---

Advisories: August 30, 2005

Debian GNU/Linux


Debian Security Advisory DSA 790-1 [email protected]
http://www.debian.org/security/
Martin Schulze
August 30th, 2005 http://www.debian.org/security/faq


Package : phpldapadmin
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2654
Debian Bug : 322423

Alexander Gerasiov discovered that phpldapadmin, a web based
interface for administering LDAP servers, allows anybody to access
the LDAP server anonymously, even if this is disabled in the
configuration with the “disable_anon_bind” statement.

The old stable distribution (woody) is not vulnerable to this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 0.9.5-3sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 0.9.6c-5.

We recommend that you upgrade your phpldapadmin package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.dsc

      Size/MD5 checksum: 619
d6da0a97614965ba396e3ca4079ddabb
    http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.diff.gz

      Size/MD5 checksum: 11564
543a7a99fb997976bbdaa51056e85d4f
    http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5.orig.tar.gz

      Size/MD5 checksum: 617707
fb0669d4c4b88573875555aef2630de8

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2_all.deb

      Size/MD5 checksum: 616852
2ea5bc2d2f2eb0736f75cc8b48618842

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 791-1 [email protected]
http://www.debian.org/security/
Martin Schulze
August 30th, 2005 http://www.debian.org/security/faq


Package : maildrop
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: yes
CVE ID : CAN-2005-2655
Debian Bug : 325135

Max Vozeler discoveredt hat the lockmail program from maildrop,
a simple mail delivery agent with filtering abilities, does not
drop group privileges before executing commands given on the
commandline, allowing an attacker to execute arbitrary commands
under with group mail privileges.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 1.5.3-1.1sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 1.5.3-2.

We recommend that you upgrade your maildrop package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.dsc

      Size/MD5 checksum: 596
e76d7a43dde5122dbabd21b994a32f2f
    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.diff.gz

      Size/MD5 checksum: 22819
3ec43b768cfb2c8b006c5c4a381afc3b
    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3.orig.tar.gz

      Size/MD5 checksum: 1009174
5c7727ddff120a339fb9658d6c553462

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_alpha.deb

      Size/MD5 checksum: 363330
5aa987d64b2d28961fb2b1e65b865ea3

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_amd64.deb

      Size/MD5 checksum: 329170
29e4ae76fce86fa5c7b17be3fc06b07f

ARM architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_arm.deb

      Size/MD5 checksum: 305936
c99c08496e5aa6f4e48f3cead6cd1041

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_i386.deb

      Size/MD5 checksum: 315316
45a21b635d79fd783a6a4b2ea8eeb0fb

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_ia64.deb

      Size/MD5 checksum: 405646
c2be65e5af7085deafd4c332d624f9b5

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_hppa.deb

      Size/MD5 checksum: 348108
400ddf8ee844b685e683893de2bc7186

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_m68k.deb

      Size/MD5 checksum: 294932
72e7e31ec6408f5a00012141718666d6

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mips.deb

      Size/MD5 checksum: 348182
f66f3863c068e3f3897ee531f242f4ea

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mipsel.deb

      Size/MD5 checksum: 348002
6b8b8047154a4aae6ae4a08a26c328a4

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_powerpc.deb

      Size/MD5 checksum: 326702
0b5a94cede67887ce474ca37cd48da54

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_s390.deb

      Size/MD5 checksum: 321620
d7c3b3acc5445e5ca53cf9986a837d81

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_sparc.deb

      Size/MD5 checksum: 307994
0ca7e53ae93ba472527eedda1d92490f

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-822
2005-08-29


Product : Fedora Core 4
Name : dbus
Version : 0.33
Release : 3.fc4.1
Summary : D-BUS message bus

Description :

D-BUS is a system for sending messages between applications. It
is used both for the systemwide message bus service, and as a
per-user-login-session messaging facility.


  • Mon Aug 29 2005 John (J5) Palmieri <[email protected]> –
    0.33-3.fc4.1

    • add patch from 0.2x series that fixes an exploit where users
      can attach to another user’s session bus (CAN-2005-0201)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

a5f7ec019ae83d8ba7bc34ad5e455b1f
SRPMS/dbus-0.33-3.fc4.1.src.rpm
b18b22127961fdfffe5361a408a8a3a1 ppc/dbus-0.33-3.fc4.1.ppc.rpm
8e3fa6f831df2888842035c2272573f4
ppc/dbus-devel-0.33-3.fc4.1.ppc.rpm
989d3af37848d07a11fe85af05729cfe
ppc/dbus-glib-0.33-3.fc4.1.ppc.rpm
6aba9846ef9ed05e276a73570ba9250b
ppc/dbus-x11-0.33-3.fc4.1.ppc.rpm
a51431b65a5a7dc389ab1b680f93d22b
ppc/dbus-python-0.33-3.fc4.1.ppc.rpm
e4f117cea0d30e1c6cc475ae1b168740
ppc/debug/dbus-debuginfo-0.33-3.fc4.1.ppc.rpm
84823a401d47631f95dac20d76b49aaf
ppc/dbus-0.33-3.fc4.1.ppc64.rpm
863a61e3a5a69682bbb72a603c5f4228
ppc/dbus-glib-0.33-3.fc4.1.ppc64.rpm
1900b51f1a622fca3677ccf33fee8712
x86_64/dbus-0.33-3.fc4.1.x86_64.rpm
e469ec09a5df40b99f6a5e592723bcb2
x86_64/dbus-devel-0.33-3.fc4.1.x86_64.rpm
5609ebfc1844fa3d4fd82772dd055709
x86_64/dbus-glib-0.33-3.fc4.1.x86_64.rpm
8a232308c032cd5b7b3d798aa7e18339
x86_64/dbus-x11-0.33-3.fc4.1.x86_64.rpm
b82c3f4720c867dc88202c8f58ac65f4
x86_64/dbus-python-0.33-3.fc4.1.x86_64.rpm
429984bab7e596546906e95bfd9698ea
x86_64/debug/dbus-debuginfo-0.33-3.fc4.1.x86_64.rpm
ccc0b77a02f0586dbf1acf1adc81e019
x86_64/dbus-0.33-3.fc4.1.i386.rpm
0f3a59c3f02f5b2f7097989ebfa7b41a
x86_64/dbus-glib-0.33-3.fc4.1.i386.rpm
ccc0b77a02f0586dbf1acf1adc81e019
i386/dbus-0.33-3.fc4.1.i386.rpm
ce7293f13fadcfd3b71c2bd1989c3eaa
i386/dbus-devel-0.33-3.fc4.1.i386.rpm
0f3a59c3f02f5b2f7097989ebfa7b41a
i386/dbus-glib-0.33-3.fc4.1.i386.rpm
04e3b4b44f14b21d5b5ce95313ee25ad
i386/dbus-x11-0.33-3.fc4.1.i386.rpm
b00faaa5e17a85defadb884b3dcfdf30
i386/dbus-python-0.33-3.fc4.1.i386.rpm
99f4db31da2d4ab69878127151deab3b
i386/debug/dbus-debuginfo-0.33-3.fc4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200508-19


http://security.gentoo.org/


Severity: Normal
Title: lm_sensors: Insecure temporary file creation
Date: August 30, 2005
Bugs: #103568
ID: 200508-19


Synopsis

lm_sensors is vulnerable to linking attacks, potentially
allowing a local user to overwrite arbitrary files.

Background

lm_sensors is a software package that provides drivers for
monitoring the temperatures, voltages, and fans of Linux systems
with hardware monitoring devices.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  sys-apps/lm_sensors     < 2.9.1-r1                    >= 2.9.1-r1

Description

Javier Fernandez-Sanguino Pena has discovered that lm_sensors
insecurely creates temporary files with predictable filenames when
saving configurations.

Impact

A local attacker could create symbolic links in the temporary
file directory, pointing to a valid file somewhere on the
filesystem. When the pwmconfig script of lm_sensors is executed,
this would result in the file being overwritten with the rights of
the user running the script, which typically is the root user.

Workaround

There is no known workaround at this time.

Resolution

All lm_sensors users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-apps/lm_sensors-2.9.1-r1"

References

[ 1 ] CAN-2005-2672

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-19.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200508-20


http://security.gentoo.org/


Severity: High
Title: phpGroupWare: Multiple vulnerabilities
Date: August 30, 2005
Bugs: #102379
ID: 200508-20


Synopsis

phpGroupWare is vulnerable to multiple issues ranging from
information disclosure to a potential execution of arbitrary
code.

Background

phpGroupWare is a multi-user groupware suite written in PHP.

Affected packages


     Package                /   Vulnerable   /              Unaffected

  1  www-apps/phpgroupware     < 0.9.16.008              >= 0.9.16.008

Description

phpGroupWare improperly validates the “mid” parameter retrieved
via a forum post. The current version of phpGroupWare also adds
several safeguards to prevent XSS issues, and disables the use of a
potentially vulnerable XML-RPC library.

Impact

A remote attacker may leverage the XML-RPC vulnerability to
execute arbitrary PHP script code. He could also create a specially
crafted request that will reveal private posts.

Workaround

There is no known workaround at this time.

Resolution

All phpGroupWare users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"

References

[ 1 ] CAN-2005-2498

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2498

[ 2 ] CAN-2005-2600

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2600

[ 3 ] Secunia Advisory SA16414

http://secunia.com/advisories/16414

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Slackware Linux

[slackware-security] PCRE library (SSA:2005-242-01)

New PCRE packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, and -current to fix a security issue. A buffer overflow
could be triggered by a specially crafted regular expression. Any
applications that use PCRE to process untrusted regular expressions
may be exploited to run arbitrary code as the user running the
application.

The PCRE library is also provided in an initial installation by
the aaa_elflibs package, so if your system has a
/usr/lib/libpcre.so.0 symlink, then you should install this updated
package even if the PCRE package itself is not installed on the
system.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/pcre-6.3-i486-1.tgz: Upgraded to pcre-6.3.
This fixes a buffer overflow that could be triggered by the
processing of a specially crafted regular expression. Theoretically
this could be a security issue if regular expressions are accepted
from untrusted users to be processed by a user with greater
privileges, but this doesn’t seem like a common scenario (or, for
that matter, a good idea). However, if you are using an application
that links to the shared PCRE library and accepts outside input in
such a manner, you will want to update to this new package. For
more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

(* Security fix *)
+————————–+

Where to find the new
packages:

Updated package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/pcre-6.3-i386-1.tgz

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/pcre-6.3-i386-1.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/pcre-6.3-i486-1.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/pcre-6.3-i486-1.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/pcre-6.3-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/pcre-6.3-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
6d4ea9a84341297ebb86a3d218ee6520 pcre-6.3-i386-1.tgz

Slackware 9.0 package:
539769e82bb6e03db449f4154d557e36 pcre-6.3-i386-1.tgz

Slackware 9.1 package:
bb49c4be6ba9c8ed19d4be7997da065a pcre-6.3-i486-1.tgz

Slackware 10.0 package:
591c6fce5c0084f668bab1ea3ada4ebe pcre-6.3-i486-1.tgz

Slackware 10.1 package:
8f5f604fd35876d397d4e2d4e4fe83a1 pcre-6.3-i486-1.tgz

Slackware -current package:
c699044b38a70720439ace1097e84013 pcre-6.3-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg pcre-6.3-i486-1.tgz

Then, restart any applications that use the PCRE library.

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

[slackware-security] PHP (SSA:2005-242-02)

New PHP packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, and -current to fix security issues. PHP has been
relinked with the shared PCRE library to fix an overflow issue with
PHP’s builtin PRCE code, and PEAR::XMLRPC has been upgraded to
version 1.4.0 which eliminates the eval() function. The eval()
function is believed to be insecure as implemented, and would be
difficult to secure.

Note that these new packages now require that the PCRE package
be installed, so be sure to get the new package from the
patches/packages/ directory if you don’t already have it. A new
version of this (6.3) was also issued today, so be sure that is the
one you install.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/php-4.3.11-i486-3.tgz: Relinked with the system
PCRE library, as the builtin library has a buffer overflow that
could be triggered by the processing of a specially crafted regular
expression.
Note that this change requires the pcre package to be installed.
For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of
the insecure eval() function.
For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
+————————–+

Where to find the new
packages:

Updated package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.11-i386-4.tgz

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.11-i386-4.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.11-i486-4.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/php-4.3.11-i486-3.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/php-4.3.11-i486-3.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.0-i486-3.tgz

MD5 signatures:

Slackware 8.1 package:
06ae1e8f982f2c8142194eb4691cb2c0 php-4.3.11-i386-4.tgz

Slackware 9.0 package:
41d878638bca9f1fd13086ab1c3b5528 php-4.3.11-i386-4.tgz

Slackware 9.1 package:
28c5d2d4a1f16ff7656606962b6c05b5 php-4.3.11-i486-4.tgz

Slackware 10.0 package:
da1920c127a633a38efc49035307f069 php-4.3.11-i486-3.tgz

Slackware 10.1 package:
5f7efa91b92ca0239b6dc413a2cc6a41 php-4.3.11-i486-3.tgz

Slackware -current package:
e60c975944a7ee9709819918d65d4699 php-4.4.0-i486-3.tgz

Installation instructions:

First, stop apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-4.3.11-i486-3.tgz

Finally, restart apache:
# apachectl start (or: apachectl startssl)

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

[slackware-security] gaim (SSA:2005-242-03)

New gaim packages are available for Slackware 9.0, 9.1, 10.0,
10.1, and -current to fix some security issues. including:

AIM/ICQ away message buffer overflow
AIM/ICQ non-UTF-8 filename crash
Gadu-Gadu memory alignment bug

Sites that use GAIM should upgrade to the new version.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0.
This fixes some more security issues. For more information,
see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370

(* Security fix *)
+————————–+

Where to find the new
packages:

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gaim-1.5.0-i386-1.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-1.5.0-i486-1.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-1.5.0-i486-1.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gaim-1.5.0-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-1.5.0-i486-1.tgz

MD5 signatures:

Slackware 9.0 package:
676bad766cfddb50c7453554d66b1748 gaim-1.5.0-i386-1.tgz

Slackware 9.1 package:
d2cc0baba627ba9dbf3f218bdeacc630 gaim-1.5.0-i486-1.tgz

Slackware 10.0 package:
98d55471ed0a2f9def7fcded90860839 gaim-1.5.0-i486-1.tgz

Slackware 10.1 package:
bc6891f4acb22530c472218f5d9493fb gaim-1.5.0-i486-1.tgz

Slackware -current package:
b9a55d4359183b81e1150bea6e13b61e gaim-1.5.0-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg gaim-1.5.0-i486-1.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

SUSE Linux


SUSE Security Announcement

Package: pcre
Announcement ID: SUSE-SA:2005:048
Date: Tue, 30 Aug 2005 15:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3 SUSE Linux Desktop 1.0 SUSE
Linux Enterprise Server 8, 9 Novell Linux Desktop 9
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CAN-2005-2491

Content of This Advisory:

  1. Security Vulnerability Resolved: pcre integer overflow security
    problem Problem Description
  2. Solution or Work-Around
  3. Special Instructions and Notes
  4. Package Location and Checksums
  5. Pending Vulnerabilities, Solutions, and Work-Arounds: none
  6. Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

A vulnerability was found in the PCRE regular expression
handling library which allows an attacker to crash or overflow a
buffer in the program by specifying a special regular
expression.

Since this library is used in a large number of packages,
including apache2, php4, exim, postfix and similar, a remote attack
could be possible.

This is tracked by the Mitre CVE ID CAN-2005-2491.

2) Solution or Work-Around

Install the updated packages.

3) Special Instructions and Notes

Please make sure you restart services linked against the pcre
library (apache, exim, postfix).

4) Package Location and Checksums

The preferred method for installing security updates is to use
the YaST Online Update (YOU) tool. YOU detects which updates are
required and automatically performs the necessary steps to verify
and install them. Alternatively, download the update packages for
your distribution manually and verify their integrity by the
methods listed in Section 6 of this announcement. Then install the
packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.

Our maintenance customers are notified individually. The
packages are offered for installation from the maintenance web.

x86 Platform:

SUSE Linux 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pcre-5.0-3.2.i586.rpm
ccc4711c80659d57a7d06754d577a33c
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pcre-devel-5.0-3.2.i586.rpm
18ad1553287682ad09b2412dd038c5c5
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-32bit-9.3-7.1.x86_64.rpm
0246d39b1aa7bbfa8872a4f841d2842f

SUSE Linux 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/pcre-4.5-2.2.i586.rpm
d1c4af6faceecbbc028c5c5b32cd46bd
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/pcre-devel-4.5-2.2.i586.rpm
276ecc193b12cf20e5ac1e2be2e9484c
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-32bit-9.2-200508260320.x86_64.rpm
107c8c3ac5218348e89cc5d6a235f34d

SUSE Linux 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/pcre-4.4-109.4.i586.rpm
0330a3dd845c33bd460851e13abdcb01
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/pcre-devel-4.4-109.4.i586.rpm
ca1722d18e465cce1e6be5fc69a97586
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/pcre-32bit-9.1-200508261306.i586.rpm
2933451df49a408b53d9d2628fd74d38 source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/pcre-4.4-109.4.src.rpm
131e5f816d7f9e6e8536416e574a2e07

SUSE Linux 9.0:
   ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/pcre-4.4-112.i586.rpm
7f6492b3fdd2e9cf9ff104c7ef366fd2
   ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/pcre-devel-4.4-112.i586.rpm
c1e36f246764869a672f3e69c879a976
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/i586/pcre-32bit-9.0-5.i586.rpm
7e4d12f5af0bc2a68d21a8d72ccb1d37 source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/pcre-4.4-112.src.rpm
367ad88cdd0c0ec060992312e96a9997

x86-64 Platform:

SUSE Linux 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-5.0-3.2.x86_64.rpm
36c7d2b3713c27c79292a7637443a285
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-devel-5.0-3.2.x86_64.rpm
db8e83e2867c3d2f713a43705b655ffe source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/pcre-5.0-3.2.src.rpm
b4d17fa6f1f4359196b04495a7d6fb19

SUSE Linux 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-4.5-2.2.x86_64.rpm
dcaeeb4225fb820c85927dd2104c9f9f
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-devel-4.5-2.2.x86_64.rpm
bcbcb9ec334e1a8896ca29b3c10a5a72 source rpm(s):
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/pcre-4.5-2.2.src.rpm
096c4732ffd1c34e424ee62b86fcb741

SUSE Linux 9.1:
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/pcre-4.4-109.4.x86_64.rpm
167f6794525cdb24cc6d0fe16c7d3baf
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/pcre-devel-4.4-109.4.x86_64.rpm
a1a105c4c60d7c2e0745d6d81b24afef source rpm(s):
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/pcre-4.4-109.4.src.rpm
4186754b93b1e2856d2dbb83be5fb6f5

SUSE Linux 9.0:
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/pcre-4.4-112.x86_64.rpm
0884bc87e09d1607e80d98ab7c898549
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/pcre-devel-4.4-112.x86_64.rpm
a336cf08fe6b8e4818480304bd63cfb6 source rpm(s):
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/pcre-4.4-112.src.rpm
308b513ff579695f0292b881d7022f8f


5) Pending Vulnerabilities, Solutions, and Work-Arounds:

none


6) Authenticity Verification and Additional Information

  • Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and
    on Web sites. The authenticity and integrity of a SUSE security
    announcement is guaranteed by a cryptographic signature in each
    announcement. All SUSE security announcements are published with a
    valid signature.

    To verify the signature of the announcement, save it as text
    into a file and run the command

    gpg –verify <file>

    replacing <file> with the name of the file where you saved
    the announcement. The output for a valid signature looks like:

    gpg: Signature made <DATE> using RSA key ID 3D25D3D9
    gpg: Good signature from “SuSE Security Team <[email protected]>”

    where <DATE> is replaced by the date the document was
    signed.

    If the security team’s key is not contained in your key ring,
    you can import it from the first installation CD. To import the
    key, use the command

    gpg –import gpg-pubkey-3d25d3d9-36e12d04.asc

  • Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers
    all over the world. While this service is considered valuable and
    important to the free and open source software community, the
    authenticity and the integrity of a package needs to be verified to
    ensure that it has not been tampered with.

    There are two verification methods that can be used
    independently from each other to prove the authenticity of a
    downloaded file or RPM package:

    1. Using the internal gpg signatures of the rpm package
    2. MD5 checksums as provided in this announcement
    1. The internal rpm package signatures provide an easy way to
      verify the authenticity of an RPM package. Use the command

      rpm -v –checksig <file.rpm>

      to verify the signature of the package, replacing
      <file.rpm> with the filename of the RPM package downloaded.
      The package is unmodified if it contains a valid signature from
      [email protected] with the key ID
      9C800ACA. This key is automatically imported into the RPM database
      (on RPMv4-based distributions) and the gpg key ring of ‘root’
      during installation. You can also find it on the first installation
      CD and at the end of this announcement.

    2. If you need an alternative means of verification, use the
      md5sum

      command to verify the authenticity of the packages. Execute the
      command

      md5sum <filename.rpm>

      after you downloaded the file from a SUSE FTP server or its
      mirrors. Then compare the resulting md5sum with the one that is
      listed in the SUSE security announcement. Because the announcement
      containing the checksums is cryptographically signed (by [email protected]), the checksums show
      proof of the authenticity of the package if the signature of the
      announcement is valid. Note that the md5 sums published in the SUSE
      Security Announcements are valid for the respective packages only.
      Newer versions of these packages cannot be verified.

  • SUSE runs two security mailing lists to which any interested
    party may subscribe:

        [email protected]

    • General Linux and SUSE security discussion. All SUSE security
      announcements are sent to this list. To subscribe, send an e-mail
      to

      <[email protected]>.

          [email protected]

    • SUSE’s announce-only mailing list. Only SUSE’s security
      announcements are sent to this list. To subscribe, send an e-mail
      to

      <[email protected]>.

    For general information or the frequently asked questions (FAQ),
    send mail to <[email protected]>
    or <[email protected]>.


    SUSE’s security contact is <[email protected]> or
    <[email protected]>. The
    <[email protected]>
    public key is listed below.



The information in this advisory may be distributed or
reproduced, provided that the advisory is not modified in any way.
In particular, the clear text signature should show proof of the
authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind
whatsoever with respect to the information contained in this
security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <[email protected]>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <[email protected]>


SUSE Security Announcement

Package: php4, php5
Announcement ID: SUSE-SA:2005:049
Date: Tue, 30 Aug 2005 15:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3 SUSE Linux Enterprise Server
8, 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CAN-2005-2498 CAN-2005-2491

Content of This Advisory:

  1. Security Vulnerability Resolved: Pear::XML_RPC code injection
    problem, pcre integer overflow Problem Description
  2. Solution or Work-Around
  3. Special Instructions and Notes
  4. Package Location and Checksums
  5. Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE
    Security Summary Report.
  6. Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

This update fixes the following security issues in the PHP
scripting language.

  • Bugs in the PEAR::XML_RPC library allowed remote attackers to
    pass arbitrary PHP code to the eval() function (CAN-2005-1921,
    CAN-2005-2498).

    The Pear::XML_RPC library is not used by default in SUSE Linux,
    but might be used by third-party PHP applications.

  • A integer overflow bug was found in the PCRE (perl compatible
    regular expression) library which could be used by an attacker to
    potentially execute code. (CAN-2005-2491)

2) Solution or Work-Around

Please install the updated packages.

3) Special Instructions and Notes

Make sure you restart the web server using PHP after the
update.

4) Package Location and Checksums

The preferred method for installing security updates is to use
the YaST Online Update (YOU) tool. YOU detects which updates are
required and automatically performs the necessary steps to verify
and install them. Alternatively, download the update packages for
your distribution manually and verify their integrity by the
methods listed in Section 6 of this announcement. Then install the
packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.

Our maintenance customers are notified individually. The
packages are offered for installation from the maintenance web.

x86 Platform:

SUSE Linux 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.10-14.9.i586.rpm
f4e6d7578b6ae62a0b49989a3be4ef4b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3-14.9.i586.rpm
79bb1fdc66068aba68a253d16a02f471
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.10-14.9.i586.rpm
08708573a0dee6ea412f7afc0d472244
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.9.i586.rpm
ffc0d7f665be377b1c9450f16d8b0b35
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.9.i586.rpm
44bbb9ec8f40b92030a591a718312ce1
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.9.i586.rpm
081168bede1cc4409c17fe71ea891f6e
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14.9.i586.rpm
f6beca45181a6f92cba938b6b1009b39
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.9.i586.rpm
c35765443f99ee337e8df8b54414ef74
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14.9.i586.rpm
9681a8e5dd6db224689d8e5dc6f07aff
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14.9.i586.rpm
9f18c0bce655a1eda2fa9db9cb703e68
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.9.i586.rpm
d39bb57b5df06dc64e3cc5cf484c030c
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.9.i586.rpm
514561227c94e8af808dfb9d47a8143a
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.9.i586.rpm
a08670d24ea2af4e22425b9879804fa9
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.9.i586.rpm
9c374d9ed218a85399d5a529f8f97417
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.9.i586.rpm
4cba59009162137d5e4a79f0c355ec15
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.9.i586.rpm
a31dd5f81ebe25fc69b4a3a29321fed9
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.9.i586.rpm
4b1cf3f9ccfc1f4a546f188768a54da2
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.4.x86_64.rpm
4cddafbceded22b220e48542f6371337

SUSE Linux 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.12.i586.rpm
b5f30d4fcad5a1f8a3e5dfc9db519914
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8-8.12.i586.rpm
eed1a644b3908e719d81359b96ef4244
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.12.i586.rpm
3a9fd735f7897fb97be921dee4afe850
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.12.i586.rpm
6145bf500d49378b1f7cd5441612ad92
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.12.i586.rpm
38c72905c9c47a6ab680faa781927020
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.12.i586.rpm
8483c7ce1b73710f03120fb7cf009740
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.12.i586.rpm
202af06b5ee93fd667a7484d01c3089b
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.12.i586.rpm
498f23a90eab4da6a06de67e44a84014
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.12.i586.rpm
254f0ee5ac6d04f244a8cfd171fdff57
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-200508260320.x86_64.rpm
528b00aeb3433f5829cd070a84cfeeb9

SUSE Linux 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.41.i586.rpm
214e4ef40cb48c998342995cac9d04b8
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.41.i586.rpm
f2d4e625ea55fa7ead3a754238ca7078
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4-43.41.i586.rpm
fabfae99a0462b49ec5f1109cd6820a9
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.41.i586.rpm
ca1aaef816f44495a90d4fb487a26524
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.41.i586.rpm
66fe3a880315e1de5d408a5dcaca3680
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-exif-4.3.4-43.41.i586.rpm
c21383cbc809a455c7eff45b8f533f52
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.41.i586.rpm
21363ed91ae437ca66a97ba597c2529c
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.41.i586.rpm
ebdd8e83894392f455f57f8bf96022ea
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.41.i586.rpm
f6bf0f02c69fe67d2b229000bb5c93de
   ftp://f