---

Advisories, February 5, 2006

Fedora Core


Fedora Update Notification
FEDORA-2006-133
2006-03-03


Product : Fedora Core 4
Name : squirrelmail
Version : 1.4.6
Release : 1.fc4
Summary : SquirrelMail webmail client

Description :
SquirrelMail is a standards-based webmail package written in PHP4.
It includes built-in pure PHP support for the IMAP and SMTP
protocols, and all pages render in pure HTML 4.0 (with no
Javascript) for maximum compatibility across browsers. It has very
few requirements and is very easy to configure and install.
SquirrelMail has all the functionality you would want from an email
client, including strong MIME support, address books, and folder
manipulation.


Update Information:

Upgrade to version upstream 1.4.6 which solves these issues in
addition to several bugs.

http://www.squirrelmail.org/changelog.php
More details here.

Additionally Fedora’s package contains fixes that may improve
usability of squirrelmail in various non-English languages. Please
report to Bug #162852 if this update causes any regressions in
non-English language behavior.


  • Wed Mar 1 2006 David Woodhouse <dwmw2@redhat.com> 1.4.6-1
    • Upgrade to 1.4.6 proper for CVE-2006-0377 CVE-2006-0195
      CVE-2006-0188
    • Script the charset changes instead of using a patch
    • Convert the ko_KR files to UTF-8, dropping invalid characters
      from what’s theoretically supposed to be EUC-KR in the
      original.
  • Tue Jan 17 2006 Warren Togami <wtogami@redhat.com>
    1.4.6-0.cvs20050812.3

    • do not remove mo files
    • require php-mbstring
  • Fri Dec 9 2005 Jesse Keating <jkeating@redhat.com>
    • rebuilt
  • Mon Sep 12 2005 David Woodhouse <dwmw2@redhat.com>
    1.4.6-0.cvs20050812.2

    • Convert all locales to UTF-8 instead of legacy character sets
      to work around bug #162852. Except for ko_KR, because iconv doesn’t
      believe its help files are actually in EUC-KR as claimed.

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

7fa03570698b636dcd976d0f3b6d3d51df171224
SRPMS/squirrelmail-1.4.6-1.fc4.src.rpm
9cb6adf3a5746a0187ca0f7db333884221ef7512
ppc/squirrelmail-1.4.6-1.fc4.noarch.rpm
9cb6adf3a5746a0187ca0f7db333884221ef7512
x86_64/squirrelmail-1.4.6-1.fc4.noarch.rpm
9cb6adf3a5746a0187ca0f7db333884221ef7512
i386/squirrelmail-1.4.6-1.fc4.noarch.rpm

This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200603-01


http://security.gentoo.org/


Severity: Normal
Title: WordPress: SQL injection vulnerability
Date: March 04, 2006
Bugs: #121661
ID: 200603-01


Synopsis

WordPress is vulnerable to an SQL injection vulnerability.

Background

WordPress is a PHP and MySQL based content management and
publishing system.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  www-apps/wordpress      <= 1.5.2                         >= 2.0.1

Description

Patrik Karlsson reported that WordPress 1.5.2 makes use of an
insufficiently filtered User Agent string in SQL queries related to
comments posting. This vulnerability was already fixed in the
2.0-series of WordPress.

Impact

An attacker could send a comment with a malicious User Agent
parameter, resulting in SQL injection and potentially in the
subversion of the WordPress database. This vulnerability wouldn’t
affect WordPress sites which do not allow comments or which require
that comments go through a moderator.

Workaround

Disable or moderate comments on your WordPress blogs.

Resolution

All WordPress users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.1"

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200603-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200603-02


http://security.gentoo.org/


Severity: Normal
Title: teTeX, pTeX, CSTeX: Multiple overflows in included XPdf
code
Date: March 04, 2006
Bugs: #115775
ID: 200603-02


Synopsis

CSTeTeX, pTeX, and teTeX include vulnerable XPdf code to handle
PDF files, making them vulnerable to the execution of arbitrary
code.

Background

teTex is a complete TeX distribution. It is used for creating
and manipulating LaTeX documents. CSTeX is a TeX distribution with
Czech and Slovak support. pTeX is and ASCII publishing TeX
distribution.

Affected packages


     Package           /  Vulnerable  /                     Unaffected


1 app-text/tetex < 2.0.2-r8 >= 2.0.2-r8 2 app-text/cstetex < 2.0.2-r2 >= 2.0.2-r2 3 app-text/ptex < 3.1.5-r1 >= 3.1.5-r1 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures.

Description

CSTeX, teTex, and pTeX include XPdf code to handle PDF files.
This XPdf code is vulnerable to several heap overflows (GLSA
200512-08) as well as several buffer and integer overflows
discovered by Chris Evans (CESA-2005-003).

Impact

An attacker could entice a user to open a specially crafted PDF
file with teTeX, pTeX or CSTeX, potentially resulting in the
execution of arbitrary code with the rights of the user running the
affected application.

Workaround

There is no known workaround at this time.

Resolution

All teTex users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/tetex-2.0.2-r8"

All CSTeX users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/cstetex-2.0.2-r2"

All pTeX users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/ptex-3.1.5-r1"

References

[ 1 ] CVE-2005-3193

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193

[ 2 ] GLSA 200512-08

http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml

[ 3 ] CESA-2005-003

http://scary.beasts.org/security/CESA-2005-003.txt

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200603-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200603-03


http://security.gentoo.org/


Severity: Normal
Title: MPlayer: Multiple integer overflows
Date: March 04, 2006
Bugs: #115760, #122029
ID: 200603-03


Synopsis

MPlayer is vulnerable to integer overflows in FFmpeg and ASF
decoding that could potentially result in the execution of
arbitrary code.

Background

MPlayer is a media player capable of handling multiple
multimedia file formats.

Affected packages


     Package              /    Vulnerable    /              Unaffected

  1  media-video/mplayer     < 1.0.20060217            >= 1.0.20060217

Description

MPlayer makes use of the FFmpeg library, which is vulnerable to
a heap overflow in the avcodec_default_get_buffer() function
discovered by Simon Kilvington (see GLSA 200601-06). Furthermore,
AFI Security Research discovered two integer overflows in ASF file
format decoding, in the new_demux_packet() function from
libmpdemux/demuxer.h and the demux_asf_read_packet() function from
libmpdemux/demux_asf.c.

Impact

An attacker could craft a malicious media file which, when
opened using MPlayer, would lead to a heap-based buffer overflow.
This could result in the execution of arbitrary code with the
permissions of the user running MPlayer.

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060217"

References

[ 1 ] CVE-2005-4048

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048

[ 2 ] CVE-2006-0579

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0579

[ 3 ] GLSA 200601-06

http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200603-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis