Advisories, December 11, 2005

Debian GNU/Linux

Debian Security Advisory DSA 918-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
December 9th, 2005 http://www.debian.org/security/faq

Package : osh
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-3347 CVE-2005-3533
Debian Bug : 338312

Several security related problems have been discovered in osh,
the operator’s shell for executing defined programs in a privileged
environment. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2005-3347

Charles Stevenson discovered a bug in the substitution of
variables that allows a local attacker to open a root shell.

CVE-2005-3533

Solar Eclipse discovered a buffer overflow caused by the current
working directory plus a filename that could be used to execute
arbitrary code and e.g. open a root shell.

For the old stable distribution (woody) these problems have been
fixed in version 1.7-11woody2.

For the stable distribution (sarge) these problems have been
fixed in version 1.7-13sarge1.

For the unstable distribution (sid) these problems have been
fixed in version 1.7-15, however, the package has been removed
entirely.

We recommend that you upgrade your osh package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2.dsc

Size/MD5 checksum: 565 6341a0b49e77066cf3645e3abfe98653

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2.diff.gz

Size/MD5 checksum: 12578 7276b78763b4033448f2903d0cf64e96

http://security.debian.org/pool/updates/main/o/osh/osh_1.7.orig.tar.gz

Size/MD5 checksum: 150241 0196364c5ea0afab1c1d3163c40cb1a8

Alpha architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_alpha.deb

Size/MD5 checksum: 32426 c41a8e928125f048778eeaecda51c58a

ARM architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_arm.deb

Size/MD5 checksum: 27402 fa9fdba7af436e4b7a1ac1d99657e9ce

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_i386.deb

Size/MD5 checksum: 27084 47d99052863f6ac5ad44c794e399bc43

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_ia64.deb

Size/MD5 checksum: 36942 b0b3631235a76fff6841ab7a7c1ce1d6

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_hppa.deb

Size/MD5 checksum: 29366 7684c38b177294c6f8c647e4ad5c7ce8

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_m68k.deb

Size/MD5 checksum: 26338 cf9c3511eb73cfdf5861966130354246

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mips.deb

Size/MD5 checksum: 29510 d443160b8e72c36d30ce3f7fa5ae6178

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mipsel.deb

Size/MD5 checksum: 29468 745f79348790bda9accb5250a40520f1

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_powerpc.deb

Size/MD5 checksum: 28816 7f387b8bc51460e94c1e0ca562906e2f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_s390.deb

Size/MD5 checksum: 28294 60e0010eb4e3fe1007e1c4c3bf082c44

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_sparc.deb

Size/MD5 checksum: 30894 60969c49d4be186b8000af6532393335

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1.dsc

Size/MD5 checksum: 565 71ea00a2e13ea67b337d450a77cea49a

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1.diff.gz

Size/MD5 checksum: 12818 5df9ac8705fd85dc8ad07a74a470ba77

http://security.debian.org/pool/updates/main/o/osh/osh_1.7.orig.tar.gz

Size/MD5 checksum: 150241 0196364c5ea0afab1c1d3163c40cb1a8

Alpha architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_alpha.deb

Size/MD5 checksum: 31468 767b6efad96e1e49f584d36eb502c5cc

AMD64 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_amd64.deb

Size/MD5 checksum: 29360 496db05c70e81a7314382389826bb2a1

ARM architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_arm.deb

Size/MD5 checksum: 27712 578e45cadbb18d9ccc137494a3d1938d

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_i386.deb

Size/MD5 checksum: 27846 3be55b13083630d6fc4fbc4892f4be99

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_ia64.deb

Size/MD5 checksum: 35320 8849f5286f65d67ccfa2a25e4007f39f

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_hppa.deb

Size/MD5 checksum: 29650 1fcfede379bc4ee5474602ed8decd4da

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_m68k.deb

Size/MD5 checksum: 27094 d8af0990d6017e61cb63b025f77930c6

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_mips.deb

Size/MD5 checksum: 29824 b80543697d548c0ef3cf729685db249b

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_mipsel.deb

Size/MD5 checksum: 29838 2c18ef4a3d1243fd92f0d196b7a9d8c9

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_powerpc.deb

Size/MD5 checksum: 30432 71a1b2e26d896852efd7e29be68f1048

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_s390.deb

Size/MD5 checksum: 29526 c20605b6cef6b680ab4deade9651cf16

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_sparc.deb

Size/MD5 checksum: 28032 ad94a0fc87d2f681ef2fcbf536269f71

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show ‘ and http://packages.debian.org/

