Home Security

Advisories: August 30, 2005

By

August 31, 2005

Debian GNU/Linux

Debian Security Advisory DSA 790-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 30th, 2005 http://www.debian.org/security/faq

Package : phpldapadmin
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2654
Debian Bug : 322423

Alexander Gerasiov discovered that phpldapadmin, a web based
interface for administering LDAP servers, allows anybody to access
the LDAP server anonymously, even if this is disabled in the
configuration with the “disable_anon_bind” statement.

The old stable distribution (woody) is not vulnerable to this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 0.9.5-3sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 0.9.6c-5.

We recommend that you upgrade your phpldapadmin package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.dsc

Size/MD5 checksum: 619
d6da0a97614965ba396e3ca4079ddabb
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.diff.gz

Size/MD5 checksum: 11564
543a7a99fb997976bbdaa51056e85d4f
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5.orig.tar.gz

Size/MD5 checksum: 617707
fb0669d4c4b88573875555aef2630de8

Architecture independent components:

http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2_all.deb

Size/MD5 checksum: 616852
2ea5bc2d2f2eb0736f75cc8b48618842

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 791-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 30th, 2005 http://www.debian.org/security/faq

Package : maildrop
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2005-2655
Debian Bug : 325135

Max Vozeler discoveredt hat the lockmail program from maildrop,
a simple mail delivery agent with filtering abilities, does not
drop group privileges before executing commands given on the
commandline, allowing an attacker to execute arbitrary commands
under with group mail privileges.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 1.5.3-1.1sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 1.5.3-2.

We recommend that you upgrade your maildrop package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.dsc

Size/MD5 checksum: 596
e76d7a43dde5122dbabd21b994a32f2f
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.diff.gz

Size/MD5 checksum: 22819
3ec43b768cfb2c8b006c5c4a381afc3b
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3.orig.tar.gz

Size/MD5 checksum: 1009174
5c7727ddff120a339fb9658d6c553462

Alpha architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_alpha.deb

Size/MD5 checksum: 363330
5aa987d64b2d28961fb2b1e65b865ea3

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_amd64.deb

Size/MD5 checksum: 329170
29e4ae76fce86fa5c7b17be3fc06b07f

ARM architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_arm.deb

Size/MD5 checksum: 305936
c99c08496e5aa6f4e48f3cead6cd1041

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_i386.deb

Size/MD5 checksum: 315316
45a21b635d79fd783a6a4b2ea8eeb0fb

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_ia64.deb

Size/MD5 checksum: 405646
c2be65e5af7085deafd4c332d624f9b5

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_hppa.deb

Size/MD5 checksum: 348108
400ddf8ee844b685e683893de2bc7186

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_m68k.deb

Size/MD5 checksum: 294932
72e7e31ec6408f5a00012141718666d6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mips.deb

Size/MD5 checksum: 348182
f66f3863c068e3f3897ee531f242f4ea

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mipsel.deb

Size/MD5 checksum: 348002
6b8b8047154a4aae6ae4a08a26c328a4

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_powerpc.deb

Size/MD5 checksum: 326702
0b5a94cede67887ce474ca37cd48da54

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_s390.deb

Size/MD5 checksum: 321620
d7c3b3acc5445e5ca53cf9986a837d81

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_sparc.deb

Size/MD5 checksum: 307994
0ca7e53ae93ba472527eedda1d92490f

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2005-822
2005-08-29

Product : Fedora Core 4
Name : dbus
Version : 0.33
Release : 3.fc4.1
Summary : D-BUS message bus

Description :

D-BUS is a system for sending messages between applications. It
is used both for the systemwide message bus service, and as a
per-user-login-session messaging facility.

Mon Aug 29 2005 John (J5) Palmieri <johnp@redhat.com> –
0.33-3.fc4.1
- add patch from 0.2x series that fixes an exploit where users
  can attach to another user’s session bus (CAN-2005-0201)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

a5f7ec019ae83d8ba7bc34ad5e455b1f
SRPMS/dbus-0.33-3.fc4.1.src.rpm
b18b22127961fdfffe5361a408a8a3a1 ppc/dbus-0.33-3.fc4.1.ppc.rpm
8e3fa6f831df2888842035c2272573f4
ppc/dbus-devel-0.33-3.fc4.1.ppc.rpm
989d3af37848d07a11fe85af05729cfe
ppc/dbus-glib-0.33-3.fc4.1.ppc.rpm
6aba9846ef9ed05e276a73570ba9250b
ppc/dbus-x11-0.33-3.fc4.1.ppc.rpm
a51431b65a5a7dc389ab1b680f93d22b
ppc/dbus-python-0.33-3.fc4.1.ppc.rpm
e4f117cea0d30e1c6cc475ae1b168740
ppc/debug/dbus-debuginfo-0.33-3.fc4.1.ppc.rpm
84823a401d47631f95dac20d76b49aaf
ppc/dbus-0.33-3.fc4.1.ppc64.rpm
863a61e3a5a69682bbb72a603c5f4228
ppc/dbus-glib-0.33-3.fc4.1.ppc64.rpm
1900b51f1a622fca3677ccf33fee8712
x86_64/dbus-0.33-3.fc4.1.x86_64.rpm
e469ec09a5df40b99f6a5e592723bcb2
x86_64/dbus-devel-0.33-3.fc4.1.x86_64.rpm
5609ebfc1844fa3d4fd82772dd055709
x86_64/dbus-glib-0.33-3.fc4.1.x86_64.rpm
8a232308c032cd5b7b3d798aa7e18339
x86_64/dbus-x11-0.33-3.fc4.1.x86_64.rpm
b82c3f4720c867dc88202c8f58ac65f4
x86_64/dbus-python-0.33-3.fc4.1.x86_64.rpm
429984bab7e596546906e95bfd9698ea
x86_64/debug/dbus-debuginfo-0.33-3.fc4.1.x86_64.rpm
ccc0b77a02f0586dbf1acf1adc81e019
x86_64/dbus-0.33-3.fc4.1.i386.rpm
0f3a59c3f02f5b2f7097989ebfa7b41a
x86_64/dbus-glib-0.33-3.fc4.1.i386.rpm
ccc0b77a02f0586dbf1acf1adc81e019
i386/dbus-0.33-3.fc4.1.i386.rpm
ce7293f13fadcfd3b71c2bd1989c3eaa
i386/dbus-devel-0.33-3.fc4.1.i386.rpm
0f3a59c3f02f5b2f7097989ebfa7b41a
i386/dbus-glib-0.33-3.fc4.1.i386.rpm
04e3b4b44f14b21d5b5ce95313ee25ad
i386/dbus-x11-0.33-3.fc4.1.i386.rpm
b00faaa5e17a85defadb884b3dcfdf30
i386/dbus-python-0.33-3.fc4.1.i386.rpm
99f4db31da2d4ab69878127151deab3b
i386/debug/dbus-debuginfo-0.33-3.fc4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200508-19

http://security.gentoo.org/

Severity: Normal
Title: lm_sensors: Insecure temporary file creation
Date: August 30, 2005
Bugs: #103568
ID: 200508-19

Synopsis

lm_sensors is vulnerable to linking attacks, potentially
allowing a local user to overwrite arbitrary files.

Background

lm_sensors is a software package that provides drivers for
monitoring the temperatures, voltages, and fans of Linux systems
with hardware monitoring devices.

Affected packages

     Package              /  Vulnerable  /                  Unaffected

  1  sys-apps/lm_sensors     < 2.9.1-r1                    >= 2.9.1-r1

Description

Javier Fernandez-Sanguino Pena has discovered that lm_sensors
insecurely creates temporary files with predictable filenames when
saving configurations.

Impact

A local attacker could create symbolic links in the temporary
file directory, pointing to a valid file somewhere on the
filesystem. When the pwmconfig script of lm_sensors is executed,
this would result in the file being overwritten with the rights of
the user running the script, which typically is the root user.

Workaround

There is no known workaround at this time.

Resolution

All lm_sensors users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-apps/lm_sensors-2.9.1-r1"

References

[ 1 ] CAN-2005-2672

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-19.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200508-20

http://security.gentoo.org/

Severity: High
Title: phpGroupWare: Multiple vulnerabilities
Date: August 30, 2005
Bugs: #102379
ID: 200508-20

Synopsis

phpGroupWare is vulnerable to multiple issues ranging from
information disclosure to a potential execution of arbitrary
code.

Background

phpGroupWare is a multi-user groupware suite written in PHP.

Affected packages

     Package                /   Vulnerable   /              Unaffected

  1  www-apps/phpgroupware     < 0.9.16.008              >= 0.9.16.008

Description

phpGroupWare improperly validates the “mid” parameter retrieved
via a forum post. The current version of phpGroupWare also adds
several safeguards to prevent XSS issues, and disables the use of a
potentially vulnerable XML-RPC library.

Impact

A remote attacker may leverage the XML-RPC vulnerability to
execute arbitrary PHP script code. He could also create a specially
crafted request that will reveal private posts.

Workaround

There is no known workaround at this time.

Resolution

All phpGroupWare users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"

References

[ 1 ] CAN-2005-2498

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2498

[ 2 ] CAN-2005-2600

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2600

[ 3 ] Secunia Advisory SA16414

http://secunia.com/advisories/16414

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Slackware Linux

[slackware-security] PCRE library (SSA:2005-242-01)

New PCRE packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, and -current to fix a security issue. A buffer overflow
could be triggered by a specially crafted regular expression. Any
applications that use PCRE to process untrusted regular expressions
may be exploited to run arbitrary code as the user running the
application.

The PCRE library is also provided in an initial installation by
the aaa_elflibs package, so if your system has a
/usr/lib/libpcre.so.0 symlink, then you should install this updated
package even if the PCRE package itself is not installed on the
system.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/pcre-6.3-i486-1.tgz: Upgraded to pcre-6.3.
This fixes a buffer overflow that could be triggered by the
processing of a specially crafted regular expression. Theoretically
this could be a security issue if regular expressions are accepted
from untrusted users to be processed by a user with greater
privileges, but this doesn’t seem like a common scenario (or, for
that matter, a good idea). However, if you are using an application
that links to the shared PCRE library and accepts outside input in
such a manner, you will want to update to this new package. For
more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

(* Security fix *)
+————————–+

Where to find the new
packages:

Updated package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/pcre-6.3-i386-1.tgz

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/pcre-6.3-i386-1.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/pcre-6.3-i486-1.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/pcre-6.3-i486-1.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/pcre-6.3-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/pcre-6.3-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
6d4ea9a84341297ebb86a3d218ee6520 pcre-6.3-i386-1.tgz

Slackware 9.0 package:
539769e82bb6e03db449f4154d557e36 pcre-6.3-i386-1.tgz

Slackware 9.1 package:
bb49c4be6ba9c8ed19d4be7997da065a pcre-6.3-i486-1.tgz

Slackware 10.0 package:
591c6fce5c0084f668bab1ea3ada4ebe pcre-6.3-i486-1.tgz

Slackware 10.1 package:
8f5f604fd35876d397d4e2d4e4fe83a1 pcre-6.3-i486-1.tgz

Slackware -current package:
c699044b38a70720439ace1097e84013 pcre-6.3-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg pcre-6.3-i486-1.tgz

Then, restart any applications that use the PCRE library.

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] PHP (SSA:2005-242-02)

New PHP packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, and -current to fix security issues. PHP has been
relinked with the shared PCRE library to fix an overflow issue with
PHP’s builtin PRCE code, and PEAR::XMLRPC has been upgraded to
version 1.4.0 which eliminates the eval() function. The eval()
function is believed to be insecure as implemented, and would be
difficult to secure.

Note that these new packages now require that the PCRE package
be installed, so be sure to get the new package from the
patches/packages/ directory if you don’t already have it. A new
version of this (6.3) was also issued today, so be sure that is the
one you install.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/php-4.3.11-i486-3.tgz: Relinked with the system
PCRE library, as the builtin library has a buffer overflow that
could be triggered by the processing of a specially crafted regular
expression.
Note that this change requires the pcre package to be installed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of
the insecure eval() function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
+————————–+

Where to find the new
packages:

Updated package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.11-i386-4.tgz

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.11-i386-4.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.11-i486-4.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/php-4.3.11-i486-3.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/php-4.3.11-i486-3.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.0-i486-3.tgz

MD5 signatures:

Slackware 8.1 package:
06ae1e8f982f2c8142194eb4691cb2c0 php-4.3.11-i386-4.tgz

Slackware 9.0 package:
41d878638bca9f1fd13086ab1c3b5528 php-4.3.11-i386-4.tgz

Slackware 9.1 package:
28c5d2d4a1f16ff7656606962b6c05b5 php-4.3.11-i486-4.tgz

Slackware 10.0 package:
da1920c127a633a38efc49035307f069 php-4.3.11-i486-3.tgz

Slackware 10.1 package:
5f7efa91b92ca0239b6dc413a2cc6a41 php-4.3.11-i486-3.tgz

Slackware -current package:
e60c975944a7ee9709819918d65d4699 php-4.4.0-i486-3.tgz

Installation instructions:

First, stop apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-4.3.11-i486-3.tgz

Finally, restart apache:
# apachectl start (or: apachectl startssl)

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] gaim (SSA:2005-242-03)

New gaim packages are available for Slackware 9.0, 9.1, 10.0,
10.1, and -current to fix some security issues. including:

AIM/ICQ away message buffer overflow
AIM/ICQ non-UTF-8 filename crash
Gadu-Gadu memory alignment bug

Sites that use GAIM should upgrade to the new version.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0.
This fixes some more security issues. For more information,
see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370

(* Security fix *)
+————————–+

Where to find the new
packages:

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gaim-1.5.0-i386-1.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-1.5.0-i486-1.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-1.5.0-i486-1.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gaim-1.5.0-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-1.5.0-i486-1.tgz

MD5 signatures:

Slackware 9.0 package:
676bad766cfddb50c7453554d66b1748 gaim-1.5.0-i386-1.tgz

Slackware 9.1 package:
d2cc0baba627ba9dbf3f218bdeacc630 gaim-1.5.0-i486-1.tgz

Slackware 10.0 package:
98d55471ed0a2f9def7fcded90860839 gaim-1.5.0-i486-1.tgz

Slackware 10.1 package:
bc6891f4acb22530c472218f5d9493fb gaim-1.5.0-i486-1.tgz

Slackware -current package:
b9a55d4359183b81e1150bea6e13b61e gaim-1.5.0-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg gaim-1.5.0-i486-1.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

SUSE Linux

SUSE Security Announcement

Package: pcre
Announcement ID: SUSE-SA:2005:048
Date: Tue, 30 Aug 2005 15:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3 SUSE Linux Desktop 1.0 SUSE
Linux Enterprise Server 8, 9 Novell Linux Desktop 9
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CAN-2005-2491

Content of This Advisory:

Security Vulnerability Resolved: pcre integer overflow security
problem Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds: none
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

A vulnerability was found in the PCRE regular expression
handling library which allows an attacker to crash or overflow a
buffer in the program by specifying a special regular
expression.

Since this library is used in a large number of packages,
including apache2, php4, exim, postfix and similar, a remote attack
could be possible.

This is tracked by the Mitre CVE ID CAN-2005-2491.

2) Solution or Work-Around

Install the updated packages.

3) Special Instructions and Notes

Please make sure you restart services linked against the pcre
library (apache, exim, postfix).

4) Package Location and Checksums

The preferred method for installing security updates is to use
the YaST Online Update (YOU) tool. YOU detects which updates are
required and automatically performs the necessary steps to verify
and install them. Alternatively, download the update packages for
your distribution manually and verify their integrity by the
methods listed in Section 6 of this announcement. Then install the
packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.

Our maintenance customers are notified individually. The
packages are offered for installation from the maintenance web.

x86 Platform:

SUSE Linux 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pcre-5.0-3.2.i586.rpm
ccc4711c80659d57a7d06754d577a33c
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pcre-devel-5.0-3.2.i586.rpm
18ad1553287682ad09b2412dd038c5c5
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-32bit-9.3-7.1.x86_64.rpm
0246d39b1aa7bbfa8872a4f841d2842f

SUSE Linux 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/pcre-4.5-2.2.i586.rpm
d1c4af6faceecbbc028c5c5b32cd46bd
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/pcre-devel-4.5-2.2.i586.rpm
276ecc193b12cf20e5ac1e2be2e9484c
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-32bit-9.2-200508260320.x86_64.rpm
107c8c3ac5218348e89cc5d6a235f34d

SUSE Linux 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/pcre-4.4-109.4.i586.rpm
0330a3dd845c33bd460851e13abdcb01
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/pcre-devel-4.4-109.4.i586.rpm
ca1722d18e465cce1e6be5fc69a97586
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/pcre-32bit-9.1-200508261306.i586.rpm
2933451df49a408b53d9d2628fd74d38 source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/pcre-4.4-109.4.src.rpm
131e5f816d7f9e6e8536416e574a2e07

SUSE Linux 9.0:
   ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/pcre-4.4-112.i586.rpm
7f6492b3fdd2e9cf9ff104c7ef366fd2
   ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/pcre-devel-4.4-112.i586.rpm
c1e36f246764869a672f3e69c879a976
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/i586/pcre-32bit-9.0-5.i586.rpm
7e4d12f5af0bc2a68d21a8d72ccb1d37 source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/pcre-4.4-112.src.rpm
367ad88cdd0c0ec060992312e96a9997

x86-64 Platform:

SUSE Linux 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-5.0-3.2.x86_64.rpm
36c7d2b3713c27c79292a7637443a285
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-devel-5.0-3.2.x86_64.rpm
db8e83e2867c3d2f713a43705b655ffe source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/pcre-5.0-3.2.src.rpm
b4d17fa6f1f4359196b04495a7d6fb19

SUSE Linux 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-4.5-2.2.x86_64.rpm
dcaeeb4225fb820c85927dd2104c9f9f
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-devel-4.5-2.2.x86_64.rpm
bcbcb9ec334e1a8896ca29b3c10a5a72 source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/pcre-4.5-2.2.src.rpm
096c4732ffd1c34e424ee62b86fcb741

SUSE Linux 9.1:
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/pcre-4.4-109.4.x86_64.rpm
167f6794525cdb24cc6d0fe16c7d3baf
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/pcre-devel-4.4-109.4.x86_64.rpm
a1a105c4c60d7c2e0745d6d81b24afef source rpm(s):
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/pcre-4.4-109.4.src.rpm
4186754b93b1e2856d2dbb83be5fb6f5

SUSE Linux 9.0:
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/pcre-4.4-112.x86_64.rpm
0884bc87e09d1607e80d98ab7c898549
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/pcre-devel-4.4-112.x86_64.rpm
a336cf08fe6b8e4818480304bd63cfb6 source rpm(s):
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/pcre-4.4-112.src.rpm
308b513ff579695f0292b881d7022f8f

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

none

6) Authenticity Verification and Additional Information

Announcement authenticity verification:
SUSE security announcements are published via mailing lists and
on Web sites. The authenticity and integrity of a SUSE security
announcement is guaranteed by a cryptographic signature in each
announcement. All SUSE security announcements are published with a
valid signature.

To verify the signature of the announcement, save it as text
into a file and run the command

gpg –verify <file>

replacing <file> with the name of the file where you saved
the announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from “SuSE Security Team <security@suse.de>”

where <DATE> is replaced by the date the document was
signed.

If the security team’s key is not contained in your key ring,
you can import it from the first installation CD. To import the
key, use the command

gpg –import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers
all over the world. While this service is considered valuable and
important to the free and open source software community, the
authenticity and the integrity of a package needs to be verified to
ensure that it has not been tampered with.

There are two verification methods that can be used
independently from each other to prove the authenticity of a
downloaded file or RPM package:
1. Using the internal gpg signatures of the rpm package
2. MD5 checksums as provided in this announcement
1. The internal rpm package signatures provide an easy way to
  verify the authenticity of an RPM package. Use the command
  
  rpm -v –checksig <file.rpm>
  
  to verify the signature of the package, replacing
  <file.rpm> with the filename of the RPM package downloaded.
  The package is unmodified if it contains a valid signature from
  build@suse.de with the key ID
  9C800ACA. This key is automatically imported into the RPM database
  (on RPMv4-based distributions) and the gpg key ring of ‘root’
  during installation. You can also find it on the first installation
  CD and at the end of this announcement.
2. If you need an alternative means of verification, use the
  md5sum
  
  command to verify the authenticity of the packages. Execute the
  command
  
  md5sum <filename.rpm>
  
  after you downloaded the file from a SUSE FTP server or its
  mirrors. Then compare the resulting md5sum with the one that is
  listed in the SUSE security announcement. Because the announcement
  containing the checksums is cryptographically signed (by security@suse.de), the checksums show
  proof of the authenticity of the package if the signature of the
  announcement is valid. Note that the md5 sums published in the SUSE
  Security Announcements are valid for the respective packages only.
  Newer versions of these packages cannot be verified.
SUSE runs two security mailing lists to which any interested
party may subscribe:

suse-security@suse.com
- General Linux and SUSE security discussion. All SUSE security
  announcements are sent to this list. To subscribe, send an e-mail
  to
  
  <suse-security-subscribe@suse.com>.
  
  suse-security-announce@suse.com
- SUSE’s announce-only mailing list. Only SUSE’s security
  announcements are sent to this list. To subscribe, send an e-mail
  to
  
  <suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info@suse.com>
or <suse-security-faq@suse.com>.

SUSE’s security contact is <security@suse.com> or
<security@suse.de>. The
<security@suse.de>
public key is listed below.

The information in this advisory may be distributed or
reproduced, provided that the advisory is not modified in any way.
In particular, the clear text signature should show proof of the
authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind
whatsoever with respect to the information contained in this
security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

SUSE Security Announcement

Package: php4, php5
Announcement ID: SUSE-SA:2005:049
Date: Tue, 30 Aug 2005 15:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3 SUSE Linux Enterprise Server
8, 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CAN-2005-2498 CAN-2005-2491

Content of This Advisory:

Security Vulnerability Resolved: Pear::XML_RPC code injection
problem, pcre integer overflow Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE
Security Summary Report.
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

This update fixes the following security issues in the PHP
scripting language.

Bugs in the PEAR::XML_RPC library allowed remote attackers to
pass arbitrary PHP code to the eval() function (CAN-2005-1921,
CAN-2005-2498).

The Pear::XML_RPC library is not used by default in SUSE Linux,
but might be used by third-party PHP applications.
A integer overflow bug was found in the PCRE (perl compatible
regular expression) library which could be used by an attacker to
potentially execute code. (CAN-2005-2491)

2) Solution or Work-Around

Please install the updated packages.

3) Special Instructions and Notes

Make sure you restart the web server using PHP after the
update.

4) Package Location and Checksums

The preferred method for installing security updates is to use
the YaST Online Update (YOU) tool. YOU detects which updates are
required and automatically performs the necessary steps to verify
and install them. Alternatively, download the update packages for
your distribution manually and verify their integrity by the
methods listed in Section 6 of this announcement. Then install the
packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.

Our maintenance customers are notified individually. The
packages are offered for installation from the maintenance web.

x86 Platform:

Complete Story

Previous articleZDNet: Commercial Open Source, A Misnomer?

Next articleKernelTrap: Tracking Kernel Usage

Advisories: August 30, 2005

Debian GNU/Linux

Fedora Core

Gentoo Linux

Slackware Linux

SUSE Linux

Get the Free Newsletter!

Must Read

Our Brands