/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm

Mandriva Linux 2006.0:
f9f92f293c9a66facd9df8d387aff8a4
2006.0/RPMS/libphp5_common5-5.0.4-9.7.20060mdk.i586.rpm
7e9966dbcae985dc1a96d504a0f62608
2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.i586.rpm
5986088bc45b33a07cfa9040728eda4b
2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.i586.rpm
cb71d5ed6ce66a8cb8bb6eb606f41c18
2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.i586.rpm
35a8f28a1bf837da8c4cd4c7ccfbabf0
2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.i586.rpm
4ed1817971b580bf5158ba8c7849942a
2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
12034267cfa851d3cd1790147fe33a33
x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.7.20060mdk.x86_64.rpm

71fa67fd6f623cca6bef276f8698966c
x86_64/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.x86_64.rpm
a5ae41e39b78f723e5c008f42cd94713
x86_64/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.x86_64.rpm
26d888c996a63a6f30f1158f1f262ac5
x86_64/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.x86_64.rpm
7bffe3e550178279eb0cf86a63135ed8
x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.x86_64.rpm
4ed1817971b580bf5158ba8c7849942a
x86_64/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm

Corporate 3.0:
9465ef267ccc97c3bdb93ac1c01d4e1f
corporate/3.0/RPMS/libphp_common432-4.3.4-4.15.C30mdk.i586.rpm
b93cf0957bafbe7b8fd09e389e213bd7
corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.i586.rpm
5c804ad53a5465611daf49e1a086f0e1
corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.i586.rpm
b14c50b9c0f43f187db405cc8f55cd08
corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.i586.rpm
1a9f953f763ea289713cc8b456cde484
corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm

Corporate 3.0/X86_64:
9569da02e4cd1d854cdbad8dcf91003a
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.15.C30mdk.x86_64.rpm

476b548c9d342dac9a5a3bb230f17f33
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.x86_64.rpm

dffb56720790f00ed138e9b66a4f9145
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.x86_64.rpm
6549890f5a9d15a721ced4ff8991149b
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.x86_64.rpm
1a9f953f763ea289713cc8b456cde484
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm

Multi Network Firewall 2.0:
47733a5fa2b3ea413a53ce000a0bbc73
mnf/2.0/RPMS/libphp_common432-4.3.4-4.15.M20mdk.i586.rpm
9f6cdbe97597ba858c202937cc0e2999
mnf/2.0/RPMS/php432-devel-4.3.4-4.15.M20mdk.i586.rpm
181a9b0a5673f83096dddadc07a3324d
mnf/2.0/RPMS/php-cgi-4.3.4-4.15.M20mdk.i586.rpm
08928ad43dccf63184d0cb9b7090a2a6
mnf/2.0/RPMS/php-cli-4.3.4-4.15.M20mdk.i586.rpm
47295c4db3710a956c489848f253ada7
mnf/2.0/SRPMS/php-4.3.4-4.15.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Slackware Linux

[slackware-security] mozilla security/EOL (SSA:2006-114-01)

New Mozilla packages are available for Slackware 10.0, 10.1,
10.2 and -current to fix multiple security issues.

More details about the issues may be found here:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla

Also note that this release marks the EOL (End Of Life) for the
Mozilla Suite series. It’s been a great run, so thanks to everyone
who put in so much effort to make Mozilla a great browser suite. In
the next Slackware release fans of the Mozilla Suite will be able
to look forward to browsing with SeaMonkey, the Suite’s successor.
Anyone using an older version of Slackware may want to start
thinking about migrating to another browser — if not now, when the
next problems with Mozilla are found.

Although the “sunset announcement” states that mozilla-1.7.13 is
the final mozilla release, I wouldn’t be too surprised to see just
one more since there’s a Makefile.in bug that needed to be patched
here before Mozilla 1.7.13 would build. If a new release comes out
and fixes only that issue, don’t look for a package release on that
as it’s already fixed in these packages. If additional issues are
fixed, then there will be new packages. Basically, if upstream
un-EOLs this for a good reason, so will we.

Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/mozilla-1.7.13-i486-1.tgz: Upgraded to
mozilla-1.7.13.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla

This release marks the end-of-life of the Mozilla 1.7.x series:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
Mozilla Corporation is recommending that users think about
migrating to Firefox and Thunderbird.
(* Security fix *)
+————————–+

Where to find the new
packages:

Updated packages for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.13-i486-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz

Updated packages for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.13-i486-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz

Updated package for Slackware 10.2:

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-1.7.13-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.13-i486-1.tgz

MD5 signatures:

Slackware 10.0 packages:
68854f3ff3df3abe499554a09f5936e8 mozilla-1.7.13-i486-1.tgz
506940dd673f5f199f8b829581f70c03
mozilla-plugins-1.7.13-noarch-1.tgz

Slackware 10.1 packages:
54066af072c28489efaf080ad6751936 mozilla-1.7.13-i486-1.tgz
2296ff82e5b753f5d43da07d46850481
mozilla-plugins-1.7.13-noarch-1.tgz

Slackware 10.2 package:
ac7d2d23a475418fdf29d4c0f70929da mozilla-1.7.13-i486-1.tgz

Slackware -current package:
bc5f54cf5af6a2917c751699b06391a0 mozilla-1.7.13-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg mozilla-1.7.13-i486-1.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Ubuntu Linux

Ubuntu Security Notice USN-272-1 April 24, 2006
cyrus-sasl2 vulnerability
CVE-2006-1721

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libsasl2-modules-gssapi-heimdal

The problem can be corrected by upgrading the affected package
to version 2.1.19-1.3ubuntu0.1 (for Ubuntu 4.10),
2.1.19-1.5ubuntu1.1 (for Ubuntu 5.04), or 2.1.19-1.5ubuntu4.2 (for
Ubuntu 5.10). In general, a standard system upgrade is sufficient
to effect the necessary changes.

If you configured Postfix, OpenLDAP or possibly other server
applications to use SASL with the DIGEST-MD5 plugin, you need to
restart these services after the security upgrade.

Details follow:

A Denial of Service vulnerability has been discovered in the
SASL authentication library when using the DIGEST-MD5 plugin. By
sending a specially crafted realm name, a malicious SASL server
could exploit this to crash the application that uses SASL.

Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.diff.gz

Size/MD5: 31295
28e26e81bea870375a9044475339913f
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.dsc

Size/MD5: 1082
4131240372a9da4d2da02c9165d63bc8
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz

Size/MD5: 1531667
670f9a0c0a99cf09d679cd5c859a3715

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_amd64.deb

Size/MD5: 258820
86d5866babc1766104f4b66ab2fed360
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb

Size/MD5: 54526
6b723bbd20889704ca2cbd95067f151d
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb

Size/MD5: 54196
fd9c85128b607d7df0339033102363db
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb

Size/MD5: 52524
1ef5d455faa9f522ace1c7b06aff8ca0
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_amd64.deb