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2005:206-1
http://www.mandriva.com/security/

Package : openvpn
Date : December 9, 2005
Affected: 2006.0

Problem Description:

Two Denial of Service vulnerabilities exist in OpenVPN. The
first allows a malicious or compromised server to execute arbitrary
code on the client (CVE-2005-3393). The second DoS can occur if
when in TCP server mode, OpenVPN received an error on accept(2) and
the resulting exception handler causes a segfault
(CVE-2005-3409).

The updated packages have been patched to correct these
problems.

Update:

Packages are now available for Mandriva Linux 2006.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409

Updated Packages:

Mandriva Linux 2006.0:
7804df61685a36064119b813dca83172
2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.i586.rpm
2feb66835d37f31735746824027a2ef8
2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
9d8cd19c6723507a275649c5d070970d
x86_64/2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.x86_64.rpm
2feb66835d37f31735746824027a2ef8
x86_64/2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

Mandriva Linux Security Advisory MDKSA-2005:224
http://www.mandriva.com/security/

Package : curl
Date : December 8, 2005
Affected: 10.1, 10.2, 2006.0

Problem Description:

Stefan Esser discovered that libcurl’s URL parser function can
have a malloced buffer overflows in two ways if given a too long
URL. It cannot be triggered by a redirect, which makes remote
exploitation unlikely, but can be passed directly to libcurl
(allowing for local exploitation) and could also be used to break
out of PHP’s safe_mode/ open_basedir.

This vulnerability only exists in libcurl and curl 7.11.2 up to
and including 7.15.0, which means that Corporate Server 2.1 and
Corporate 3.0 are not vulnerable.

The updated packages have been patched to correct the problem.
As well, updated php-curl packages are available that provide a new
curl PHP module compiled against the fixed code.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077

http://www.dyadsecurity.com/perl-0002.html

http://curl.haxx.se/docs/adv_20051207.html

Updated Packages:

Mandriva Linux 10.1:
e338c6fec40f0b5f7c47f01ecfc85fd8
10.1/RPMS/curl-7.12.1-1.3.101mdk.i586.rpm
2c6fc6d5cb9f62c0fd7d0890779167dd
10.1/RPMS/libcurl3-7.12.1-1.3.101mdk.i586.rpm
496b439769425c8a45a15195c9f1a339
10.1/RPMS/libcurl3-devel-7.12.1-1.3.101mdk.i586.rpm
59bc58c52d3c7034e31bf7a5d9e2f845
10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
ecd5b17dd584d8ba4c986437bde4f6fa
x86_64/10.1/RPMS/curl-7.12.1-1.3.101mdk.x86_64.rpm
d3bb7a56841873696ffd6add01cf8da3
x86_64/10.1/RPMS/lib64curl3-7.12.1-1.3.101mdk.x86_64.rpm
f54e7f2fb8a4ad73787ce9af0e65ac41
x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.3.101mdk.x86_64.rpm
59bc58c52d3c7034e31bf7a5d9e2f845
x86_64/10.1/SRPMS/curl-7.12.1-1.3.101mdk.src.rpm

Mandriva Linux 10.2:
287e79b91baa16afe1e57944bf8887a4
10.2/RPMS/curl-7.13.1-2.2.102mdk.i586.rpm
6012e004103928ffeb31f8017a08cce1
10.2/RPMS/libcurl3-7.13.1-2.2.102mdk.i586.rpm
60b5868305bda86a04ec63b349a1b45d
10.2/RPMS/libcurl3-devel-7.13.1-2.2.102mdk.i586.rpm
f12a43929acf2432a413937b00751f26
10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
6620e61f2dfc0f6b9f8ddb4bb17a9dc8
x86_64/10.2/RPMS/curl-7.13.1-2.2.102mdk.x86_64.rpm
bfe67e81d224684763cbbc673df15488
x86_64/10.2/RPMS/lib64curl3-7.13.1-2.2.102mdk.x86_64.rpm
4b601554dd99d63f94b3f35f0924034e
x86_64/10.2/RPMS/lib64curl3-devel-7.13.1-2.2.102mdk.x86_64.rpm
f12a43929acf2432a413937b00751f26
x86_64/10.2/SRPMS/curl-7.13.1-2.2.102mdk.src.rpm

