Advisories, December 14, 2006

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200612-15

http://security.gentoo.org/

Severity: High
Title: McAfee VirusScan: Insecure DT_RPATH
Date: December 14, 2006
Bugs: #156989
ID: 200612-15

Synopsis

McAfee VirusScan for Linux is distributed with an insecure
DT_RPATH, potentially allowing a remote attacker to execute
arbitrary code.

Background

McAfee VirusScan for Linux is a commercial antivirus solution
for Linux.

Affected packages

     Package             /  Vulnerable  /                   Unaffected

  1  app-antivirus/vlnx      <= 4510e                      Vulnerable!

     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.

Description

Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was
distributed with an insecure DT_RPATH which included the current
working directory, rather than $ORIGIN which was probably
intended.

An attacker could entice a VirusScan user to scan an arbitrary
file and execute arbitrary code with the privileges of the
VirusScan user by tricking the dynamic loader into loading an
untrusted ELF DSO. An automated system, such as a mail scanner, may
be subverted to execute arbitrary code with the privileges of the
process invoking VirusScan.

Workaround

Do not scan files or execute VirusScan from an untrusted working
directory.

Resolution

As VirusScan verifies that it has not been modified before
executing, it is not possible to correct the DT_RPATH. Furthermore,
this would violate the license that VirusScan is distributed under.
For this reason, the package has been masked in Portage pending the
resolution of this issue.

    # emerge --ask --verbose --unmerge "app-antivirus/vlnx"

References

[ 1 ] CVE-2006-6474

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6474

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200612-16

http://security.gentoo.org/

Severity: Normal
Title: Links: Arbitrary Samba command execution
Date: December 14, 2006
Bugs: #157028
ID: 200612-16

Synopsis

Links does not properly validate “smb://” URLs, making it
vulnerable to the execution of arbitrary Samba commands.

Background

Links is a web browser running in both graphics and text
modes.

Affected packages

     Package           /   Vulnerable   /                   Unaffected

  1  www-client/links      < 2.1_pre26                    >= 2.1_pre26

Description

Teemu Salmela discovered that Links does not properly validate
“smb://” URLs when it runs smbclient commands.

Impact

A remote attacker could entice a user to browse to a specially
crafted “smb://” URL and execute arbitrary Samba commands, which
would allow the overwriting of arbitrary local files or the upload
or the download of arbitrary files. This vulnerability can be
exploited only if “smbclient” is installed on the victim’s
computer, which is provided by the “samba” Gentoo package.

Workaround

There is no known workaround at this time.

Resolution

All Links users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/links-2.1_pre26"

References

[ 1 ] CVE-2006-5925

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-16.xml

Concerns?

License

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory GLSA 200612-17

http://security.gentoo.org/

Severity: High
Title: GNU Radius: Format string vulnerability
Date: December 14, 2006
Bugs: #156376
ID: 200612-17

Synopsis

A format string vulnerabilty has been found in GNU Radius, which
could lead to the remote execution of arbitrary code.

Background

GNU Radius is a GNU version of Radius, a server for remote user
authentication and accounting.

Affected packages

     Package               /  Vulnerable  /                 Unaffected

  1  net-dialup/gnuradius        < 1.4                          >= 1.4

Description

A format string vulnerability was found in the sqllog function
from the SQL accounting code for radiusd. That function is only
used if one or more of the “postgresql”, “mysql” or “odbc” USE
flags are enabled, which is not the default, except for the
“server” 2006.1 and 2007.0 profiles which enable the “mysql” USE
flag.

Impact

An unauthenticated remote attacker could execute arbitrary code
with the privileges of the user running radiusd, which may be the
root user. It is important to note that there is no default GNU
Radius user for Gentoo systems because no init script is provided
with the package.

Workaround

There is no known workaround at this time.

Resolution

All GNU Radius users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dialup/gnuradius-1.4"

References

[ 1 ] CVE-2006-4181

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4181

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-17.xml

Concerns?

License

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:164-2
http://www.mandriva.com/security/

Package : xorg-x11
Date : December 14, 2006
Affected: Corporate 4.0

Problem Description:

Local exploitation of an integer overflow vulnerability in the
‘CIDAFM()’ function in the X.Org and XFree86 X server could allow
an attacker to execute arbitrary code with privileges of the X
server, typically root (CVE-2006-3739).

Local exploitation of an integer overflow vulnerability in the
‘scan_cidfont()’ function in the X.Org and XFree86 X server could
allow an attacker to execute arbitrary code with privileges of the
X server, typically root (CVE-2006-3740).

Updated packages are patched to address this issue.

Update:

Updated packages for Corporate Server 4.0 have been patched

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740

Updated Packages:

Corporate 4.0:
3658ca4cd8a4c6e9821c418a5ce7b4b3
corporate/4.0/i586/libxorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
c98057d36ee6db65dd49bb540f2dfdb5
corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.10.20060mlcs4.i586.rpm

296d32cb0bb9a4361e5288cd0c136410
corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.10.20060mlcs4.i586.rpm

569c78c8b3842c72cfe361fb89d1989d
corporate/4.0/i586/X11R6-contrib-6.9.0-5.10.20060mlcs4.i586.rpm
438e53654ce1c11d5e28cce7d8316c34
corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm

6cd2047a430d3e10f68062e9e2ed7bc3
corporate/4.0/i586/xorg-x11-6.9.0-5.10.20060mlcs4.i586.rpm
61d98fd62be172adc372ef7f10e8d0f0
corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.i586.rpm

c46a82d37cb2377f9d232ee10fb837b4
corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.i586.rpm

e5be10030bae448b24998d65a2be9f6c
corporate/4.0/i586/xorg-x11-doc-6.9.0-5.10.20060mlcs4.i586.rpm
9122ac82818d37d54e096d128866c64f
corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.i586.rpm

1bfaa8464fefa7515a9abc6a4ff1da01
corporate/4.0/i586/xorg-x11-server-6.9.0-5.10.20060mlcs4.i586.rpm

4c274b747483a610e16677f019c150f6
corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.i586.rpm

6d1fe79343156bbd680b3d60941380b3
corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.i586.rpm
c7bdfd3abc0b711abe72e32ffa0b8e76
corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.i586.rpm
a62d0994768a936bbdef00a42a40e114
corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.i586.rpm

7e586568c538c87728f51cdee94ba050
corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.i586.rpm
a4a6aabeae772da093d771695d350dc0
corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.i586.rpm
eb0860600fe024f88c015f77976d61c4
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
95d2a9ad359eb51d2c8743a8f2d8cc21
corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm

91629018178a74304f232c38b29ea831
corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm

93465357b9ff908de20c7448d501c1fa
corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.10.20060mlcs4.x86_64.rpm

4fe4964642e28e972c34c759d1e726d1
corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.10.20060mlcs4.x86_64.rpm

461967ff7add4e31702460db4ee6e602
corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm

6f5fbabba03318860472c0ce5c0a65e4
corporate/4.0/x86_64/xorg-x11-6.9.0-5.10.20060mlcs4.x86_64.rpm
444fc50e3d9cccf09601026c7487d78e
corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm

20da8a1239bc532d7c45d32931360d7b
corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.10.20060mlcs4.x86_64.rpm

40af6535454c3ea73dc4f6473b9f24c0
corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.10.20060mlcs4.x86_64.rpm

2c7d093af7530397c8b935409080c25c
corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.10.20060mlcs4.x86_64.rpm

51b4f1d2ef0118a2ed84b430bc89242e
corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.10.20060mlcs4.x86_64.rpm

66721b5e94867256724faf443ae1e8a3
corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.10.20060mlcs4.x86_64.rpm

8e37a1b93e5ae3850d1259eea8aa3de3
corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.10.20060mlcs4.x86_64.rpm

d705258a79d0cb500560de0f3babe596
corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.10.20060mlcs4.x86_64.rpm

325bfc125311d543b8808133345afb00
corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.10.20060mlcs4.x86_64.rpm

ae37ee6f2b895664bfddb06798180907
corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.10.20060mlcs4.x86_64.rpm

897a5a32aa8e71cd3b644bc75e33f98a
corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.10.20060mlcs4.x86_64.rpm

eb0860600fe024f88c015f77976d61c4
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.10.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:229
http://www.mandriva.com/security/

Package : evince
Date : December 13, 2006
Affected: 2007.0

Problem Description:

Stack-based buffer overflow in ps.c for evince allows
user-assisted attackers to execute arbitrary code via a PostScript
(PS) file with certain headers that contain long comments, as
demonstrated using the DocumentMedia header.

Packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864

Updated Packages:

Mandriva Linux 2007.0:
9cac7456ee1b25c93bd73c430475baaf
2007.0/i586/evince-0.6.0-1.2mdv2007.0.i586.rpm
d8a6e0604fe5fff79909659bd2fa0136
2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5d231a5f65991fe2383cdfc907425b77
2007.0/x86_64/evince-0.6.0-1.2mdv2007.0.x86_64.rpm
d8a6e0604fe5fff79909659bd2fa0136
2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:230
http://www.mandriva.com/security/

Package : clamav
Date : December 13, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

The latest version of ClamAV, 0.88.7, fixes some bugs, including
vulnerabilities with handling base64-encoded MIME attachment files
that can lead to either a) a crash (CVE-2006-5874), or b) a bypass
of virus detection (CVE-2006-6406).

As well, a vulnerability was discovered that allows remote
attackers to cause a stack overflow and application crash by
wrapping many layers of multipart/mixed content around a document
(CVE-2006-6481).

The latest ClamAV is being provided to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5874

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6406

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481

Updated Packages:

Mandriva Linux 2006.0:
b62b980e893f31cb4a1868bf654111b1
2006.0/i586/clamav-0.88.7-0.1.20060mdk.i586.rpm
45224507b6eb7548d77d350e49b779bf
2006.0/i586/clamav-db-0.88.7-0.1.20060mdk.i586.rpm
2839e6db4e043c8c5f30242073fd463a
2006.0/i586/clamav-milter-0.88.7-0.1.20060mdk.i586.rpm
1efab3d20fc9a3ee591bca6cd911f432
2006.0/i586/clamd-0.88.7-0.1.20060mdk.i586.rpm
a02b321e3540dc8746568ceb89978d8a
2006.0/i586/libclamav1-0.88.7-0.1.20060mdk.i586.rpm
a2a63b58aa4799427b10b2ef3df0312a
2006.0/i586/libclamav1-devel-0.88.7-0.1.20060mdk.i586.rpm
d0eec42b243ddf7adf64cf64d1220381
2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c82c856996f6916e538ad1d8108f32ff
2006.0/x86_64/clamav-0.88.7-0.1.20060mdk.x86_64.rpm
c14d9d0ff168241afaed73f5835b1e76
2006.0/x86_64/clamav-db-0.88.7-0.1.20060mdk.x86_64.rpm
501ae197ee84e3a9b791bab78e27d744
2006.0/x86_64/clamav-milter-0.88.7-0.1.20060mdk.x86_64.rpm
795e8d155a0b93f3854c2a454f265cbd
2006.0/x86_64/clamd-0.88.7-0.1.20060mdk.x86_64.rpm
94d70db54cb3129082c5c30d294368d9
2006.0/x86_64/lib64clamav1-0.88.7-0.1.20060mdk.x86_64.rpm
d130298465adc84967cc4b2f00b7e3ba
2006.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mdk.x86_64.rpm
d0eec42b243ddf7adf64cf64d1220381
2006.0/SRPMS/clamav-0.88.7-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
96ed9d67bba561245f73cc69596c4d47
2007.0/i586/clamav-0.88.7-1.1mdv2007.0.i586.rpm
3b0d3b89b0507b6a8c65b675a0fbb67b
2007.0/i586/clamav-db-0.88.7-1.1mdv2007.0.i586.rpm
31a67792b8319f86c1a48d82c78c06a0
2007.0/i586/clamav-milter-0.88.7-1.1mdv2007.0.i586.rpm
3277aa7171b3e4d05d03d7ee7d1c0ed4
2007.0/i586/clamd-0.88.7-1.1mdv2007.0.i586.rpm
c25960475a4606bbd910a0200e4cf53f
2007.0/i586/libclamav1-0.88.7-1.1mdv2007.0.i586.rpm
265ac03db8213dd9bfca2723b300a763
2007.0/i586/libclamav1-devel-0.88.7-1.1mdv2007.0.i586.rpm
6a4400d492a1a960b8d92f00552d7d18
2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
88d6558eaedc651f5997a25a303079a5
2007.0/x86_64/clamav-0.88.7-1.1mdv2007.0.x86_64.rpm
78e4cd526a8622b6e12f84fa4ae3d6d0
2007.0/x86_64/clamav-db-0.88.7-1.1mdv2007.0.x86_64.rpm
61e1966f5630a939136957d82acbb4c6
2007.0/x86_64/clamav-milter-0.88.7-1.1mdv2007.0.x86_64.rpm
9d19aefac34f54e499c36733eca73111
2007.0/x86_64/clamd-0.88.7-1.1mdv2007.0.x86_64.rpm
bdf0b48ad7b2afb5aa17b57f42482cf8
2007.0/x86_64/lib64clamav1-0.88.7-1.1mdv2007.0.x86_64.rpm
2cd6d0d8d721cf027d0e2bcaebc34cbc
2007.0/x86_64/lib64clamav1-devel-0.88.7-1.1mdv2007.0.x86_64.rpm
6a4400d492a1a960b8d92f00552d7d18
2007.0/SRPMS/clamav-0.88.7-1.1mdv2007.0.src.rpm

