---

Advisories, February 23, 2005

Debian GNU/Linux


Debian Security Advisory DSA 688-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
February 23rd, 2005 http://www.debian.org/security/faq


Package : squid
Vulnerability : mising input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0446

Upstream developers have discovered several problems in squid,
the Internet object cache, the popular WWW proxy cache. A remote
attacker can cause squid to crash via certain DNS responses.

For the stable distribution (woody) these problems have been
fixed in version 2.4.6-2woody7.

For the unstable distribution (sid) these problems have been
fixed in version 2.5.8-3.

We recommend that you upgrade your squid package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7.dsc

Size/MD5 checksum: 612 bc9dc33a502eb9e0b4293c9a0e2aef18

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7.diff.gz

Size/MD5 checksum: 236440 d1c8a57810656ee89295c82054824f8e

http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz

Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228

Alpha architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_alpha.deb

Size/MD5 checksum: 815502 5baa03bdbc5258c31a9c093fd567084c

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_alpha.deb

Size/MD5 checksum: 75622 5cfae27e8324a0ca0dfccb3dfbadcb1a

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_alpha.deb

Size/MD5 checksum: 60366 fde4ec72c5629fe0d7f38b873c27e620

ARM architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_arm.deb

Size/MD5 checksum: 726008 61adcf77023bbaa37db5e9161acf4050

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_arm.deb

Size/MD5 checksum: 73382 5f3e398939e6a277ea015f9f3235eff1

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_arm.deb

Size/MD5 checksum: 58704 ad58694d9fb083e67809a98f71187dad

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_i386.deb

Size/MD5 checksum: 684338 577c9a8008c5ede1a4f16ef8520ed4c7

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_i386.deb

Size/MD5 checksum: 73884 203f95f882aa4ea3ba68076fdcf94cfe

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_i386.deb

Size/MD5 checksum: 58396 28dc7b3ad6406d51bf932600b85ece0b

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_ia64.deb

Size/MD5 checksum: 953954 d79a494213f89d9c021273c55fa14490

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_ia64.deb

Size/MD5 checksum: 79476 b227a17db6a5f115d99598210ed5d5f3

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_ia64.deb

Size/MD5 checksum: 63034 23204a45be54339b31e04e9358e357c6

HP Precision architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_hppa.deb

Size/MD5 checksum: 779584 c37982b618205e53554cdbdedfed1729

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_hppa.deb

Size/MD5 checksum: 74828 d1f1807974aa091d258dda40f1a5e27a

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_hppa.deb

Size/MD5 checksum: 59842 38372550333e90fba53558ab8ed9eebc

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_m68k.deb

Size/MD5 checksum: 666248 649f02e2b065d64a7059c08b3aa38bfc

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_m68k.deb

Size/MD5 checksum: 72730 cbbc04070becff9dbf07f8816a33a13c

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_m68k.deb

Size/MD5 checksum: 57938 c0410320db936951124d49f799e77057

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_mips.deb

Size/MD5 checksum: 765390 4f877c9010ee2ef13ba96b7105e3e19a

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_mips.deb

Size/MD5 checksum: 74354 9b425951580d0d782cf0622003673fba

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_mips.deb

Size/MD5 checksum: 58992 dd15f0bd3279f7012024121d60ecaeed

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_mipsel.deb

Size/MD5 checksum: 765608 2e798cbf5b623b7c2bf06a13aebbefc0

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_mipsel.deb

Size/MD5 checksum: 74478 6b9d563241173ef6f9baa4a0c6d73a69

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_mipsel.deb

Size/MD5 checksum: 59102 833e1a5808ff69aa664fd055d713a03c

PowerPC architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_powerpc.deb

Size/MD5 checksum: 722756 32ce8c5e69389b970843ed0b82691894

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_powerpc.deb

Size/MD5 checksum: 73378 2661e53c7a134e96d8da81a3c3284bd1

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_powerpc.deb

Size/MD5 checksum: 58586 c8d689cd3c7c09b9d119ab2c502f7d39

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_s390.deb

Size/MD5 checksum: 712300 40f6212bc20c134923cf1048cfd5245b

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_s390.deb

Size/MD5 checksum: 73728 e696e11731b0ffe2a00d883bdc3d16cd

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_s390.deb

Size/MD5 checksum: 59156 653037fec730df2155e51aa4d2809ee3

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_sparc.deb

Size/MD5 checksum: 724706 3339a3b62ec6e672725c20f012759b4b

http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_sparc.deb

Size/MD5 checksum: 76012 cda6d662b54f46a831d8566f6f8f095b

http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_sparc.deb

Size/MD5 checksum: 61020 36640727d0e8c5e400de0c04630c961b

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 689-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
February 23rd, 2005 http://www.debian.org/security/faq


Package : libapache-mod-python
Vulnerability : missing input sanisiting
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0088

Graham Dumpleton discovered a flaw which can affect anyone using
the publisher handle of the Apache Software Foundation’s
mod_python. The publisher handle lets you publish objects inside
modules to make them callable via URL. The flaw allows a carefully
crafted URL to obtain extra information that should not be visible
(information leak).

For the stable distribution (woody) this problem has been fixed
in version 2.7.8-0.0woody5.