Mandriva Linux 2006.0:
78fe1cf7868e10c17a31adaa01718f1d
2006.0/RPMS/curl-7.14.0-2.2.20060mdk.i586.rpm
d6cf997f844557f77ca5b720973f717d
2006.0/RPMS/libcurl3-7.14.0-2.2.20060mdk.i586.rpm
6959638e76f3f2d7c7c8774e4d891b5a
2006.0/RPMS/libcurl3-devel-7.14.0-2.2.20060mdk.i586.rpm
7502a4eb9fe19554714247e4a9a5f176
2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.i586.rpm
c04932aea0dc51673585ed68119d518d
2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm
8a30951717cc93a371e07fb95264b007
2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
7401463c8a258183c1f3798b02f3d029
x86_64/2006.0/RPMS/curl-7.14.0-2.2.20060mdk.x86_64.rpm
b5d47137d19d7e69a31a50cab4e520b7
x86_64/2006.0/RPMS/lib64curl3-7.14.0-2.2.20060mdk.x86_64.rpm
50ddb76a23cb766bcb99d0ad7ff18492
x86_64/2006.0/RPMS/lib64curl3-devel-7.14.0-2.2.20060mdk.x86_64.rpm

a94e9b275b0a661940c4a15fbf63efb9
x86_64/2006.0/RPMS/php-curl-5.0.4-1.1.20060mdk.x86_64.rpm
c04932aea0dc51673585ed68119d518d
x86_64/2006.0/SRPMS/curl-7.14.0-2.2.20060mdk.src.rpm
8a30951717cc93a371e07fb95264b007
x86_64/2006.0/SRPMS/php-curl-5.0.4-1.1.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

Mandriva Linux Security Advisory MDKSA-2005:225
http://www.mandriva.com/security/

Package : perl
Date : December 8, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi
Network Firewall 2.0

Problem Description:

Jack Louis discovered a new way to exploit format string errors
in the Perl programming language that could lead to the execution
of arbitrary code.

The updated packages are patched to close the particular exploit
vector in Perl itself, to mitigate the risk of format string
programming errors, however it does not fix problems that may exist
in particular pieces of software written in Perl.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3962

http://www.dyadsecurity.com/perl-0002.html

Updated Packages:

Mandriva Linux 10.1:
fd77af9b7802f41c22d4902b456fdb32
10.1/RPMS/perl-5.8.5-3.5.101mdk.i586.rpm
49c6b964236039da921a3a0a08105316
10.1/RPMS/perl-base-5.8.5-3.5.101mdk.i586.rpm
01ad564838030c9992ea70b8fa2261c5
10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.i586.rpm
3ff0b066b2b67c9d6f0d6d5d757ed67e
10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.i586.rpm
1e6de184d2c018701d5bc93c60610789
10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
4fef93b585d891e863588f99c0ddd18d
x86_64/10.1/RPMS/perl-5.8.5-3.5.101mdk.x86_64.rpm
9b31454c7a74aa9cab7219ca627100e0
x86_64/10.1/RPMS/perl-base-5.8.5-3.5.101mdk.x86_64.rpm
1b7708eb96804787524bf34bded09edf
x86_64/10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.x86_64.rpm
cd197160854346c39854f060a9a18d5c
x86_64/10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.x86_64.rpm
1e6de184d2c018701d5bc93c60610789
x86_64/10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm

Mandriva Linux 10.2:
32b1b7a39b8e0781df41e57188fe5c97
10.2/RPMS/perl-5.8.6-6.2.102mdk.i586.rpm
05ae3f918377371783c491027b081e92
10.2/RPMS/perl-base-5.8.6-6.2.102mdk.i586.rpm
2c5b07488636b42b1b15f40b220fd1fd
10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.i586.rpm
c116213d8e3e30407ba994b281d03f52
10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.i586.rpm
54c3f67fd42027442a0f589f2ad9dcec
10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
e0890eb10b116c824c3f9a173097c60e
x86_64/10.2/RPMS/perl-5.8.6-6.2.102mdk.x86_64.rpm
75aa18ee9d21d40a639baaee28b238f4
x86_64/10.2/RPMS/perl-base-5.8.6-6.2.102mdk.x86_64.rpm
1dc42978eb832156c82042ece5c616d9
x86_64/10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.x86_64.rpm
c4b0b1c2f41d8ab442202136572ec553
x86_64/10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.x86_64.rpm
54c3f67fd42027442a0f589f2ad9dcec
x86_64/10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm

Mandriva Linux 2006.0:
6333d4baa23e9bc27340ab30d6f6f9fd
2006.0/RPMS/perl-5.8.7-3.2.20060mdk.i586.rpm
d91a62f81461a51dfffa6dd8e15b6ab4
2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.i586.rpm
7d8ec79ab483544765c236c3b7e1ba0f
2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.i586.rpm
af9b52f68ce3eaf066a21694924a3f22
2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.i586.rpm
ff8a844680f7df737431fb9c82c5f50d
2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.i586.rpm
acde621a5890ff325a1ad8ffe83dc1ca
2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c1fc32b114cd8b2b0af431208da6beaf
x86_64/2006.0/RPMS/perl-5.8.7-3.2.20060mdk.x86_64.rpm
ebf3e1e5460c9362e3a0fc77dcbddad5
x86_64/2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.x86_64.rpm
ced9d56a6b9ae7196397f9d7b8e1e41f
x86_64/2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.x86_64.rpm
896727d0819ed6161229f4c8722a67fc
x86_64/2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.x86_64.rpm
241e526b1892577f35663073adcc4a97
x86_64/2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.x86_64.rpm
acde621a5890ff325a1ad8ffe83dc1ca
x86_64/2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm

Corporate Server 2.1:
d20049231eead3d45b0b9281e1decb4c
corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.i586.rpm
5da0de8e1beeba847d3576a7a06a496e
corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.i586.rpm
09a1f64c8b71c473bc0779720defa812
corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.i586.rpm
512a995b03bc5e0c1d2dd22c7b326510
corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.i586.rpm
1b6f22e9b27bf9dc6e029b129c64f17d
corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
5d2d2f4908b9c6e8f51d6bb8d961eebe
x86_64/corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.x86_64.rpm
5b72479d3df3ae87fa4edf2a105e748d
x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.x86_64.rpm

3559e60ed31815f3902b75df42afc3d7
x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.x86_64.rpm

00a8c82a911814a113ae2eaf6915d47b
x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.x86_64.rpm
1b6f22e9b27bf9dc6e029b129c64f17d
x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm

Corporate 3.0:
7b1917b673681d9de4e4737af0b121c8
corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.i586.rpm
2ddb28f87a9ab94bfda90fc476da3805
corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.i586.rpm
c939615d266f5fa4ed1755ce31915dde
corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.i586.rpm
ca449fac6c286d5bbd0c3bd137316e98
corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.i586.rpm
d3a7de2cfc352459b85cdc261b57d1e6
corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
4578c3ad7a7c4fd87086ac571478ae1b
x86_64/corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.x86_64.rpm
bbe873bc27e07d05c7d4846edd34acec
x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.x86_64.rpm
833889de8df484c212c69a1e658f5ffe
x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.x86_64.rpm

c9dbf8d3ca9715e33bbc664efc2dca24
x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.x86_64.rpm
d3a7de2cfc352459b85cdc261b57d1e6
x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
0f29d338645e61084cf87953c331c87e
mnf/2.0/RPMS/perl-5.8.3-5.5.M20mdk.i586.rpm
fee6e3863a13cd043b29ae0fcd053221
mnf/2.0/RPMS/perl-base-5.8.3-5.5.M20mdk.i586.rpm
be47c56a9ae307c338031dcb5194e491
mnf/2.0/RPMS/perl-devel-5.8.3-5.5.M20mdk.i586.rpm
d0c6075c99103eb8b3bea0a38d1c9cdf
mnf/2.0/RPMS/perl-doc-5.8.3-5.5.M20mdk.i586.rpm
8ce4eff23c4dd50c5bbaef75b69c5482
mnf/2.0/SRPMS/perl-5.8.3-5.5.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2005-0070

Package names: kernel, perl
Summary: Multiple vulnerabilities
Date: 2005-12-09
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux
3.0 Trustix Operating System – Enterprise Server 2

Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.

perl
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text. Perl’s hallmarks are
practicality and efficiency. While it is used to do a lot of
different things, Perl’s most common applications (and what it
excels at) are probably system administration utilities and web
programming. A large proportion of the CGI scripts on the web are
written in Perl. You need the perl package installed on your system
so that your system can handle Perl scripts.

Problem description:
kernel < TSL 3.0 >

New Upstream.
SECURITY Fix: Memory leak in the VFS file lease handling in
locks.c allows local users to cause a denial of service via certain
Samba activities that cause an fasync entry to be re-allocated by
the fcntl_setlease function after the fasync queue has already been
cleaned by the locks_delete_lock function.
The auto-reap of child processes in Linux kernel 2.6 includes
processes with ptrace attached, which leads to a dangling ptrace
reference and allows local users to cause a denial of service
(crash).
The time_out_leases function in locks.c allows local users to
cause a denial of service (kernel log message consumption) by
causing a large number of broken leases, which is recorded to the
log using the printk function.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2005-3807, CVE-2005-3784 and CVE-2005-3857 to these issues.

perl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
SECURITY Fix: Integer overflow in the format string
functionality (Perl_sv_vcatpvfn) allows attackers to overwrite
arbitrary memory and possibly execute arbitrary code via format
string specifiers with large values.

The Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-3962 to this issue.

Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.

Location:
All Trustix Secure Linux updates are available from
http://http.trustix.org/pub/trustix/updates/>
ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.

Questions?
Check out our mailing lists:
http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
http://www.trustix.org/errata/trustix-2.2/> and
http://www.trustix.org/errata/trustix-3.0/>
or directly at
http://www.trustix.org/errata/2005/0070/>

MD5sums of the packages:

0a2350d4e0d9965f62cdf5888bcb0f59 2.2/rpms/perl-5.8.5-9tr.i586.rpm

f9fcbc28250c9e5814e42efcc9f43d8a
3.0/rpms/kernel-2.6.14.3-1tr.i586.rpm
358f51e0ff323ff75181c6c4e2bc6344
3.0/rpms/kernel-doc-2.6.14.3-1tr.i586.rpm
d947bd6c4c87baebb8c0de07e318eb5c
3.0/rpms/kernel-headers-2.6.14.3-1tr.i586.rpm
c310a3663bb59f7e239646ec666ca7e8
3.0/rpms/kernel-smp-2.6.14.3-1tr.i586.rpm
bb7bcc9f91b3d7ca8e4788130db0b6d4
3.0/rpms/kernel-smp-headers-2.6.14.3-1tr.i586.rpm
3ee05562361906884b990a716c16ed3f
3.0/rpms/kernel-source-2.6.14.3-1tr.i586.rpm
6701845da1900ff436de6430b30a20d5
3.0/rpms/kernel-utils-2.6.14.3-1tr.i586.rpm
cace6154ca9297d263abd04f1ac25358
3.0/rpms/perl-5.8.7-2tr.i586.rpm

Trustix Security Team

Ubuntu Linux

Ubuntu Security Notice USN-226-1 December 09, 2005
courier vulnerability
CVE-2005-3532

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

courier-authdaemon

The problem can be corrected by upgrading the affected package
to version 0.45.6-1ubuntu0.2 (for Ubuntu 4.10), 0.47-3ubuntu1.4
(for Ubuntu 5.04), or 0.47-3ubuntu7.1 (for Ubuntu 5.10). In
general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Patrick Cheong Shu Yang discovered a flaw in the user account
handling of courier-authdaemon. After successful authorization, the
Courier mail server granted access to deactivated accounts.

Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.45.6-1ubuntu0.2.diff.gz

Size/MD5: 92828 f643cc4d20a3e208a436985b890a3db4

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.45.6-1ubuntu0.2.dsc

Size/MD5: 1207 58d7fb5c25676cd26c89625aacd8a5c1

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier_0.45.6.orig.tar.gz

Size/MD5: 6388279 7ae1f4236b4a28432af9e720a3718329

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-doc_0.45.6-1ubuntu0.2_all.deb

Size/MD5: 367974 7f50c52514504a4245d08ccc74adc8d3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/c/courier/courier-authdaemon_0.45.6-1ubuntu0.2_amd64.deb

Size/MD5: 61134 79be3b6f79e77fb77094c84916887d58

http://security.ubuntu.com/ubuntu/pool/universe/c/courier/courier-authmysql_0.45.6-1ubuntu0.2_amd64.deb