Corporate 3.0:
feaa3bc3bf4a008ebe28be198d00fdf3
corporate/3.0/i586/clamav-0.88.7-0.1.C30mdk.i586.rpm
07d17cdbf4f6037211a6ccd8fa19dacb
corporate/3.0/i586/clamav-db-0.88.7-0.1.C30mdk.i586.rpm
86d5d1ba6a021918dfec382d363f1b6c
corporate/3.0/i586/clamav-milter-0.88.7-0.1.C30mdk.i586.rpm
cd6b3538836b38a4280bc87b8973622f
corporate/3.0/i586/clamd-0.88.7-0.1.C30mdk.i586.rpm
9267bc8bfe596439de8886223bad26e9
corporate/3.0/i586/libclamav1-0.88.7-0.1.C30mdk.i586.rpm
4682ad4e008c5ce93429034abe40d5d6
corporate/3.0/i586/libclamav1-devel-0.88.7-0.1.C30mdk.i586.rpm
98f8117362b50ca3e775894d45a5fcfb
corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
cfa59847b3868d67dac9c61ce07a310d
corporate/3.0/x86_64/clamav-0.88.7-0.1.C30mdk.x86_64.rpm
53d4c93840bb02b1092b2a8122e555e5
corporate/3.0/x86_64/clamav-db-0.88.7-0.1.C30mdk.x86_64.rpm
893ef35e464ef5e9b1f7bad7ce1b1842
corporate/3.0/x86_64/clamav-milter-0.88.7-0.1.C30mdk.x86_64.rpm
dfa01a642a5b00c298a6bd85a82d7a5d
corporate/3.0/x86_64/clamd-0.88.7-0.1.C30mdk.x86_64.rpm
0ee7a5c70a4f3d2e01e19a3abda229fb
corporate/3.0/x86_64/lib64clamav1-0.88.7-0.1.C30mdk.x86_64.rpm
7007fdd4b7c038c85947cda87c5262d3
corporate/3.0/x86_64/lib64clamav1-devel-0.88.7-0.1.C30mdk.x86_64.rpm

98f8117362b50ca3e775894d45a5fcfb
corporate/3.0/SRPMS/clamav-0.88.7-0.1.C30mdk.src.rpm

Corporate 4.0:
1fc7dc3770ca0a6aa16c6213d5d19fcc
corporate/4.0/i586/clamav-0.88.7-0.1.20060mlcs4.i586.rpm
aa5259c487956b9de144fe12710f3f1c
corporate/4.0/i586/clamav-db-0.88.7-0.1.20060mlcs4.i586.rpm
15fca428565d2dd9f2c169359826a95a
corporate/4.0/i586/clamav-milter-0.88.7-0.1.20060mlcs4.i586.rpm
6a2ad1ede1e2d686c6d894e8c8b1e441
corporate/4.0/i586/clamd-0.88.7-0.1.20060mlcs4.i586.rpm
87a1ad35fa480c91a769351bb9571698
corporate/4.0/i586/libclamav1-0.88.7-0.1.20060mlcs4.i586.rpm
1c3f598674665c6c399e7799103dc4b7
corporate/4.0/i586/libclamav1-devel-0.88.7-0.1.20060mlcs4.i586.rpm

bbbd149e943f327577eba98d7c5dce0a
corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5941452de407b4f4d0e5631d57cea1b8
corporate/4.0/x86_64/clamav-0.88.7-0.1.20060mlcs4.x86_64.rpm
86dca13c238afc9ccb7683542ad12b44
corporate/4.0/x86_64/clamav-db-0.88.7-0.1.20060mlcs4.x86_64.rpm
249703cc4d464ef85067b4659d0e6757
corporate/4.0/x86_64/clamav-milter-0.88.7-0.1.20060mlcs4.x86_64.rpm

bf8037a275cf6e28a1a1227b5a9e5777
corporate/4.0/x86_64/clamd-0.88.7-0.1.20060mlcs4.x86_64.rpm
7b507bda94614b3f4547415df052af0f
corporate/4.0/x86_64/lib64clamav1-0.88.7-0.1.20060mlcs4.x86_64.rpm

2778dd446bbd8b0e7f8e756bd8d8634f
corporate/4.0/x86_64/lib64clamav1-devel-0.88.7-0.1.20060mlcs4.x86_64.rpm

bbbd149e943f327577eba98d7c5dce0a
corporate/4.0/SRPMS/clamav-0.88.7-0.1.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

rPath Linux

rPath Security Advisory: 2006-0232-1
Published: 2006-12-14
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Indirect User Deterministic
Unauthorized Access
Updated Versions:
libgsf=/conary.rpath.com@rpl:devel//1/1.12.0-4.2-1
References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4514

https://issues.rpath.com/browse/RPL-857

Description: Previous versions of the libgsf package contain a flaw
in parsing OLE documents that could allow an attacker to crash
applications that use libgsf, and possibly to cause them to execute
arbitrary code, by presenting a user with an intentionally
malformed OLE document.

SUSE Linux

SUSE Security Announcement

Package: libgsf
Announcement ID: SUSE-SA:2006:076
Date: Thu, 14 Dec 2006 12:00:00 +0000
Affected Products: Novell Linux Desktop 9 Novell Linux POS 9 Open
Enterprise Server SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3
SuSE Linux Desktop 1.0 SUSE SLED 10 SUSE SLES 10 SUSE SLES 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-4514

Content of This Advisory:

Security Vulnerability Resolved: libgsf buffer overflow Problem
Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE
Security Summary Report.
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

The libgsf library is used by various GNOME programs to handle
for instance OLE2 data streams.

Specially crafted OLE documents enabled attackers to use a heap
buffer overflow for potentially executing code.

This issue is tracked by the Mitre CVE ID CVE-2006-4514.

2) Solution or Work-Around

There is no known workaround, please install the update
packages.

3) Special Instructions and Notes

Please close and restart applications using libgsf.