For the unstable distribution (sid) this problem has been fixed
in version 2.7.10-4 of libapache-mod-python and in version 3.1.3-3
of libapache2-mod-python.

We recommend that you upgrade your libapache-mod-python
package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.dsc

Size/MD5 checksum: 715 b0716ef2fca40600c41d77c45bcc4167

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.diff.gz

Size/MD5 checksum: 8261 69110f0e179d5b6f93542233ca6014c4

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8.orig.tar.gz

Size/MD5 checksum: 176639 4d5bee8317bfb45a3bb09f02b435e917

Alpha architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_alpha.deb

Size/MD5 checksum: 120410 64e141ce045b242ce8372b0a2b4be1d7

ARM architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_arm.deb

Size/MD5 checksum: 118242 d5738e2ae1a50394ad6964c6fc698652

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_i386.deb

Size/MD5 checksum: 117626 acc4d8975aff9f0df543ba7015781ac3

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_ia64.deb

Size/MD5 checksum: 131522 d7ad903ce69e71242e62ad37b7faa91a

HP Precision architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_hppa.deb

Size/MD5 checksum: 120182 6bce263b5cb8b4f4812c56483aa50e37

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_m68k.deb

Size/MD5 checksum: 118688 3bf883aeee5ad3918b8dc303269f4475

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mips.deb

Size/MD5 checksum: 117644 5221344e02f32234c1e889d6d66f6f5d

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mipsel.deb

Size/MD5 checksum: 117386 e3acec959d1bfbdfcc10a6faff7c83cf

PowerPC architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_powerpc.deb

Size/MD5 checksum: 118564 574476da068dc51a89d434506059483b

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_s390.deb

Size/MD5 checksum: 119368 a5bf1d308b8fd847af7c22a657316834

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_sparc.deb

Size/MD5 checksum: 118498 841af8c2e626a24c182cee27d7e71a24

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200502-29


http://security.gentoo.org/


Severity: Normal
Title: Cyrus IMAP Server: Multiple overflow vulnerabilities
Date: February 23, 2005
Bugs: #82404
ID: 200502-29


Synopsis

The Cyrus IMAP Server is affected by several overflow
vulnerabilities which could potentially lead to the remote
execution of arbitrary code.

Background

The Cyrus IMAP Server is an efficient, highly-scalable IMAP
e-mail server.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  net-mail/cyrus-imapd      < 2.2.12                      >= 2.2.12

Description

Possible single byte overflows have been found in the imapd
annotate extension and mailbox handling code. Furthermore stack
buffer overflows have been found in fetchnews, the backend and
imapd.

Impact

An attacker, who could be an authenticated user or an admin of a
peering news server, could exploit these vulnerabilities to execute
arbitrary code with the rights of the user running the Cyrus IMAP
Server.

Workaround

There is no known workaround at this time.

Resolution

All Cyrus IMAP Server users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-mail/cyrus-imapd-2.2.12"

References

[ 1 ] Cyrus IMAP Announcement


http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200502-29.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

LBA-Linux


LBA-Linux Security Advisory

Subject: Updated perl package for LBA-Linux R2
Advisory ID: LBASA-2005:3
Date: Thursday, February 24, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0155
The PerlIO implementation in Perl 5.8.0, when installed with setuid
support (sperl), allows local users to create arbitrary files via
the PERLIO_DEBUG variable.

CAN-2005-0156
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when
installed with setuid support (sperl), allows local users to
execute arbitrary code by setting the PERLIO_DEBUG variable and
executing a Perl script whose full pathname contains a long
directory tree.

CAN-2004-0452
Race condition in the rmtree function in the File::Path module in
Perl 5.6.1 and 5.8.4 sets read/write permissions for the world,
which allows local users to delete arbitrary files and directories,
and possibly read files and directories, via a symlink attack.

CAN-2004-0976
Trustix developers discovered several insecure uses of temporary
files in many modules which could allow a local attacker to
overwrite files via symlink attacks.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/perl-5.8.3-6.lba.3.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/perl-suidperl-5.8.3-6.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named perl to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated vim package for LBA-Linux R2
Advisory ID: LBASA-2005:2
Date: Thursday, February 24, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0069
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local
users to overwrite or create arbitrary files via a symlink attack
on temporary files.

CAN-2004-1138
VIM before 6.3 and gVim before 6.3 allow local users to execute
arbitrary commands via a file containing a crafted modeline that is
executed when the file is viewed using options such as (1) termcap,
(2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6)
backupext, (7) keymap, (8) patchmode, or (9) langmenu.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/vim-X11-6.2.294-1.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/vim-common-6.2.294-1.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/vim-enhanced-6.2.294-1.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/vim-minimal-6.2.294-1.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named vim to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0069

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated cpio package for LBA-Linux R2
Advisory ID: LBASA-2004:1
Date: Thursday, February 24, 2005
Product: LBA-Linux R2


Problem description:

CAN-1999-1572
A vulnerability in cpio was discovered where cpio would create
world writable files when used in -o/–create mode and giving an
output file (with -O). This would allow any user to modify the
created cpio archive.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/cpio-2.5-6.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named cpio to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572

Copyright(c) 2001-2004 SOT

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis