Advisories: April 4, 2005

Conectiva Linux
Debian GNU/Linux
Gentoo Linux
SUSE Linux
Ubuntu Linux

Conectiva Linux

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : MySQL
SUMMARY : Fixes for several mysql vulnerabilities
DATE : 2005-04-04 13:52:00
ID : CLA-2005:946
RELEVANT RELEASES : 9, 10

DESCRIPTION
MySQL[1] is a very popular SQL database.

This announcement fixes several vulnerabilities discovered in
MySQL:

1.CAN-2005-0709[2]
MySQL allowed remote authenticated users with INSERT and DELETE
privileges on ‘mysql’ administrative database to execute arbitrary
code by using CREATE FUNCTION to access libc calls.

2.CAN-2005-0710[3]
MySQL allowed remote authenticated users with INSERT and DELETE
privileges on ‘mysql’ administrative database to bypass library
path restrictions and execute arbitrary libraries by using INSERT
INTO to modify the mysql.func table, which is processed by the
udf_init function.

3.CAN-2005-0711[4]
MySQL used predictable file names when creating temporary tables,
which allowed local users with CREATE TEMPORARY TABLE privileges to
overwrite arbitrary files via a symlink attack.

SOLUTION
We recommend that all MySQL users upgrade their packages as soon as
possible.

IMPORTANT: after the upgrade at Conectiva Linux 9, the mysql
service must be restarted manually. In order to do that, run the
following command as root:

# /sbin/service mysql restart

REFERENCES
1.http://www.mysql.com/products/mysql/

2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709

3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710

4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/mysql-4.0.15-62448U10_2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-4.0.15-62448U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient-devel-static-4.0.15-62448U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/libmysqlclient12-4.0.15-62448U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-4.0.15-62448U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-bench-4.0.15-62448U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-client-4.0.15-62448U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/mysql-doc-4.0.15-62448U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/SRPMS/MySQL-3.23.58-20507U90_3cl.src.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-3.23.58-20507U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-bench-3.23.58-20507U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-client-3.23.58-20507U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-3.23.58-20507U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-devel-static-3.23.58-20507U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/MySQL-doc-3.23.58-20507U90_3cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Debian GNU/Linux

Debian Security Advisory DSA 704-1 security@debian.org
http://www.debian.org/security/
Martin Schulze April 4th, 2005 http://www.debian.org/security/faq

Package : remstats
Vulnerability : tempfile, missing input sanitising
Problem-Type : local, remote
Debian-specific: no
CVE IDs : CAN-2005-0387 CAN-2005-0388

Jens Steube discovered several vulnerabilities in remstats, the
remote statistics system. The Common Vulnerabilities and Exposures
Project identifies the following problems:

CAN-2005-0387

When processing uptime data on the unix-server a temporary file
is opened in an insecure fashion which could be used for a symlink
attack to create or overwrite arbitrary files with the permissions
of the remstats user.

CAN-2005-0388

The remoteping service can be exploited to execute arbitrary
commands due to missing input sanitising.

For the stable distribution (woody) these problems have been
fixed in version 1.00a4-8woody1.

For the unstable distribution (sid) these problems have been
fixed in version 1.0.13a-5.

We recommend that you upgrade your remstats packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4-8woody1.dsc

Size/MD5 checksum: 700 5efc205ed693b60a221482d34f806328

http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4-8woody1.diff.gz

Size/MD5 checksum: 18811 2aeb52cab7aad8a500a96d29b3930750

http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4.orig.tar.gz

Size/MD5 checksum: 918361 dd857cd7d66037ce068df01d22b4cee9

Architecture independent components:

http://security.debian.org/pool/updates/main/r/remstats/remstats-doc_1.00a4-8woody1_all.deb

Size/MD5 checksum: 171294 08f1461cfeff2282a1b573d329bb3ed1

http://security.debian.org/pool/updates/main/r/remstats/remstats-servers_1.00a4-8woody1_all.deb

Size/MD5 checksum: 73580 568da9f07f8e229245c32a8c9690fd4a

http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4-8woody1_all.deb

Size/MD5 checksum: 246540 5bae0a115c1fe653793df17d61eacdad

Alpha architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_alpha.deb

Size/MD5 checksum: 60664 761461ec410d5dac63378df866be6cad

ARM architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_arm.deb

Size/MD5 checksum: 48028 e1e45ef582d1a82cd76d16d09fc63c5b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_i386.deb

Size/MD5 checksum: 46094 daf29132eb3252d957d4517447f2cbae

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_ia64.deb

Size/MD5 checksum: 63346 dd6cfabb3329b80507b62d3b3d4f8b82

HP Precision architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_hppa.deb

Size/MD5 checksum: 49794 d9c9867d122221a0d99cdfa0a774e3dd

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_m68k.deb

Size/MD5 checksum: 45004 9a15c54ea425443dfa776bd61cff2c2a

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_mips.deb

Size/MD5 checksum: 50662 b79c01e63e63b0ca39016c69e81b75a1

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_mipsel.deb

Size/MD5 checksum: 50614 ca121e22f5cb4167a08a52fea2a4c7f0

PowerPC architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_powerpc.deb

Size/MD5 checksum: 48894 61528468c5735dda7a75439735cab676

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_s390.deb

Size/MD5 checksum: 47900 bc9b4cae98fce8dd9477d67625dda5fe

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_sparc.deb

Size/MD5 checksum: 52176 283ade4294f9f7dc751a038770035dd8

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 705-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 4th, 2005 http://www.debian.org/security/faq

Package : wu-ftpd
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE IDs : CAN-2005-0256 CAN-2003-0854

Several denial of service conditions have been discovered in
wu-ftpd, the popular FTP daemon. The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2005-0256

Adam Zabrocki discovered a denial of service condition in
wu-ftpd that could be exploited by a remote user and cause the
server to slow down the server by resource exhaustion.

CAN-2003-0854

Georgi Guninski discovered that /bin/ls may be called from
within wu-ftpd in a way that will result in large memory
consumption and hence slow down the server.

For the stable distribution (woody) these problems have been
fixed in version 2.6.2-3woody5.

For the unstable distribution (sid) these problems have been
fixed in version 2.6.2-19.

We recommend that you upgrade your wu-ftpd package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5.dsc

Size/MD5 checksum: 607 78463b3882e0d32102344bb0580e0d98

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5.diff.gz

Size/MD5 checksum: 101661 967b719c02892c867ad0d6456a5dd47a

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2.orig.tar.gz

Size/MD5 checksum: 354784 b3c271f02aadf663b8811d1bff9da3f6

Architecture independent components:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_2.6.2-3woody5_all.deb

Size/MD5 checksum: 3484 cc6ee1aeb156077af311870f095840ab

Alpha architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_alpha.deb

Size/MD5 checksum: 292630 c164f9f2d0ae5d70587ca49ddbe543b4

ARM architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_arm.deb

Size/MD5 checksum: 265840 c86cdbc78969f755dce0facce4a1f882

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_i386.deb

Size/MD5 checksum: 255216 504af14aec48191405c08a56845d330b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_ia64.deb

Size/MD5 checksum: 321932 ced4192d937ccedfa5a7ab2e9e77c378

HP Precision architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_hppa.deb

Size/MD5 checksum: 276624 4a1b5b6115ed1d93206c9787e8d37038

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_m68k.deb

Size/MD5 checksum: 249810 e873e950d3b234a7854ee0e4810783f5

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_mips.deb

Size/MD5 checksum: 273426 364c07d6a21f8aab43b3841ce98df8c6

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_mipsel.deb

Size/MD5 checksum: 273568 4e51f44342035b6ecafc624b1a6c06f3

PowerPC architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_powerpc.deb

Size/MD5 checksum: 268816 4072fbbb73bd8013b9a191f3aa7bd778

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_s390.deb

Size/MD5 checksum: 263638 d86fc84ab2974a80fd7407d826d8b003

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_sparc.deb

Size/MD5 checksum: 270784 1110401bccc9035cc1b30eb8146aee18

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200504-03

http://security.gentoo.org/

Severity: Low
Title: Dnsmasq: Poisoning and Denial of Service vulnerabilities
Date: April 04, 2005
Bugs: #86718
ID: 200504-03

Synopsis

Dnsmasq is vulnerable to DNS cache poisoning attacks and a
potential Denial of Service from the local network.

Background

Dnsmasq is a lightweight and easily-configurable DNS forwarder
and DHCP server.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

  1  net-dns/dnsmasq       < 2.22                              >= 2.22

Description

Dnsmasq does not properly detect that DNS replies received do
not correspond to any DNS query that was sent. Rob Holland of the
Gentoo Linux Security Audit team also discovered two off-by-one
buffer overflows that could crash DHCP lease files parsing.

Impact

A remote attacker could send malicious answers to insert
arbitrary DNS data into the Dnsmasq cache. These attacks would in
turn help an attacker to perform man-in-the-middle and site
impersonation attacks. The buffer overflows might allow an attacker
on the local network to crash Dnsmasq upon restart.

Workaround

There is no known workaround at this time.

Resolution

All Dnsmasq users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.22"

References

[ 1 ] Dnsmasq Changelog

http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

SUSE Linux

SUSE Security Announcement

Package: kernel
Announcement-ID: SUSE-SA:2005:021
Date: Mon, 04 Apr 2005 12:00:00 +0000
Affected products: 8.2, 9.0, 9.2 SUSE Linux Desktop 1.0 SUSE Linux
Enterprise Server 8
Vulnerability Type: local privilege escalation
Severity (1-10): 6
SUSE default package: yes
Cross References: CAN-2005-0750

Content of this advisory:

security vulnerability resolved: local root exploit in
bluetooth network stack problem description
solution/workaround
special instructions and notes
package location and checksums
pending vulnerabilities, solutions, workarounds: See SUSE
Security Summary Report.
standard appendix (further information)

1) problem description, brief discussion

This Linux kernel security update fixes a problem within the
Bluetooth kernel stack which can be used by a local attacker to
gain root access or crash the machine.

To exploit this problem, the Bluetooth modules do not need to be
loaded since they are auto loaded on demand (except in products
mentioned below).

This problem has been assigned the Mitre CVE ID
CAN-2005-0750.

Updated packages have been provided for the default affected
products:

SUSE Linux 8.2, 9.0 and 9.2 (both i386 and x86_64) – SUSE Linux
Enterprise Server 8 (i386, ia64 and x86_64) – SUSE Linux Desktop
1.0

Other architectures do not have Bluetooth enabled. Also SUSE
Linux 9.1, SUSE Linux Enterprise Server 9 and Novell Linux Desktop
9 are not affected by default since the Bluetooth module is not
auto loaded. These will get the patch with the next security
update.

2) solution/workaround

Please install the updated packages.

A workaround is to disable Bluetooth by using:

Remove or move away the bluetooth core module.
On 2.6 kernels this is the file:
/lib/modules/<kernel
version>/kernel/net/bluetooth/bluetooth.ko

On 2.4 kernels this is the file:
/lib/modules/<kernel
version>/kernel/net/bluetooth/bluez.o
Disable auto load of the bluetooth protocol module by
commenting out the line:
alias net-pf-31 bluez
in /etc/modules.conf (2.4 systems) or the line:
alias net-pf-31 bluetooth

in /etc/modprobe.conf (2.6 systems).

Make sure the module is not loaded, or run “rmmod bluetooth” /
“rmmod bluez”.

3) special instructions and notes

SPECIAL INSTALL INSTRUCTIONS:

The following paragraphs will guide you through the installation
process in a step-by-step fashion. The character sequence “****”
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable to
your situation.
Therefore, please make sure to read through all of the steps below
before attempting any of these procedures. All of the commands that
need to be executed are required to be run as the superuser (root).
Each step relies on the steps before it to complete successfully.

Step 1: Determine the needed kernel type
Please use the following command to find the kernel type that is
installed on your system:

rpm -qf /boot/vmlinuz

Following are the possible kernel types (disregard the version
and build number following the name separated by the “-”
character)

k_deflt # default kernel, good for most systems. k_i386 # kernel
for older processors and chip sets k_athlon # kernel made
specifically for AMD Athlon(tm) family processors k_psmp # kernel
for Pentium-I dual processor systems k_smp # kernel for SMP systems
(Pentium-II and above) k_smp4G # kernel for SMP systems which
supports a maximum of 4G of RAM kernel-64k-pagesize kernel-bigsmp
kernel-default kernel-smp
Step 2: Download the package for your system
Please download the kernel RPM package for your distribution
with the name as indicated by Step 1. The list of all kernel rpm
packages is appended below. Note: The kernel-source package does
not contain a binary kernel in bootable form. Instead, it contains
the sources that the binary kernel rpm packages are created from.
It can be used by administrators who have decided to build their
own kernel. Since the kernel-source.rpm is an installable
(compiled) package that contains sources for the linux kernel, it
is not the source RPM for the kernel RPM binary packages.

The kernel RPM binary packages for the distributions can be
found at the locations below ftp://ftp.suse.com/pub/suse/i386/update/.

8.2/rpm/i586
9.0/rpm/i586
9.1/rpm/i586
9.2/rpm/i586

After downloading the kernel RPM package for your system, you
should verify the authenticity of the kernel rpm package using the
methods as listed in section 3) of each SUSE Security
Announcement.
Step 3: Installing your kernel rpm package
Install the rpm package that you have downloaded in Steps 3 or 4
with the command

rpm -Uhv –nodeps –force <K_FILE.RPM>
where <K_FILE.RPM> is the name of the rpm package that you
downloaded.

Warning: After performing this step, your system will likely not
be able to boot if the following steps have not been fully
followed.
Step 4: configuring and creating the initrd
The initrd is a ramdisk that is loaded into the memory of your
system together with the kernel boot image by the bootloader. The
kernel uses the content of this ramdisk to execute commands that
must be run before the kernel can mount its actual root filesystem.
It is usually used to initialize SCSI drivers or NIC drivers for
diskless operation.

The variable INITRD_MODULES in /etc/sysconfig/kernel determines
which kernel modules will be loaded in the initrd before the kernel
has mounted its actual root filesystem. The variable should contain
your SCSI adapter (if any) or filesystem driver modules.

With the installation of the new kernel, the initrd has to be
re-packed with the update kernel modules. Please run the
command

mk_initrd

as root to create a new init ramdisk (initrd) for your system.
On SuSE Linux 8.1 and later, this is done automatically when the
RPM is installed.
Step 5: bootloader
If you run a SUSE LINUX 8.x, SLES8, or SUSE LINUX 9.x system,
there are two options:
Depending on your software configuration, you have either the lilo
bootloader or the grub bootloader installed and initialized on your
system.
The grub bootloader does not require any further actions to be
performed after the new kernel images have been moved in place by
the rpm Update command.
If you have a lilo bootloader installed and initialized, then the
lilo program must be run as root. Use the command

grep LOADER_TYPE /etc/sysconfig/bootloader

to find out which boot loader is configured. If it is lilo, then
you must run the lilo command as root. If grub is listed, then your
system does not require any bootloader initialization.

Warning: An improperly installed bootloader may render your
system

unbootable.
Step 6: reboot
If all of the steps above have been successfully completed on
your system, then the new kernel including the kernel modules and
the initrd should be ready to boot. The system needs to be rebooted
for the changes to become active. Please make sure that all steps
have completed, then reboot using the command

shutdown -r now
or

init 6

Your system should now shut down and reboot with the new
kernel.

4) package location and checksums

Please download the update package for your distribution and
verify its integrity by the methods listed in section 3) of this
announcement. Then, install the package using the command “rpm -Fhv
file.rpm” to apply the update.
Our maintenance customers are being notified individually. The
packages are being offered to install from the maintenance web.

x86 Platform:

x86-64 Platform:

SUSE Linux 9.0:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-286.x86_64.rpm
494a414468b1b4ab035610b749f8c7fa

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-286.x86_64.rpm
d60ae1bf9a4fdfcf0d2adfc15dbecf2b

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kernel-source-2.4.21-286.x86_64.rpm
b2575d169b38f1058176874919dbbb63 source rpm(s):

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_deflt-2.4.21-286.src.rpm
b9a11390529505e1c824bdea4d5eecec

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_smp-2.4.21-286.src.rpm
562198014fbdf598f131510cefe14d47

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/kernel-source-2.4.21-286.src.rpm
99e2df1ec59dfa89c18077465cd63660

5) Pending vulnerabilities in SUSE Distributions and
Workarounds:

See SUSE Security Summary Report.

6) standard appendix: authenticity verification, additional
information

Package authenticity verification:
SUSE update packages are available on many mirror ftp servers
all over the world. While this service is being considered valuable
and important to the free and open source software community, many
users wish to be sure about the origin of the package and its
content before installing the package. There are two verification
methods that can be used independently from each other to prove the
authenticity of a downloaded file or rpm package:
1. md5sums as provided in the (cryptographically signed)
  announcement.
2. using the internal gpg signatures of the rpm package.
3. execute the command md5sum <name-of-the-file.rpm> after
  you downloaded the file from a SUSE ftp server or its mirrors.
  Then, compare the resulting md5sum with the one that is listed in
  the announcement. Since the announcement containing the checksums
  is cryptographically signed (usually using the key security@suse.de), the checksums show
  proof of the authenticity of the package. We disrecommend to
  subscribe to security lists which cause the email message
  containing the announcement to be modified so that the signature
  does not match after transport through the mailing list software.
  Downsides: You must be able to verify the authenticity of the
  announcement in the first place. If RPM packages are being rebuilt
  and a new version of a package is published on the ftp server, all
  md5 sums for the files are useless.
4. rpm package signatures provide an easy way to verify the
  authenticity of an rpm package. Use the command rpm -v –checksig
  <file.rpm> to verify the signature of the package, where
  <file.rpm> is the filename of the rpm package that you have
  downloaded. Of course, package authenticity verification can only
  target an un-installed rpm package file. Prerequisites:
  1. gpg is installed
  2. The package is signed using a certain key. The public part of
    this key must be installed by the gpg program in the directory
    ~/.gnupg/ under the user’s home directory who performs the
    signature verification (usually root). You can import the key that
    is used by SUSE in rpm packages for SUSE Linux by saving this
    announcement to a file (“announcement.txt”) and running the command
    (do “su -” to be root): gpg –batch; gpg < announcement.txt |
    gpg –import SUSE Linux distributions version 7.1 and thereafter
    install the key “build@suse.de”
    upon installation or upgrade, provided that the package gpg is
    installed. The file containing the public key is placed at the
    top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de
    .
SUSE runs two security mailing lists to which any interested
party may subscribe:
suse-security@suse.com
general/linux/SUSE security discussion. All SUSE security
announcements are sent to this list. To subscribe, send an email to
<suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
SUSE’s announce-only mailing list. Only SUSE’s security
announcements are sent to this list. To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (faq)
send mail to:

<suse-security-info@suse.com>
or <suse-security-faq@suse.com>
respectively.

SUSE’s security contact is <security@suse.com> or
<security@suse.de>.
@suse.de>.

The <security@suse.de> public key is
listed below.

The information in this advisory may be distributed or
reproduced, provided that the advisory is not modified in any way.
In particular, it is desired that the clear-text signature shows
proof of the authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with
respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Ubuntu Linux

Ubuntu Security Notice USN-104-1 April 04, 2005
sharutils vulnerability
https://bugzilla.ubuntu.com/show_bug.cgi?id=8459

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

sharutils

The problem can be corrected by upgrading the affected package
to version 1:4.2.1-10ubuntu0.2. In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

Joey Hess discovered that “unshar” created temporary files in an
insecure manner. This could allow a symbolic link attack to create
or overwrite arbitrary files with the privileges of the user
invoking the program.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2.diff.gz

Size/MD5: 8181 7135804300d9a381cfebc2133e7239c2

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2.dsc

Size/MD5: 634 1a16efd9010325d369909b608fb59597

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1.orig.tar.gz

Size/MD5: 306022 b8ba1d409f07edcb335ff72a27bd9828

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils-doc_4.2.1-10ubuntu0.2_all.deb

Size/MD5: 28000 56cd083b2fbc3e689cb157a59c760f52

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2_amd64.deb

Size/MD5: 113908 801afa19d2f272d22f7d13f5efb0a51a

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2_i386.deb

Size/MD5: 110766 2d3e74efceff274a2bb4a17b3c4702b1

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2_powerpc.deb

Size/MD5: 112656 1ce41914dde0c8d548f6bcc2d3a8fbd8

Advisories: April 4, 2005

Conectiva Linux

Debian GNU/Linux

Gentoo Linux

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

SUSE Linux

SPECIAL INSTALL INSTRUCTIONS:

Ubuntu Linux

Web Webster

Recommended for you...

Company

Categories