4) Package Location and Checksums

The preferred method for installing security updates is to use
the YaST Online Update (YOU) tool. YOU detects which updates are
required and automatically performs the necessary steps to verify
and install them. Alternatively, download the update packages for
your distribution manually and verify their integrity by the
methods listed in Section 6 of this announcement. Then install the
packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.

x86 Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libgsf-1.13.99-13.7.i586.rpm
91b1e160b88a4da68781ca4391a0aa7b

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libgsf-1.12.1-3.2.i586.rpm
6b4e5b5ed0e564769a0bb3d0e288b8be

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libgsf-1.11.1-4.2.i586.rpm
48555a9c645cae527bdc5315251d662f

Power PC Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libgsf-1.13.99-13.7.ppc.rpm
d8c05b0415c9e196c2d1a8cc42ac0402

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libgsf-1.12.1-3.2.ppc.rpm
24e8d5c92f635db2ef3049339ba1754b

x86-64 Platform:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libgsf-1.13.99-13.7.x86_64.rpm
6f8ebb0842088a321a15192480a5388d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libgsf-32bit-1.13.99-13.7.x86_64.rpm
bab0e91a620413c92e403bcfdd6d7147

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libgsf-1.12.1-3.2.x86_64.rpm
f9992beea6a3fe27204ebee475ba8234
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libgsf-32bit-1.12.1-3.2.x86_64.rpm
b1369a901898a1bfb9fd5ba643dd7291

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/libgsf-1.11.1-4.2.x86_64.rpm
02e536160da1597a38153d1643de00b4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/libgsf-32bit-9.3-7.1.x86_64.rpm
abb66f3f4f3b3cd34382612805878466

Sources:

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libgsf-1.13.99-13.7.src.rpm
0b386df6f643991c71d61dbf07d448fe

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/libgsf-1.12.1-3.2.src.rpm
455b6c354c40ac3157a158b8902238c2

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/libgsf-1.11.1-4.2.src.rpm
7b6bb054f79babd4893be99c331eab2f

Our maintenance customers are notified individually. The
packages are offered for installation from the maintenance web:

Open Enterprise Server

http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

Novell Linux POS 9

http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

Novell Linux Desktop 9

http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SuSE Linux Desktop 1.0

http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SUSE SLES 10

http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SUSE SLED 10

http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

SUSE SLES 9

http://support.novell.com/techcenter/psdb/8925f151052752a744fcfe7924249f34.html

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.

6) Authenticity Verification and Additional Information

Announcement authenticity verification:
SUSE security announcements are published via mailing lists and
on Web sites. The authenticity and integrity of a SUSE security
announcement is guaranteed by a cryptographic signature in each
announcement. All SUSE security announcements are published with a
valid signature.

To verify the signature of the announcement, save it as text
into a file and run the command

gpg –verify <file>

replacing <file> with the name of the file where you saved
the announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from “SuSE Security Team <security@suse.de>”

where <DATE> is replaced by the date the document was
signed.

If the security team’s key is not contained in your key ring,
you can import it from the first installation CD. To import the
key, use the command

gpg –import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers
all over the world. While this service is considered valuable and
important to the free and open source software community, the
authenticity and the integrity of a package needs to be verified to
ensure that it has not been tampered with.

There are two verification methods that can be used
independently from each other to prove the authenticity of a
downloaded file or RPM package:
1. Using the internal gpg signatures of the rpm package
2. MD5 checksums as provided in this announcement
1. The internal rpm package signatures provide an easy way to
  verify the authenticity of an RPM package. Use the command
  
  rpm -v –checksig <file.rpm>
  
  to verify the signature of the package, replacing
  <file.rpm> with the filename of the RPM package downloaded.
  The package is unmodified if it contains a valid signature from
  build@suse.de with the key ID
  9C800ACA. This key is automatically imported into the RPM database
  (on RPMv4-based distributions) and the gpg key ring of ‘root’
  during installation. You can also find it on the first installation
  CD and at the end of this announcement.
2. If you need an alternative means of verification, use the
  md5sum
  
  command to verify the authenticity of the packages. Execute the
  command
  
  md5sum <filename.rpm>
  
  after you downloaded the file from a SUSE FTP server or its
  mirrors. Then compare the resulting md5sum with the one that is
  listed in the SUSE security announcement. Because the announcement
  containing the checksums is cryptographically signed (by security@suse.de), the checksums show
  proof of the authenticity of the package if the signature of the
  announcement is valid. Note that the md5 sums published in the SUSE
  Security Announcements are valid for the respective packages only.
  Newer versions of these packages cannot be verified.
- SUSE runs two security mailing lists to which any interested
  party may subscribe:
  
  opensuse-security@opensuse.org
  - General Linux and SUSE security discussion.
    All SUSE security announcements are sent to this list. To
    subscribe, send an e-mail to
    
    <opensuse-security+subscribe@opensuse.org>.
    
    suse-security-announce@suse.com
  - SUSE’s announce-only mailing list.
    Only SUSE’s security announcements are sent to this list. To
    subscribe, send an e-mail to
    
    <suse-security-announce-subscribe@suse.com>.

SUSE’s security contact is <security@suse.com> or
<security@suse.de>.
The <security@suse.de>
public key is listed below.

The information in this advisory may be distributed or
reproduced, provided that the advisory is not modified in any way.
In particular, the clear text signature should show proof of the
authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind
whatsoever with respect to the information contained in this
security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

SUSE Security Announcement

Package: flash-player
Announcement ID: SUSE-SA:2006:077
Date: Thu, 14 Dec 2006 12:00:00 +0000
Affected Products: Novell Linux Desktop 9 openSUSE 10.2 SUSE LINUX
10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE SLED 10
Vulnerability Type: HTTP header splitting
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-5330

Content of This Advisory:

Security Vulnerability Resolved: flash-player HTTP request CRLF
injection problem Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE
Security Summary Report.
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

This security update brings the Adobe Flash Player to version
7.0.69. The update fixes the following security problem:

CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash
Player allows remote attackers to modify HTTP headers of client
requests and conduct HTTP Request Splitting attacks via CRLF
sequences in arguments to the ActionScript functions (1)
XML.addRequestHeader and (2) XML.contentType.

The flexibility of the attack varies depending on the type of
web browser being used.

2) Solution or Work-Around

There is no known workaround, please install the update
packages.

3) Special Instructions and Notes

Please close and restart all running instances of applications
currently running flash applets after the update.

4) Package Location and Checksums

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.

x86 Platform:

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/flash-player-7.0.69.0-1.1.i586.rpm
582b9df68410047288fdd679be14cc43

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/flash-player-7.0.69.0-1.2.i586.rpm
028b959cc57e8a158963722886961915

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/flash-player-7.0.69.0-1.1.i586.rpm
8a9ad6700dc9509ee4554d01c45c39cb

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/flash-player-7.0.69.0-1.1.i586.rpm
66b36fc7384c7bffdbe1a1e38d6b65b8

Sources:

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/flash-player-7.0.69.0-1.1.src.rpm
550f2dc5b50cd2d66ddf6c66cc2cf35a

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/flash-player-7.0.69.0-1.2.src.rpm
c684b5c2e4c4ad3bdd51ee50f59f2e36

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/flash-player-7.0.69.0-1.1.src.rpm
eb5174d91333353daaf183e7a26b70d0

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/flash-player-7.0.69.0-1.1.src.rpm
2f4ff5f9c0953790241512a76a13bdc8

Our maintenance customers are notified individually. The
packages are offered for installation from the maintenance web:

Novell Linux Desktop 9

http://support.novell.com/techcenter/psdb/e0b1939107e149b2e2c750dae6331938.html

SUSE SLED 10

http://support.novell.com/techcenter/psdb/e0b1939107e149b2e2c750dae6331938.html

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.

6) Authenticity Verification and Additional Information

Announcement authenticity verification:
SUSE security announcements are published via mailing lists and
on Web sites. The authenticity and integrity of a SUSE security
announcement is guaranteed by a cryptographic signature in each
announcement. All SUSE security announcements are published with a
valid signature.

To verify the signature of the announcement, save it as text
into a file and run the command

gpg –verify <file>

replacing <file> with the name of the file where you saved
the announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from “SuSE Security Team <security@suse.de>”

where <DATE> is replaced by the date the document was
signed.

If the security team’s key is not contained in your key ring,
you can import it from the first installation CD. To import the
key, use the command

gpg –import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers
all over the world. While this service is considered valuable and
important to the free and open source software community, the
authenticity and the integrity of a package needs to be verified to
ensure that it has not been tampered with.

There are two verification methods that can be used
independently from each other to prove the authenticity of a
downloaded file or RPM package:
1. Using the internal gpg signatures of the rpm package
2. MD5 checksums as provided in this announcement
1. The internal rpm package signatures provide an easy way to
  verify the authenticity of an RPM package. Use the command
  
  rpm -v –checksig <file.rpm>
  
  to verify the signature of the package, replacing
  <file.rpm> with the filename of the RPM package downloaded.
  The package is unmodified if it contains a valid signature from
  build@suse.de with the key ID
  9C800ACA. This key is automatically imported into the RPM database
  (on RPMv4-based distributions) and the gpg key ring of ‘root’
  during installation. You can also find it on the first installation
  CD and at the end of this announcement.
2. If you need an alternative means of verification, use the
  md5sum
  
  command to verify the authenticity of the packages. Execute the
  command
  
  md5sum <filename.rpm>
  
  after you downloaded the file from a SUSE FTP server or its
  mirrors. Then compare the resulting md5sum with the one that is
  listed in the SUSE security announcement. Because the announcement
  containing the checksums is cryptographically signed (by security@suse.de), the checksums show
  proof of the authenticity of the package if the signature of the
  announcement is valid. Note that the md5 sums published in the SUSE
  Security Announcements are valid for the respective packages only.
  Newer versions of these packages cannot be verified.
- SUSE runs two security mailing lists to which any interested
  party may subscribe:
  
  opensuse-security@opensuse.org
  - General Linux and SUSE security discussion.
    All SUSE security announcements are sent to this list. To
    subscribe, send an e-mail to
    
    <opensuse-security+subscribe@opensuse.org>.
    
    suse-security-announce@suse.com
  - SUSE’s announce-only mailing list.
    Only SUSE’s security announcements are sent to this list. To
    subscribe, send an e-mail to
    
    <suse-security-announce-subscribe@suse.com>.

SUSE’s security contact is <security@suse.com> or
<security@suse.de>.
The <security@suse.de>
public key is listed below.

SUSE Linux Products GmbH provides no warranties of any kind
whatsoever with respect to the information contained in this
security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Ubuntu

Ubuntu Security Notice USN-380-2 December 14, 2006
avahi regression
https://launchpad.net/bugs/72728

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
avahi-daemon 0.5.2-1ubuntu1.3

Ubuntu 6.06 LTS:
avahi-daemon 0.6.10-0ubuntu3.3

Ubuntu 6.10:
avahi-daemon 0.6.13-2ubuntu2.3

In general, a standard system upgrade is sufficient to effect
the necessary changes.

Details follow:

USN-380-1 fixed a vulnerability in Avahi. However, if used with
Network manager, that version occasionally failed to resolve .local
DNS names until Avahi got restarted. This update fixes the
problem.

We apologize for the inconvenience.

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi_0.5.2-1ubuntu1.3.diff.gz

Size/MD5: 5402
6988a88488201140d1941e18e9baf974
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi_0.5.2-1ubuntu1.3.dsc

Size/MD5: 1151
c3edfa425968e2fd8053f37d8e06387a
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi_0.5.2.orig.tar.gz

Size/MD5: 651504
dc7ce24ffaab251a2002bf1dfdbe256d

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-utils_0.5.2-1ubuntu1.3_all.deb

Size/MD5: 15784
32a0566e13d26c2ac618aee8d6310f43
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-cil_0.5.2-1ubuntu1.3_all.deb

Size/MD5: 20748
ce2a400aa9d37b33d234d35fbd0765f5
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/python2.4-avahi_0.5.2-1ubuntu1.3_all.deb

Size/MD5: 8964
56044882a59dbea82e50eb889ddab030